November 1, 2025

Rubber duck goes cyborg

Article URL →HN comments →

Claude Code Can Debug Low-Level Cryptography

AI sidekick fixes a “quantum-safe” bug, commenters go feral

TLDR: A developer’s new “quantum-safe” code failed until Claude Code instantly found a double-counting bug. Comments split between cheering AI agents as tireless bug-hunters, warning about sabotage and trust, and wiring auto-debug workflows with Git hooks or free command‑line tools.

A developer built a fresh, “quantum-safe” signing tool (think: digital signatures designed to survive future super-powerful computers) and hit a wall—every test said the signatures were wrong. Enter the AI sidekick: Claude Code skimmed the project and pinpointed the culprit in minutes—he was double-counting a crucial piece during verification. The dev refactored and boom: tests green, weekend saved.

Cue the comments cage match. The “chat is trash” crew showed up swinging: qsort slammed chatbot interfaces and begged for a constantly-running agent that just pings when tests fail. Meanwhile, delaminator dropped a hacker’s recipe: wire up Git hooks so an AI auto-investigates every failed test. On the hype side, simonw flexed: “three one-shot debugging hits” and argued you don’t need to “trust” AI—just let it point, then you fix.

Then the spice: gdevenyi tossed a grenade—imagine adversarial training that teaches models to make crypto mistakes—sparking a mini panic about over-reliance. And Frannky brought receipts for the frugal crowd: skip pricey tools and go all-in on free CLI setups with open models and cheap APIs. The vibe? Half “AI intern who never sleeps,” half “don’t let the intern touch the locks.”

Key Points

  • A Go implementation of NIST’s ML-DSA had verification failures despite matching test vectors.
  • Using Claude Code (v2.0.28 with Opus 4.1), the author found a bug: high bits of w1 were applied twice in Verify due to a combined HighBits/w1Encode function reused incorrectly.
  • Claude Code loaded the code, hypothesized the issue without tool use, wrote a confirming test, proposed a fix, and confirmed tests passed.
  • The author refactored w1Encode to accept high bits directly and adjusted their type, improving clarity and avoiding extra Montgomery conversions.
  • Earlier signing issues included wrong Montgomery-domain constants (1 and -1) and a 32-bit vs 32-byte encoding error in the signature.

Hottest takes

“chat is such a garbage modality” — qsort
“there is no need to trust the LLM… just tell me where the bug is” — simonw
“adversarial attacks on LLM training to ensure cryptographic mistakes” — gdevenyi

Save News

Made with <3 by @siedrix and @shesho from CDMX. Powered by Forge&Hive.