Wycheproof randomized signing vectors are not covered

[fegge]

The Wycheproof client pins C2SP/Wycheproof to commit
4f5e05f71e6b724c20e2c1b6934c7bd7ef6d89e7, which predates the upstream
randomized ML-DSA signing vectors merged on June 6, 2026. The newer vectors add
valid signing cases with a nonzero rnd field, but the local client never
passes that field to the C driver.

The C driver hard-codes signing randomness to all zeroes in the deterministic
seed and no-seed signing paths. As a result, forcing a current randomized vector
through the client produces a signature mismatch. The default run_wycheproof
target therefore reports success without covering the current randomized signing
cases.

The proof of concept downloads the pinned current Wycheproof vector file
mldsa_44_sign_seed_test.json from commit
6d7cccd0fcb1917368579adeeac10fe802f1b521, confirms that it contains a
Randomized valid test case with nonzero rnd, builds the real
wycheproof_mldsa44 driver, and runs the real client against that vector. The
client fails on tcId=90 because the generated signature uses zero randomness
instead of the vector's rnd value.

Run:

bash ptp/pocs/poc-wycheproof-randomized-signing-vectors-uncovered.sh

Observed output:

randomized_tc=90
randomized_rnd_prefix=60879ebd4f33a5d8
randomized_result=valid
client_rc=1
signature_mismatch_tc90=1
VULNERABLE: Wycheproof randomized signing vector is not supported by the client