The Underhanded Crypto Contest is a competition to discover and document the best ways to subtly subvert (“backdoor”) cryptography designs and code. We’re an annual competition, with each year bringing different challenges and new targets.
Why would we create a contest to produce intentionally broken cryptography? The answer is that if we learn how to break cryptography on purpose, then that knowledge will help us protect ourselves against cryptography that’s only broken by accident. In essence, the contest is a playground for security researchers to explore their creativity by inventing totally new kinds of bugs. Our hope is that as new technologies come into existence, common bug patterns will show up as contest entries before they ever happen in practice. Instead of retroactively learning from the mistakes real-world developers make, we might be able to predict and mitigate the mistakes before they happen – without putting anyone at risk.
We’re also a repository of evidence that “crypto is hard.” Just because a product claims “military grade encryption” and says it’s using AES and SHA256 doesn’t mean it’s secure. Even when secure primitives are employed, lots of things can go wrong. The submissions we get demonstrate this and help promote a healthy paranoia: first implementations are probably flawed, and without regular thoughtful review, those bugs can go unnoticed for a long time.
Hosting and support provided by Shackle Labs.
Our sponsors are the ones who send our winners awesome prizes. In our opinion, sponsoring the contest shows that you value innovative security research and sends a strong signal to our audience of crypto-savvy techies that your company is a great place to work (and of course we only accept sponsorship if we really believe that ourselves). If you’re interested in helping out by sponsoring a prize, shoot us an email at [email protected].
If you would like to help us pay the other costs associated with the contest (hosting fees, gifts for our judges, etc.), you can donate Bitcoin to the following address: