The WhibOx contest is a white-box cryptography competition organised by the ECRYPT-CSA consortium as the CHES 2017 CTF Challenge. The contest took place from May 15, 2017 to Sep 24, 2017. The results were announced at the CHES 2017 Rump Session.
Final strawberry scoreboard (developer category):
|cryptolux||Alex Biryukov, Aleksei Udovenko
(University of Luxembourg)
(University of Murcia and Philips)
|team4||Brent Carmer, Tancrède Lepoint, Alex Malozemoff, Mariana Raykova||36|
|T33||Ronald Rietman, Sebastiaan de Hoogh
Final banana scoreboard (attacker category):
|team_cryptoexperts||Louis Goubin, Pascal Paillier, Matthieu Rivain, Junwei Wang (CryptoExperts)||406|
|cryptolux||Alex Biryukov, Aleksei Udovenko (University of Luxembourg)||78|
|Team Megaloblastt||Ramtine Tofighi-Shirazi, Michaël Adjedj, Sylvain Lévêque, and colleagues (Trusted Labs, Gemalto)||44|
|TeamPhilips||Ronald Rietman, Sebastiaan de Hoogh, Maarten Bodlaender (Philips)||9|
|RonaldRietman||Ronald Rietman (Philips)||3|
|SdeH||Sebastiaan de Hoogh (Philips)||1|
The competition comes in two flavors for competitors:
Participants may remain completely anonymous or use their real-life identity, as they prefer. Implementers are not expected to explain their designs: they only have to provide a resulting C code. Attackers are not expected to explain their techniques: they only have to recover and provide the embedded key(s).
The motivation for initiating the WhibOx contest comes from the growing interest of the industry towards white-box cryptography (most particularly for DRMs and mobile payments) and the obvious difficulty of designing secure solutions in a scientifically valid sense. The conjunction of these phenomena has prompted some companies to develop home-made solutions (with a security relying on the secrecy of the underlying techniques) rather than to rely on academic designs.
In such a context, the competition gives an opportunity for researchers and practitioners to confront their (secretly designed) white-box implementations to state-of-the-art attackers. It also provides attackers and evaluators with new training material.
We hope and believe that new ideas will arise from this contest and that they will have a strong, positive impact on both scientific research and industrial know-how in the field of white-box cryptography.
In a nutshell:
As soon as a challenge implementation is submitted, it is made public on the server and can hence be freely downloaded and broken by attackers. Implementations can be submitted from May 15 to Aug 31, 2017. After the submission deadline, attackers still have 24 days to continue breaking challenge implementations (until CHES 2017 starts).
The complete and detailed rules of the competition are available in the "Competition Rules" tab on the dashboard.
This competition is organised by the ECRYPT-CSA consortium.
The server is administered by TU Eindhoven during the competition.
Join the discussion forum on Slack and get your questions answered by the organizing committee. Invitation based - send us an invitation request at firstname.lastname@example.org. You may also be invited by people that are already members.
The organizing committee is composed of Emmanuel Prouff (CHES 2017 CTF Manager), Chen-Mou Cheng and Bo-Yin Yang (CHES 2017 General co-chairs), Thomas Baignères, Matthieu Finiasz, Pascal Paillier and Matthieu Rivain (CryptoExperts people, who initiated the idea and developped the server).