Accumulated test vectors shrink megabytes of crypto tests to a few hashes

April 6, 2026
aisecurityprivacybusiness
A set of COVID-19 test tubes in a rack, symbolizing medical research and diagnostics.
Photo by Riki Risnandar on Pexels

The idea

Filippo Valsorda has a simple, annoyingly elegant trick for a very old problem: how do you test huge swaths of crypto behavior without committing gigabytes of JSON into your repo? Why check in tens of megabytes of handcrafted or brute‑force vectors when you can check in three hashes? It has been reported that the technique — which gathers deterministic random inputs from an extendable‑output function like SHAKE128, accumulates outputs into a hash, and then checks only the final digest — reproduces large, reusable test corpora without the bloat.

How it works

The blog lays out a minimal recipe: instantiate one SHAKE128 as the randomness source and another as the accumulator; draw seeds and messages, run KeyGen/Encaps/Decaps for ML‑KEM, and write public keys, ciphertexts, and shared secrets into the accumulator. Repeat 10,000 times and compare the final 16‑byte digest — in Valsorda’s example it should match 8a518cc63da366322a8e7a818c7a0d63. It’s deterministic, portable across implementations, and compresses what would be a multi‑megabyte corpus into a single checked value.

At scale and in the wild

The payoff is practical: CI uses 100 iterations in quick presubmit checks, 10,000 by default for normal CI, and 1,000,000 when developing — which would otherwise require a gigabyte or more of committed vectors. The post documents accumulated tests for ML‑KEM, exhaustive low‑level ML‑DSA inputs, and a cSHAKE128 sweep that exercises length prefixes, chunking, and padding across many parameter combinations. Valsorda says he hadn’t seen this exact framing before — allegedly it’s been reinvented in pockets — and it has been reported that the ML‑KEM accumulated vectors are available on CCTV for anyone to reproduce.

Why it matters

This is one of those tiny engineering moves that punches above its weight: smaller repos, easier cross‑implementation checks, and a way to scale brute‑force testing without turning your source tree into a storage bucket. It also catches subtle regressions — sometimes you don’t need insight to find the bug; you just need enough random hits. Who doesn’t like getting coverage for the cost of a hash?

Sources: words.filippo.io, Lobsters