ChatGPT's Potential in Cryptography Misuse Detection: A Comparative Analysis with Static Analysis Tools
This addresses the issue of inconsistent and inaccessible cryptography misuse detection for mainstream developers, though it is incremental as it applies an existing AI model to a known domain.
The study tackled the problem of detecting cryptography API misuse by developers, finding that ChatGPT, especially with prompt engineering, can outperform leading static analysis tools on the CryptoAPI-Bench benchmark.
The correct adoption of cryptography APIs is challenging for mainstream developers, often resulting in widespread API misuse. Meanwhile, cryptography misuse detectors have demonstrated inconsistent performance and remain largely inaccessible to most developers. We investigated the extent to which ChatGPT can detect cryptography misuses and compared its performance with that of the state-of-the-art static analysis tools. Our investigation, mainly based on the CryptoAPI-Bench benchmark, demonstrated that ChatGPT is effective in identifying cryptography API misuses, and with the use of prompt engineering, it can even outperform leading static cryptography misuse detectors.