chris-wood
commented
2 years ago We could include test vectors with invalid request or response messages (maybe they deserialize to the identity element), or test cases where the proofs are corrupted or otherwise bogus. However, we can't come up with proofs for invalid inputs to the protocol (inputs that map to the identity element in the group).
It is important for implementers to test their work produces correct results, and I believe that it is also important that the implementations fail or return relevant errors when necessary.
Has the addition of test vectors for particular cases or failing conditions been envisioned? Do you plan in adding such vectors?
This would greatly support tests for other protocols that use (V)OPRF, such as OPAQUE.