Cryptle Hack Challenge

Cryptle Hack Challenge
Art work by Outreachy applicant Silvana Alves

The Enarx project announced the Cryptle Hack Challenge at Wasm Day / KubeCon + CloudNativeCon Europe 2022. The goal of the Cryptle Hack Challenge is to uncover vulnerabilities in the Enarx project.

Cryptle is a secure multi-player clone of Wordle, the popular web-based game where a single player has to guess a five-letter word in six attempts. Cryptle provides three ways for players to engage with the game: 1) guessing the secret word selected by the application (just like Wordle); 2) guessing the secret words from other players through a web interface (a multi-player mode); and 3) guessing the secret words while running an application with root privileges on the same server hosting the Cryptle application with Enarx. The latter one is the Cryptle Hack Challenge.

Cryptle demonstrates Confidential Computing as it's deployed to an Enarx Keep (a specific Trusted Execution Environment instance), so the application itself and the secret words sent by players are encrypted with a secret key by the host CPU in such a way that these pages are not accessible to the operating system or any other software, even running at the highest privilege level. The words are only revealed to the players when there’s a match between the secret words.

The Hack Challenge is open to the general community, including academics, security researchers, and ethical hackers. Prizes will be awarded to players who have successfully “hacked” Enarx within the scope of the Hack Challenge and will vary according to the vulnerability found.

Full details are available at:

https://enarx.dev/cryptle