Technical Architecture

A complete view of the system protecting the asset

The Premise

A Bitcoin wallet seed phrase is transmitted between two AKM-secured endpoints. Continuously. The encrypted traffic passes through a network segment where adversaries have full capture capability. This is the same AKM protocol protecting critical infrastructure worldwide.

System Components

1

Secure Endpoints (EP-A & EP-B)

Two tamper-resistant hardware devices running AKM firmware. Each contains a Hardware Security Module that stores cryptographic material. Physical access is monitored via live camera feed.

Hardware: STM32 + HSM

Enclosure: Tamper-evident

2

AKM Protocol

The seed phrase is encrypted using AKM's autonomous key management protocol. AES-128 encryption. HMAC-SHA256 authentication. Per-session key rotation. Replay protection. No PKI dependencies.

Cipher: AES-128

MAC: HMAC-SHA256

Key Rotation: Per-session

Forward Secrecy: Enabled

3

Adversary Position

Registered hunters receive SSH access to a dedicated machine positioned on the network. Full packet capture of all AKM traffic. This simulates a compromised network segment—the scenario AKM is designed to defeat.

Access: SSH (time-boxed)

Position: Inline tap

Capability: Full capture

Duration: 4 hours/session

4

The Target

Extract the seed phrase from captured traffic. Use it to access the Bitcoin wallet. Transfer the funds. The wallet balance is publicly verifiable on-chain.

Asset: 1.00000000 BTC

Verification: Public blockchain

Operational Integrity

Production Configuration

No weakened keys. No debug modes. No planted vulnerabilities. This is standard AKM deployment—the same configuration protecting operational systems.

Complete Visibility

Adversaries see everything a real attacker would see. We don't filter traffic or restrict capture. The full encrypted stream is available for analysis.

Real Consequence

The Bitcoin is real. A successful decryption means real loss for AKM. This isn't a simulation—it's a standing proof of cryptographic security.

Full Audit Trail

All sessions logged. All attempts documented. Public record of the system's operational history and security posture.

Attack Surface Analysis

With full network access, adversaries still face these cryptographic barriers

Traffic Analysis

Ciphertext reveals no information about the underlying plaintext

Replay

Session keys rotate. Nonces prevent replay of captured packets.

MITM

Mutual authentication prevents injection of malicious traffic

Brute Force

128-bit key space. Computationally infeasible to exhaust.

Protocol Exploits

Fixed message formats. No parsing vulnerabilities.

Side Channels

Constant-time operations. No timing leaks.

Common Questions

Is this a CTF?

No. There are no planted flags or intentional weaknesses. This is production-grade AKM security under real-world adversarial conditions.

What if I find a non-exploitable vulnerability?

Report it. We maintain a responsible disclosure program. Significant findings may qualify for separate recognition.

Why 1 BTC?

Meaningful enough to attract serious analysis. Sustainable for long-term operation. The amount demonstrates confidence without being reckless.

Can I attack the infrastructure?

The scope is AKM cryptographic security. Attacks on web infrastructure, physical tampering, or social engineering are out of bounds and will result in termination.

Ready to Engage

View Rules of Engagement