TikTok PET ARENA:
Privacy-Preserving Database Systems CTF Competition
A hands-on European CTF competition with the objective of breaking privacy protection mechanisms (e.g., differential privacy) with various techniques, including machine learning, in an interactive database setting.
Coming SoonCompetition Overview
Participants will gain access to a simulated DBS with various datasets through designated APIs, and assume the role of ethical red-teaming adversaries. Participants will design and execute novel or known privacy attacks through four missions in three tracks. The tracks and missions are of various difficulty levels and invite participants to detect database membership, infer sensitive attributes, reconstruct sensitive user records, link records across tables, and other innovative attacks.
A panel of cybersecurity and privacy experts will judge the innovative approach and technical soundness of attacks, and award the most successful teams/individuals.
Prizes
- 1st place: $4,000 USD
- 2nd place: $2,000 USD
- 3rd place: $1,000 USD
- 4th place: $500 USD
- 5th place: $250 USD
- Honorable Mentions
- Certificates for participants who have completed at least one mission.
Who Can Apply?
We invite any privacy, security, machine learning, and/or data expert, researcher, and engineer to participate. We especially encourage undergraduate or graduate students in the fields of privacy, security, data science, ML, and engineering or related fields to apply. Teams of 1–4 members (students, researchers, industry professionals) are welcome. All team members need to be resident in either the European Economic Area (EEA), the United Kingdom, or Switzerland.
How to Apply
Submit your application via an (upcoming) official link. Applications will be reviewed on a rolling basis.
Applications should include:
- Team bios (names, affiliations, roles).
- Team Lead (if a Team).
- Valid email.
- Code samples or prior work (GitHub links accepted). This is optional.
Contest Details
The contest will have a total duration of 5 weeks. Successful teams will be invited for a hybrid award ceremony (location and date to be determined).
Selection Criteria
Success in this hackathon is measured by a comprehensive scoring matrix that objectively quantifies participant performance across each mission.
Scoring will consider the following criteria:
- Type of attack and privacy compromise
- Attack metrics (e.g., TPR, FPR, AUC, MSE, etc.)
- Attack detectability
- Attack complexity
- Attacker's strength and prior knowledge
- Attack robustness to different levels and types of privacy protection mechanisms
FAQ
Can solo applicants apply?
Yes! As long as an European Economic Area, United Kingdom or Switzerland resident, individuals are welcome, but teams of 2–4 are encouraged for diverse expertise.
If my team is invited for the award ceremony, is travel funding available?
No. Teams are incentivized to seek support from their institutions.
Are non-academic teams eligible?
Absolutely—industry professionals and independent researchers are welcome, as long as all team members are either an European Economic Area, United Kingdom or Switzerland resident.
What datasets will we use?
Synthetic and public real-world data.
Contact
If you have any questions, do not hesitate to contact the organizing committee at external-tech-impact@tiktok.com.