The WhibOx contest is a white-box cryptography competition organised by the ECRYPT-CSA consortium as the CHES 2017 CTF Challenge. The contest took place from May 15, 2017 to Sep 24, 2017. The results were announced at the CHES 2017 Rump Session.
Wall of Fame
Final strawberry scoreboard (developer category):
| Pseudonym | Identities | Score |
|---|---|---|
| cryptolux | Alex Biryukov, Aleksei Udovenko (University of Luxembourg) |
406 |
| grothendieck | Leandro Marin (University of Murcia and Philips) |
78 |
| sebastien-riou | Sébastien Riou | 66 |
| chaes | anonymous | 55 |
| team4 | Brent Carmer, Tancrède Lepoint, Alex Malozemoff, Mariana Raykova | 36 |
| T33 | Ronald Rietman, Sebastiaan de Hoogh (Philips) |
28 |
| BendHer | Lucille Tordella (Telecom ParisTech) |
15 |
| alec | Alec Edgington | 1 |
| kluxc3qa1 | anonymous | 1 |
| Qe1d28d67 | anonymous | 1 |
Final banana scoreboard (attacker category):
| Pseudonym | Identities | Score |
|---|---|---|
| team_cryptoexperts | Louis Goubin, Pascal Paillier, Matthieu Rivain, Junwei Wang (CryptoExperts) | 406 |
| cryptolux | Alex Biryukov, Aleksei Udovenko (University of Luxembourg) | 78 |
| You! | anonymous | 55 |
| Team Megaloblastt | Ramtine Tofighi-Shirazi, Michaël Adjedj, Sylvain Lévêque, and colleagues (Trusted Labs, Gemalto) | 44 |
| jean_onche | anonymous | 28 |
| 2coolHeart | anonymous | 15 |
| OverTime | anonymous | 14 |
| pschorrhacker | anonymous | 14 |
| E1w00d | anonymous | 14 |
| TeamPhilips | Ronald Rietman, Sebastiaan de Hoogh, Maarten Bodlaender (Philips) | 9 |
| RonaldRietman | Ronald Rietman (Philips) | 3 |
| doegox | anonymous | 1 |
| SdeH | Sebastiaan de Hoogh (Philips) | 1 |
About the contest
The competition comes in two flavors for competitors:
- Developers are invited to post challenge programs that are white-box implementations of AES-128 under freely chosen keys. Challenges are expected to resist key extraction against a white-box attacker.
- Attackers are invited to break the submitted challenges i.e. extract their hard-coded encryption key.
Participants may remain completely anonymous or use their real-life identity, as they prefer. Implementers are not expected to explain their designs: they only have to provide a resulting C code. Attackers are not expected to explain their techniques: they only have to recover and provide the embedded key(s).
Why this competition?
The motivation for initiating the WhibOx contest comes from the growing interest of the industry towards white-box cryptography (most particularly for DRMs and mobile payments) and the obvious difficulty of designing secure solutions in a scientifically valid sense. The conjunction of these phenomena has prompted some companies to develop home-made solutions (with a security relying on the secrecy of the underlying techniques) rather than to rely on academic designs.
In such a context, the competition gives an opportunity for researchers and practitioners to confront their (secretly designed) white-box implementations to state-of-the-art attackers. It also provides attackers and evaluators with new training material.
We hope and believe that new ideas will arise from this contest and that they will have a strong, positive impact on both scientific research and industrial know-how in the field of white-box cryptography.
Score system
In a nutshell:
- A white-box implementation collects strawberry points as long as it stays unbroken. As a reward for not being broken after \(n\) days, a challenge implementation gets \(n\) extra strawberries on that day, so its strawberry score on the \(n\)-th day is $$\frac{n(n+1)}{2}.$$ The score of a broken implementation decreases symmetrically down to \(0\). The winning score is the maximal strawberry score reached by challenge programs throughout the competition. The strawberry winner is the developer whose challenge has realized the winning score.
- An attacker who breaks a challenge implementation by recovering its hard-coded key, converts the current strawberry score of the broken challenge into banana points. Those are integrated into the attacker's current banana score through the max rule: the attacker's new score is the max between her previous score and the bananas earned from the break. The banana winner is the attacker with the most banana points when the competition ends.
Agenda
- May 15, 2017: Competition starting date, the submission server opens
- Aug 31, 2017: Submission deadline (the submission period expires but attacks continue)
- Sep 24, 2017: Final deadline (strawberry and banana scores are frozen)
- CHES 2017 rump session: Announcement of winners
As soon as a challenge implementation is submitted, it is made public on the server and can hence be freely downloaded and broken by attackers. Implementations can be submitted from May 15 to Aug 31, 2017. After the submission deadline, attackers still have 24 days to continue breaking challenge implementations (until CHES 2017 starts).
Rules
The complete and detailed rules of the competition are available in the "Competition Rules" tab on the dashboard.
Organisers
This competition is organised by the ECRYPT-CSA consortium.
The source code of the submission server has been developed by CryptoExperts. It is fully open source and available on GitHub.
The server is administered by TU Eindhoven during the competition.
Join the discussion forum on Slack and get your questions answered by the organizing committee. Invitation based - send us an invitation request at whibox.organizing.committee@gmail.com. You may also be invited by people that are already members.
The organizing committee is composed of Emmanuel Prouff (CHES 2017 CTF Manager), Chen-Mou Cheng and Bo-Yin Yang (CHES 2017 General co-chairs), Thomas Baignères, Matthieu Finiasz, Pascal Paillier and Matthieu Rivain (CryptoExperts people, who initiated the idea and developped the server).
