Underhanded Crypto Contest 2014/2015 entries, with minor corrections.
Winning Entries:
Made it to Round 3:
Made it to Round 2:
- AleksanderEssex
- AlfonsoDeGregorio
- Anonymous
- DrGavekort/1
- DrGavekort/2
- GeorgeKadianakis
- JacobThompson
- Rogdham
- SimonNicolussi
Remainder of Submissions (Rejected in Round 1):
The contest was organized as follows:
Judges gave a simple yes/no for each submission. Submissions with majority (strictly greater than four) yes votes moved on to Round 2.
Judges scored each entry according to
- Originality - 10 points.
- Is the submission interesting, does it exhibit a novel technique for hiding bugs, etc.?
- Effectiveness - 10 points.
- How much damage does the submission cause (e.g. complete key recovery would rank higher than leaking a few bytes of plaintext).
- Difficulty of Detection - 10 points.
- How hard would it be for someone to spot the backdoor? Consider both experts (e.g. during a formal code audit), and non-experts (e.g. a non-crypto-expert maintainer merging a pull requests on GitHub).
- Judge's Discretion - 5 points.
- Room for the judges to give bonus points to truly exceptional submissions.
The average scores of all submissions were
- GaetanLeurent 26.11 (missing 1)
- JohnMeacham 23.52 (missing 1)
- SolarDesigner 22.62 (missing 5)
- RyanCastellucci 22.50 (missing 1)
- DrGavekort/1 21.80 (missing 1)
- AleksanderEssex 21.71 (missing 1)
- Anonymous 21.66 (missing 1)
- AlfonsoDeGregorio 21.59 (missing 1)
- SimonNicolussi 21.00 (missing 5)
- GeorgeKadianakis 20.50 (missing 1)
- DrGavenkort/2 20.00 (missing 20)
- Rogdham 18.68 (missing 1)
- JacobThompson 16.93 (missing 1)
The top-four scoring entries were brought into Round 3. The judges decided GaetanLeurent and JohnMeacham should be the winners, except in opposite order to their relative scores since JohnMeacham's submission has more practical implications.