Information on previous events can be found on the Archive page.
News: The 2017 Underhanded Crypto Contest is under way! See the announcement.
The Underhanded Crypto Contest is a competition to write or modify crypto code that appears to be secure, but actually does something evil. For example:
- A password hashing library that always accepts the password “monkey.”
- A MAC algorithm that can be broken if you know some fixed secret key.
- Something that leaks the key through a reliable side channel, padding, IV, etc.
- A user interface that makes it easy to accidentally spread your secrets all over the Internet.
There are so many possibilities, and we’re sure some of them are pretty clever. So design a cryptosystem, implement one, or even modify an existing one, so that to an expert it looks secure, but actually isn’t. We’ll select the cleverest or most effective one as the winner, and there might even be prizes.
This contest follows in the footsteps of the Underhanded C Contest, the contest for C code that looks correct but isn’t. The Underhanded C contest was a great demonstration of how broken code can be made to look correct, and of how auditing code for security flaws — especially intentional ones — is very hard.
Crypto is such an important part of our daily lives that it deserves its own backdoor contest. This contest is primarily just for fun, but we will actually be able to learn from it. If we can understand how crypto is intentionally broken, then we’ll be able to build better ways to detect crypto that’s accidentally broken.
The results will also serve as further evidence that even when good primitives, like AES-256 and SHA-512, are used, the crypto can still be severely broken. This will help us all take vendors’ claims of “military grade encryption” with an even bigger grain of salt.
Want to support the contest (hosting, prizes, etc.)? You can donate using Bitcoin by sending to this address: