FAQ

What exactly are you running?

Four VPS, one each at four different providers. Each runs the same HyveGuard binary in a four-node mesh. The binary is built from the same source as our production deployment, but the cluster is fully isolated — different network, different REALITY secret, different DNS, different DKG, different group public key. Nothing in this challenge cluster touches anything in production.

Why FROST? Why not just publish a private key and let people sign?

Two reasons, in order of importance:

1. The crown jewel doesn't exist on any node. Pedersen DKG produces a group public key; the corresponding group secret is the sum of contributions that no single node ever holds. To produce a valid signature you have to run the FROST signing protocol with ≥t valid shares while the consensus engine accepts you as a legitimate signer. That's a substantially higher bar than reconstructing a Shamir-split key offline.
2. FROST output is RFC-8032 compatible. A successful threshold sig verifies with stock ed25519.Verify. No exotic verifier needed; anyone can independently check a claim. The cluster doesn't get to lie about whether you won.

How do I register a handle?

Mine a small proof-of-work, post it. No email, no captcha, no third-party trackers, no fingerprint-against-our-records. Just handle + registered_at + any tier badges the operator confirms.

The PoW gate is SHA-256("hyveguard-identify-v1" || handle || nonce) with 20 leading zero bits. About a million hashes; under 2 seconds on a laptop. Build the bundled hg-identify CLI from the challenge repo (any modern Go toolchain), run hg-identify mine yourhandle 20, then POST the resulting nonce + handle to /hyveguard/identify on any edge. Replication propagates to the other three within seconds.

Registration is optional. You can submit a winning signature anonymously and we'll attribute it as "Anonymous". You can also register and never use it. Your call.

Why no cash bounty?

Budget. Four cheap VPS, one domain, one trademark application — that's the entire spend. We wanted to ship the challenge rather than wait until we could afford a bounty pool. The 60-day mark of any season is when we revisit. If you'd find this dramatically more interesting with money attached, tell us — we listen.

How does the challenge string rotate?

Every day at 00:00 UTC. The canonical preimage is SHA-256("hyveheim-challenge-v1" || 0x00 || YYYY-MM-DD || 0x00 || group_pub_bytes). Today's is on the landing page. Future days can't be precomputed because group_pub is part of the input — and a season rollover replaces group_pub entirely.

What's a "season"?

90 days, or until someone wins, whichever comes first. At rollover we run a fresh Pedersen DKG → fresh group_pub. Anything you were working on against the previous key is gone. Ragnarök small-r — the wolves circle every 90 days regardless.

What happens when someone wins?

The valid signature submitted on the form is verified against the cluster's published group_pub and today's canonical bytes. If valid, the cluster broadcasts SHUTDOWN; all four nodes stop services; the landing page flips to "SEASON CLOSED"; the winner goes on the hall of fame; we publish the season's audit DAG; we write a post-mortem.

What if I get a partial flag (Tier 1–3)?

Email it via PGP to disclosure@hyveguard.com with reproduction steps. We'll verify against the planted flag values + audit DAG, and credit you on the hall of fame. Partial captures don't end the season — the cluster keeps running.

What's "Ghost tier" (Einherjar) exactly?

You achieve Tier 4 (the crown jewel sig), AND throughout your entire attack you trip zero canaries, cause zero merkle drift across peers, raise zero quarantine alerts. Verified by clean audit DAG at season end. The audit chain is tamper-evident — you can't quietly remove your trace, only avoid leaving one.

You may not know whether a canary fired. We won't tell you mid-season. That's part of the design — half the difficulty is knowing whether your reconnaissance was loud.

Can you publish the source?

Not yet. The challenge is glass-box: you get the rules, the threat model, the protocol, the canonical-bytes formula, the audit-DAG schema. Source release is a decision we want to take deliberately, not by accident at launch. Ask again next season.

How is this different from a normal CTF?

Normal CTFs are puzzle-shaped: someone hid a flag, you find it, you're done. This is production-shaped: real services, real defences, real cross-node traffic, real OPSEC. The crown jewel isn't a flag-in-a-file — it's a cryptographic capability that requires you to compromise multiple independent parts of the system simultaneously, while the system actively notices.

What does the daily snark message mean?

Counter on the landing page. Different message at different milestones. Pure flavour. If it ever says something genuinely useful, that's an accident.

What if I find a vulnerability in one of the providers?

Out of scope for this challenge, but please tell us via PGP-signed email — we'll forward to the provider with credit to you. We have no authority to grant safe harbour for anything outside the published scope.

Why are you doing this?

Because we'd rather find the holes ourselves — with the help of people who actually know what they're doing — than ship a system that quietly fails the moment it matters. The infosec community is the right reviewer for this work, and the most honest signal is "did anyone break it."

What if nobody breaks it?

The season ends green at day 90. We run a fresh DKG, post a quarterly review, and start the next season. Repeat. We are patient. Bills are cheap.

What if the cluster goes down without anyone winning?

You'll see it on the status dashboard — one or more nodes go red. We'll write a saga explaining what happened. Operator availability outages don't count as wins — see the rules. The wolves are out there but the gate is supposed to hold even when we're not watching.

I just want to play. Where do I start?

Three honest paths:

1. Look first. Hit https://edge-fr.hyveguard.com/hyveguard/challenge (or any edge). That JSON is the entire public attack surface plus the canonical bytes you'd need to forge a signature against. Read the rules. Read this FAQ. Notice what's not there.
2. Probe carefully. Each edge runs nginx → hyveguard + sidecars. The sidecars (winner, identify) have rate limits. fail2ban watches SSH. Don't be the person who gets banned in the first hour.
3. Pick a tier. Foothold is the easiest entry; Crown Jewel is the headline; Einherjar is the prize-without-a-prize. Anything between counts.