Technical competition - win $15,000!
If practical quantum computers become a reality, the security of your private communications is at risk. With that in mind, we are launching a competition to design a client application offering secure voice communications using a post-quantum cryptographic algorithm. Submissions will be judged on security, performance and business potential.
The winning application will receive $15,000.
Further cash prizes are available for additional functionality and interoperability, with the potential of business partnerships or employment for exceptional submissions. The closing date for submissions is 1st September 2017. To register, please make sure you complete the Registration Form.
COMPETITION DETAILS & INSTRUCTIONS
The aim of this competition is to design a VoIP application that is secure against a quantum computer. Through this competition, we intend to develop new and pioneering business opportunities and partnerships in this area. The competition is open to individuals, as well as to groups or businesses of any size.
A scalable quantum computer has not yet been invented ; but interest in research is high and it is estimated that a workable quantum computer is possible, albeit unlikely, in 10-15 years. Should one be produced, existing public-key algorithms RSA, DH and ECDH , on which so many current communications depend, will no longer be secure. Those with long-term security needs are looking to use cutting edge algorithms to guard against this threat. These are known as post-quantum cryptographic algorithms  and are believed to offer security even if a viable quantum computer is invented.
The designed client applications should, at a minimum, implement a post-quantum algorithm to enable secure voice communications. The applications can be for any smartphone, tablet or desktop platform but credit will be given for multiplatform submissions. Judges may also take market penetration of a platform into consideration when awarding prizes.
For interoperability purposes, submitted applications must use a standard SIP server for signalling and media plane establishment, and SRTP for real-time media transmission. The client applications will first be tested using a public SIP server , before extensive testing in our lab on a private SIP server . Submissions are not expected to provide quantum security on the signalling, only the media.
The choice of post-quantum algorithm is left up to the designer. Wikipedia  gives a summary of key sizes for the main existing algorithms, this is included below. Of these, Ring-LWE, NTRU and SIDH are algorithms with reasonable public key sizes and as such we particularly recommend submissions considering these in order to meet the security and performance required. The Post-Quantum Cryptography conference  is a good source for further material.
|Algorithm||Public key size (in bits)||Private key size (in bits)|
Submissions will be judged on the following factors:
- Security. This includes communication and cyber security.
- Interoperability. This will take into account platform choices and portability, ease of use with different client applications and ease of implementation into other products. For example, it is preferred that the post-quantum cryptographic routines used are available in a separate library.
- Performance. This includes factors such as speed, reliability, bandwidth and media quality.
- Business Potential. This will take into account factors such as user experience, innovation, additional functionality (e.g. message, video, file transfer, conferencing, voicemail) and potential for use as a product.
To be considered submissions must include:
- Client application pre-built for each platform offered
- Source code and build files for each platform offered
- Documentation describing the design including security and instructions for use
- For individuals and groups: resume details of individuals
- For businesses: company overview and summary of key individuals
The closing date for submissions is 1st September 2017. To register, please make sure you complete the Registration Form above.
The Judges’ decision is final.
The winning submission will receive:
- + $2,000 for ease of integration/use with other products  (discretionary)
- + $1,000 if offered on two major platforms (out of iOS, Android, Windows, Mac)
- + $1,000 for each out of messaging and video functionality
- For businesses: consideration of a business partnership
- For individuals and groups: consideration of an employment offer for individuals
- Runners-up, awarded at judges’ discretion, will each receive $1,000.
TERMS & CONDITIONS
Feedback: We are unable to offer detailed feedback on submissions or engage in extensive discussion on submissions.
Intellectual Property Rights: IPR is retained by the participant(s). We will not undertake to use IPR for commercial advantage, except by subsequent agreement.
Privacy: We will publicise the competition, results, application names and basic functionality of submissions. Business and individual names will only be used with prior permission, with the exception of winners and any runners-up for whom publicity shall be a condition of accepting the prize.
 For example, sip2sip.info, sip.iptel.org
 For example, FreeSWITCH, FreePBX, OpenSIPS, Kamailio
 For example, cryptographic routines being easily accessible to developers of related products and/or support for communication with other client applications
If you cannot find the answer to your question in the FAQs below, please email firstname.lastname@example.org.
1. Can I submit an adaptation of an open-source product?
Yes, but this will have an effect on the business potential of your application and will be taken into account in the judging process. You must also ensure that you observe the terms of the license of the application.
2. If I’m using SRTP aren’t my communications already secure?
SRTP provides encryption, message authentication and integrity, but relies on both users sharing a master-key. SRTP does not define how this master-key is shared initially and as such relies on an external key management protocol. Various protocols, such as DTLS-SRTP and ZRTP, exist for this purpose. However, these key management protocols rely on public key encryption algorithms which will be insecure with development of a quantum computer.
3. Do I have to use one of the suggested algorithms for post-quantum security?
No, but these are currently the most mainstream approaches and as such are well-researched and respected.