The Underhanded Crypto contest was inspired by the famous Underhanded C Contest, which is a contest for producing C programs that look correct, yet are flawed in some subtle way that makes them behave inappropriately. This is a great model for demonstrating how hard code review is, and how easy it is to slip in a backdoor even when smart people are paying attention.

We’d like to do the same for cryptography. We want to see if you can design a cryptosystem that looks secure to experts, yet is backdoored or vulnerable in a subtle barely-noticable way. Can you design an encrypted chat protocol that looks secure to everyone who reviews it, but in reality lets anyone who knows some fixed key decrypt the messages?

We’re also interested in clever ways to weaken existing crypto programs. Can you make a change to the OpenSSL library that looks like you’re improving the random number generator, but actually breaks it and makes it produce predictable output?

If either of those things sound interesting, then this is the contest for you..

No comments:

Post a Comment