HACK@ches 2021

September 12–15, 202 Virtual Event



Modern computer systems are becoming increasingly faster and interconnected with each generation. Given the increased demand for security and privacy, various security mechanisms, cryptographic algorithms, and protocols are now being directly implemented in hardware. Thus, computing platforms are growing in complexity and capability, with a growing number of security vulnerabilities being an unintended by-product. Although the semiconductor industry employs a combination of verification techniques to ensure the security of System-on-Chip (SoC) designs, a growing number of increasingly sophisticated attacks are starting to exploit cross-layer security-critical hardware vulnerabilities. These attacks leverage subtle interactions between hardware and software, as recently demonstrated through a series of real-world exploits that affected all major hardware vendors.

HACK@CHES’21 is the CHES-sequel of the world’s largest hardware security competition HACK@Event franchise. Since 2018, HACK@Event has been conducted on top-notch conferences such as Design Automation Conference (DAC) and USENIX Security with enormous success.  HACK@CHES’21 competition concerns the identification and exploitation of hardware vulnerabilities, including cryptographic hardware. Particularly, it will focus on incorrect usage of cryptographic primitives; unspecified behaviors; and incorrect assumptions, specifications, and implementations. We will provide a vulnerable SoC emulation to the competing teams. The competition will be held in two stages—Selection and Final—both online. The selection round will help screen the participants and will happen over two months. The top-performing teams will proceed to the final round, which will happen over 48 hours during the CHES conference.


  • April 5, 2021: Registration starts
  • June 7, 2021: Phase I starts
  • August 16, 2021: Phase I ends and final submissions are due
  • August 23, 2021: Phase II finalists are announced
  • September 9-11, 2021: Phase II live at CHES


In phase I, participating teams will be provided with a “buggy” SoC, including a diverse set of bugs akin to real-world Common Vulnerabilities and Exposures. The participants are required to identify and exploit as many security vulnerabilities as possible. The detailed specification, the required security properties, and the threat model will be also provided. To minimize the barrier of entry for teams, the participants are free to use any tools and techniques needed.

In phase II, the teams will be provided an SoC including a new set of bugs. The finalists will compete in a live capture-the-flag competition. They will need to apply their techniques and developed tools to detect and exploit as many vulnerabilities in a limited time-frame.

Bugs and exploits submitted will be evaluated live and winners will be announced in ches conference.

cash prizes:
1000$ to the first team,
650$ to the second, and
350$ to the third.


Each team must meet all of the below eligibility requirements:

  • A team member can be a student or a working professional.
  • A team can consist of up to 4 members excluding the adviser.
  • A team member cannot be associated with multiple teams.
  • Due to conflict of interest, individuals associated with Texas A&M University and TU Darmstadt are not allowed to participate.
  • A team can include members with different affiliations.

There are two team categories: teams composed of only students, and teams composed of one or more industry-affiliated members. Both categories will solve the same problem, but they will be evaluated against teams of the same category.
No entry fee is required to participate in the competition.
The organizers reserve the right to disqualify entries at their discretion.

THe registration is open

should you have any questions, feel free to contact us!