Crucible: open-source conformance testing framework for ML-KEM and ML-DSA

[Nadim Kobeissi]

Hi everyone,

We at Symbolic Software are today releasing Crucible, an open-source conformance testing framework for ML-KEM (FIPS 203) and ML-DSA (FIPS 204) implementations. Crucible encodes specific bug classes encountered in real cryptographic audits — missing inverse NTTs, dead bounds checks, incorrect rounding, timing leaks — as targeted, reusable test batteries that any implementation can be wired up to through a simple JSON line protocol over stdin/stdout.

The ML-KEM battery contains 78 tests across 6 categories (compression arithmetic, NTT correctness, coefficient bounds enforcement, decapsulation robustness, serialization, rejection sampling). The ML-DSA battery contains 51 tests across 6 categories (norm checks, arithmetic, signing internals, verification edge cases, serialization, constant-time behavior). Every test is tagged with the bug class it targets and the FIPS spec section it verifies.

We built harnesses for 15 implementations across Rust, Go, C, C++20, and Java and ran 1,296 test executions. The tested implementations include libcrux, mlkem-native, AWS-LC, Go stdlib crypto/mlkem, CIRCL, liboqs, wolfCrypt, Bouncy Castle, PQClean, pqcrypto, itzmeanjan/ml-kem, Trail of Bits ml-dsa, pq-crystals ref, and our own Kyber-K2SO.

The results are visible on our announcement blog post: https://symbolic.software/blog/2026-03-23-crucible/

Crucible is available at https://github.com/symbolicsoft/crucible and ships with harness templates for Rust, Go, and C. We welcome additional harnesses and new test contributions.

Thank you,

Nadim Kobeissi
Symbolic Software • https://symbolic.software