Google's Project Wycheproof Checks Cryptographic Security

Google Logo AH 4

Often, software deals with sensitive and private information; which best explains why there is a need for top level encryption to act as support in protecting this information from attacks. But because there are new cyber security threats that are found daily, the software require constant patching. Thankfully, Google released a new set of security tests to help strengthen the protection on software libraries.

As announced earlier, Google released the Project Wycheproof, which was named after the smallest mountain in the world, Mount Wycheproof. According to their announcement, the project will enable software engineers to locate any bugs when they test their software libraries. To date, the project has over 80 test cases that have already been identified. While some of these have already been fixed, others are still being patched. Google has enlisted the security bugs they have identified, although some of these are already being attended to by their vendors.

The project includes tests that work with several of the popular crypto algorithms, such as AES-EAX, DSA, AES-GCM, DH DHIES, ECDSA, ECIES, ECDH, and RSA. Google says that their tests under the project are able to determine whenever a software library is vulnerable to invalid curve attacks, biased nonces in digital signature schemes, the different Bleichenbacher’s attacks, and many more.


With the help of the project, both developers and users no longer have to go through hundreds of academic papers surrounding these attacks. They can easily check their libraries for any vulnerability against the popularly known attacks, even without the expertise of a cryptographer. Since little mistakes in cryptography may already result in dangerous consequences, Google has made Project Wycheproof behind this concept.

When it announced the project, Google reiterated that even though a software library goes through the tests, it does not guarantee that it is 100% secure. With the potential discovery for new vulnerabilities each day, it only means that the project will continue to expand. Along with this, Google is accepting interested individuals to be a part of the project as contributors. You can learn more about how to be a contributor by visiting the website. Project Wycheproof is free on GitHub.