All Underhanded Crypto Entries

Two weeks ago we announced the Underhanded Crypto Contest winners. Today, we are releasing all of the submissions.


  1. John Meacham
  2. Gaëtan Leurent

Round 3:

Round 2:

Round 1:

An archive with all of the submissions can be downloaded here.

After the contest was over, we let the contestants make minor changes to their entries. If you want to see exactly what the judges saw, except for the removal of email headers and one entry that has been anonymized, the archive is here.

We’d like to thank our judges and sponsors once again, as without them, none of these entries would have ever been created.

NCC Group LogoLeast Authority

Announcing the Underhanded Champs!


Before we get into the details of the winning entries, we’d like to thank our fantastic team of judges:

Without the hours they spent pouring over submissions, testing, debating, and reviewing every detail, this would never have been possible.

John Meacham – tinyaesctr

tinyaesctr – A portable, minimal rfc3686 compliant implementation of AES encryption in CTR mode.

This implementation is specifically designed for resource constrained devices, It makes use of static memory buffers and minimal use of pointers to better fit the CPUs used in embedded systems.

Download (make sure you look at exploit/README.txt for all the details)

Gaëtan Leurent – Backdoored Implementation of Stern’s Zero-Knowledge Identification Protocol

Stern described a code-based zero-knowledge identification scheme in 1993, which became the basis of several improved variants. It is quite attractive because it is provably secure, but only uses simple operations (matrix multiplications and bit permutations).

In this work, we add a backdoor to a proof-of-concept implementation from Cayrel et al., with a subtle implementation flaw. The new version still accepts all legitimate provers, and reject almost all illegitimate ones. However, an adversary knowing that the flaw is present can fool the authentication. A similar backdoor can be planted in virtually any implementation of the scheme, and in most later variants.


We will be publishing the remaining entries soon.

The winners will be getting their pick of prizes, provided by our sponsors:

NCC Group LogoLeast Authority