Introduction

MPC software frameworks, such as FRESCO, play a key role to advance adoption of multi-party computation. To contribute to the necessary security and trust, the SODA project organizes a security bug hunt challenge in collaboration with the FRESCO team. This serves the goal to further mature the framework and use in production environments.

Challenge

You are invited to participate in our SODA challenge: find software bugs that negatively affect MPC security within the FRESCO framework.

Bugs may be implementation or configuration errors that enable or leverage for example:

• information leakage
• corruption of the computation
• networking- and protocol-related errors
• timing attacks
• etc.

In scope is the FRESCO Github master branch. Of particular interest are features recently added to the framework and logical errors in protocol implementations. Demo apps and (unit) tests are excluded from the challenge, but we happily accept regular bug reports for them. The demo apps may provide a good start to become familiar with the framework.

The challenge will be open from 15 February 2019 until 15 September 2019.

To know more details on the rules and rewards, visit the official challenge page: https://www.soda-project.eu/challenge//