The Underhanded Crypto contest was inspired by the famous Underhanded C Contest, which is a contest for producing C programs that look correct, yet are flawed in some subtle way that makes them behave inappropriately. This is a great model for demonstrating how hard code review is, and how easy it is to slip in a backdoor even when smart people are paying attention.
The Underhanded Crypto Contest is the same but for cryptography. We welcome backdoors in implementations of cryptography (in any language) as well as backdoors at the design level so that any implementation of the design would contain a weakness.
This year, we are once again accepting all kinds of submissions, as long as they have something to do with cryptography. Your entry can take the form of a patch to the code of an existing cryptography project, a description of the way you could modify an existing design to add a backdoor, your own design for an entirely new cryptosystem, or anything you’d like. Of course, entries that come with a proof of concept implementation or are very well explained are most likely to be rated highly by our judges.
To help you out, here’s are a couple of categories we’d like to see submissions for this year.
- Backdooring messaging systems. With a rash of unintentional bugs with the handling of S/MIME and OpenPGP based messaging, we’d like to see how contents of secured messaging systems can be leaked intentionally. While S/MIME and OpenPGP are good targets, don’t forget about Signal, Wire, and other messaging applications. Message leaking can be public (where anyone can read them), or using techniques to ensure that only the attacker and legitimate recipients can see the message.
Deceptive APIs. A lot of design work in modern cryptography goes into making crypto library APIs easy to use, or more importantly hard to misuse. To do that, we need to better understand why some APIs are more susceptible to being used incorrectly. So, here’s a challenge: Design a crypto library API that looks like something developers would want to use, but that would probably end up being used wrong (in an insecure way) in practice.
You are not required to to work within these categories, and entries in these categories will not automatically be ranked any higher than unrelated entries.
To submit an entry to the contest, simply email it to [email protected]. We’re accepting submissions from now up until midnight July 15th, 2018.
To make the process easier for our volunteer judges, we ask that you put your submission in the following format. Please send your entry as a compressed folder (.tar.gz, .tar.bz2, .zip, .7z, etc.) with the following structure:
README-JUDGES.txt– An explanation of your submission for the judges to read. This must explain what all the files in the
AUTHORS.txt– The list of people who worked on your entry. See the template below.
LICENSE.txt– The open source license your submission is released under (CC0, GPL, MIT, BSD, etc.)
submission/– A directory containing the technical contents (code, etc.) of your submission.
blogpost/– This is totally optional, but if you’d like us to post your explanation of our entry on our blog, you can include a “blog post style” explanation here. Please write your blog post in either plain text or markdown. You can include some images too if they’ll help explain your entry. We can’t guarantee that we’ll publish it, but if it’s well-written and explains something neat, there’s a high chance we will!
README-JUDGES.txt must explain what the stuff in the
submission/ directory is, and must completely reveal the weakness in your entry (don’t try to make the judges find your backdoor!). In this file, explain to the judges what your entry does, why it’s hard to detect, and why it is a valuable entry that deserves to win. Keep it succinct please, our judges are volunteering their time!
The AUTHORS.txt file should contain the following contents for each member of your team (or just yourself if you’re working alone). The authors will be listed on the website in the same order you place them in this file, so it is up to you if you want to put them in order by contribution or alphabetical.
Which author is the primary contact for your team (required if you have multiple authors)? Author #1 ========= Which email address should we use to contact you? (required) What name / pseudonym would you like us to use for you on our website (required)? Is there a website you'd like us to link to on our website when we mention your name (optional)? What's your Twitter handle (optional)? Author #2 ========= ... repeat the questions for each author ...
Plagiarism is strictly forbidden. You are encouraged to build on previous work, but if you fail to cite it or don’t explain how your work is different from what came before, your submission will be rejected.
First Prize: $1,500
The Zcash Foundation will give the first place winner $1,500 USD, payable in ZEC.
Second Prize: $750
The second-place prize of $750 USD is being provided by NCC Group Cryptography Services.
Please see Eligibility for details, and important tax information about prizes.
Judging is done at our discretion. The judges will be volunteers (usually cryptography/infosec experts) who are independent from the contest organizers, and they will be free to judge the entries in a fair way that’s compatible with the amount of time they are willing to devote to the contest.
Announcing the Winners
We’ll announce the winners around the same time as DEF CON 26 (early August).
The contest organizers and judges are not eligible to participate in the contest. Prizes may not be available should the winner(s) live in a country subject to embargo by the United States or Canada, or due to other legal restrictions. In the event that prizes can not be awarded due to legal restrictions, the contest organizers will make a good faith effort to resolve the situation within the applicable laws; if it is determined that the situation is not reasonably resolvable, the prizes will be donated to an appropriate charity.
Winners may be required to complete tax forms with prize sponsors, as required by law. When prize sponsors are informed of the winners, they will contact the winners to arrange payment and any documentation required.
If a winner does not wish to provide the identifying information necessary to deliver any prize(s) they have won, the prize(s) will be donated to an appropriate charity.