
=== Adversarial Protocol & FFI Hostile-Caller Tests ===
  [A.1] MuSig2: nonce reuse detection
  [A.2] MuSig2: partial sig cross-session replay
  [A.3] MuSig2: hostile null/junk arguments
  [A.4] MuSig2: rogue-key / malformed participant
  [A.5] MuSig2: transcript / keyagg mutation
  [A.6] MuSig2: signer ordering mismatch
  [A.7] MuSig2: malicious aggregator (tampered aggnonce)
  [A.8] MuSig2: abort/restart session lifecycle
  [B.1] FROST: below-threshold signing
  [B.2] FROST: malformed nonce commitment
  [B.3] FROST: hostile null arguments
  [B.4] FROST: malicious coordinator (inconsistent commits)
  [B.5] FROST: duplicate nonce commitments
  [B.6] FROST: participant identity mismatch
  [C.1] Silent Payments: multiple output indices
  [C.2] Silent Payments: invalid scan/spend keys
  [C.3] Silent Payments: duplicate sender input keys
  [C.4] Silent Payments: hostile null arguments
  [D.1] ECDSA adaptor: sign -> verify -> adapt -> extract
  [D.2] ECDSA adaptor: invalid adaptor point
  [D.3] ECDSA adaptor: verify with wrong adaptor point
  [D.4] ECDSA adaptor: hostile null arguments
  [D.5] ECDSA adaptor: transcript mismatch (sign msg1, verify msg2)
  [D.6] ECDSA adaptor: extraction from unrelated sig
  [E.1] Schnorr adaptor: invalid adaptor point
  [E.2] Schnorr adaptor: verify with wrong adaptor point
  [E.3] Schnorr adaptor: adapt with wrong secret
  [E.4] DLEQ: malformed proof must be rejected
  [E.5] DLEQ: wrong generator pairs must fail verification
  [F.1] BIP-32: invalid path strings
  [F.2] BIP-32: invalid seed lengths
  [F.3] BIP-32: hostile null arguments
  [G.1] FFI hostile: hashing functions
  [G.2] FFI hostile: address functions
  [G.3] FFI hostile: Pedersen commitments
  [G.4] FFI hostile: ZK proofs
  [G.5] FFI hostile: multi-scalar multiplication
  [G.6] FFI hostile: taproot functions
  [G.7] FFI hostile: pubkey arithmetic
  [G.8] FFI hostile: Bitcoin message signing
  [G.9] FFI hostile: batch verification
  [G.10] FFI hostile: ECDH
  [G.11] FFI hostile: WIF encode/decode
  [G.12] FFI hostile: BIP-39
  [G.13] FFI hostile: secret key operations
  [G.14] FFI hostile: ECDSA edge cases
  [G.15] FFI hostile: Schnorr edge cases
  [G.16] FFI hostile: multi-coin wallet
  [G.18] FFI hostile: undersized output buffers
  [G.19] FFI hostile: overlapping/aliased buffers
  [G.20] FFI hostile: malformed array counts
  [G.17] FFI hostile: Ethereum functions

--- Adversarial Summary: 195 passed, 0 failed ---

