The contest consisted of a programming puzzle in which the contestants had to decrypt a set of messages that had all been encrypted with the same key. It was possible to decrypt the messages because of key reuse.
Results:
  • 1st place: Boise State University (Daniele Moro and Jared White)
  • 2nd place: Idaho State University (Brielle Cirlig and team)
  • Leo Marks award: DeVry Phoenix (Lisa Rodi). Leo Marks was a cryptographer in Britain’s Special Operations Executive (SOE) during WW2. In his autobiography, he wrote that he had an inauspicious arrival at SOE when it took him all day to decipher a code he had been expected to finish in 20 minutes because SOE had forgotten to supply the cipher key. Lisa gets the award because, like Leo, she worked to decrypt the message by hand without the benefit of a computer. Unfortunately(?), unlike Leo she didn’t have all day to work on it.
The winners received awards of Raspberry Pi 3 and Arduino development kits.
Coincidentally, a serious WiFi WPA2 vulnerability due to key reuse was announced two days after the competition. The vulnerability was discovered by Mathy Vanhoef, who dubbed it KRAck, short for “Key Reinstallation Attacks”. He described the vulnerability here: https://www.krackattacks.com/  .
Here’s a especially interesting section from his web site:
[…] the same encryption key is used with nonce values that have already been used in the past. In turn, this causes all encryption protocols of WPA2 to reuse keystream when encrypting packets. In case a message that reuses keystream has known content, it becomes trivial to derive the used keystream. This keystream can then be used to decrypt messages with the same nonce. When there is no known content, it is harder to decrypt packets, although still possible in several cases (e.g. English text can still be decrypted). In practice, finding packets with known content is not a problem, so it should be assumed that any packet can be decrypted.