The Underhanded Crypto Contest is back, and we can’t wait to see all the nifty tricks you’ll come up with to put backdoors into cryptography. Last year we wanted to see backdoors that exclusively related to cryptocurrencies, and we didn’t get much of a response. So, this year, we’re open to any kind of crypto backdoor that you can think of.
To give you all a head start, here are a couple of ideas:
- Backdooring random number generators. Suprisingly, we’ve only ever had one submission for a backdoored random number generator, back in 2014 by Solar Designer. Random number generators are important to almost every aspect of cryptography, so they’re a great thing to backdoor. And it’s hard to tell when a number is random and when it isn’t, so there’s lots of room to add an undetectable backdoor.
Deceptive APIs. A lot of design work in modern cryptography goes into making crypto library APIs easy to use, or more importantly hard to misuse. To do that, we need to better understand why some APIs are more susceptible to being used incorrectly. So, here’s a challenge: Design a crypto library API that looks like something developers would want to use, but that would probably end up being used wrong (in an insecure way) in practice.
You definitely don’t have to pick one of these ideas for your own entry, but we’re really curious to see just how far these ideas can be taken.
If you’d like to participate, have a read over the contest rules, and then sign up for our (very low traffic, zero spam) participant mailing list so that we can
send you updates.
Also, if you’re interested in being a volunteer judge for this year’s contest or would like to show that your company supports cryptography research by sponsoring one of the prizes, please get in touch at [email protected].
The deadline is going to be July 1st this year. That’s only a few months away, so the time to start working on your entry is now!