Overview
What this challenge is about.
Read the 22-page protocol spec, the Go reference implementation (around 4,000 lines), and the test vectors. Run a structured review covering: primitive choices (which cipher, MAC, KDF), nonce/IV handling, key-derivation construction, replay resistance, downgrade resistance, and side-channel exposure. Compare against equivalent standardized constructions (TLS 1.3 record layer + HKDF-based key schedule). Identify and rank findings (Critical / High / Medium / Low). For each Critical/High, propose either a concrete fix or a standardized replacement. Deliver a 16-page audit report, a findings spreadsheet, and a 20-minute board-readout deck.
The Brief
What you'll do, and what you'll demonstrate.
Audit a custom cryptographic settlement protocol for a regulated crypto exchange and produce a CISO-grade report with ranked findings and concrete fixes.
Earning criteria — what you'll demonstrate
- Run a structured cryptographic protocol audit end-to-end
- Compare custom constructions to standardized equivalents (TLS, NIST KDFs)
- Rank findings using CVSS-style severity scoring
- Communicate cryptographic risk to a non-technical board
Program Fit
Where this fits in your program.
Sharpens the same skills your degree expects you to demonstrate.
Skills
Skills you'll demonstrate.
Each one shows up on your verified credential.
Careers
Roles this prepares you for.
Real titles. Real skill bridges. Pick the one closest to your trajectory.
Career mappings coming soon.