Previous Next

You think you can obfuscate an ECDSA signature implementation and make its secret key hard to extract? You'd like to break white-box ECDSA candidates? This challenge is made for you!

The WhibOx contest, Edition 2021, is a white-box cryptography competition organized as one of the CHES 2021 challenges. The contest took place from mid May to mid September 2021.

As previous editions, the competition challenges two categories of competitors:

  • Coders are invited to post candidate white-box implementations computing an ECDSA signature (on NIST P256 curve) from input message digest under a freely chosen secret key. The signature algorithm shall be deterministic with a freely chosen nonce derivation mechanism. Candidate implementations are expected to resist key extraction when submitted to white-box attackers.
  • Attackers are invited to break the submitted implementations i.e. extract their hard-coded signing key.

Contestants are free to remain anonymous. Coders are not expected to explain their designs, but only to provide a C source code of the white-box implementation. Attackers are not expected to explain their techniques, but only to recover embedded key(s).

The winners of the challenge were awarded with fame and a 2000$ cash prize.


Wall of Fame

Final strawberry scoreboard (developer category)

# Pseudonym Identities Score Prize
1 zerokey Adrián Ranea, Ward Beullens, Jianrui Xie, Chaoyun Li
imec-COSIC, KU Leuven
Mohammad Mahzoun
Eindhoven University of Technology
20.39 $500
2 auguste Tobias Damm, Max Gebhardt, Aron Gohr, Dominik Klein, Dennis Kügler, Friederike Laus, Johannes Mittmann, Vivien Thiel
Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany
7.33 $200
3 mcs Changshe Ma, Wenwei Ye
School of Computer Science, South China Normal University
5.73 $100
4 BlackSea anonymous 3.45
5 scnucrypto Yufeng Tang, Nanjiang Xie, Bin Li, Jinhai Chen, Zheng Gong
School of Computer Science, South China Normal University
3.40
6 Maidei anonymous 1.56
7 bluecat anonymous 0.41
8 BugsBunny anonymous 0.32
9 GMorseCode Gregory Morse
Eötvös Loránd University (ELTE)
0.29
10 OoOoOOoOO anonymous 0.28

Final banana scoreboard (attacker category)

# Pseudonym Identities Score Total Breaks Prize
1 bananaramadama Hermann Drexler, Sven Bauer
Giesecke+Devrient Mobile Security GmbH, Munich
20.39 85 $750
2 auguste Tobias Damm, Max Gebhardt, Aron Gohr, Dominik Klein, Dennis Kügler, Friederike Laus, Johannes Mittmann, Vivien Thiel
Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany
5.73 90 $300
3 TheRealIdefix Cryptography & Security team of IDEMIA 1.51 92 $150
4 ABC anonymous 0.28 27
5 O_o Chunya Hu, Yongbo Hu, Zichao Gong
Goodix
0.23 69
6 patator anonymous 0.19 78
7 c2kc anonymous 0.05 57
8 scnucrypto Yufeng Tang, Nanjiang Xie, Bin Li, Jinhai Chen, Zheng Gong
School of Computer Science, South China Normal University
0.02 18
9 Cronokirby anonymous 0.02 8
10 Account anonymous 0.02 3

Challenge schedule

Detailed Rules Release April 25, 2021
Submission Open May 17, 2021 @00:00 UTC
Submission deadline August 22, 2021 @ 00:00 UTC
Attack deadline September 11, 2021 @ 00:00 UTC
Winners Announcement CHES 2021 rump session (September 16, 2021)

Detailed rules of this edition was released on April 25, 2021.

As soon as a challenge implementation is submitted and verified, it is made public on the server and can hence be freely downloaded and broken by contestants. Implementations can be submitted from May 17 to Aug 22, 2021. After the submission deadline, attackers still have 3 weeks to continue breaking challenge implementations (until the day before CHES 2021 starts).

Winners were announced at the CHES 2021 rump session (virtually on September 16, 2021).


Connect with the community

Stay tunned our official Twitter account @WhiboxC.

Join the discussion forum on Slack and get your questions answered by the organizing committee. Send us an invitation request at whibox.organizing.committee@gmail.com. You may also be invited by people that are already members.

The organizing committee is composed of Stefan Kölbl (Google), Louis Goubin (UVSQ), Pascal Paillier, Matthieu Rivain, Aleksei Udovenko, and Junwei Wang (CryptoExperts).


Credits

This competition is one of the challenges of CHES 2021, a conference sponsored by IACR.

Stefan Kölbl (Google) has gracefully volunteered to host and manage the submission server, which is sponsored by Google Cloud.

The source code of the submission server has been developed by CryptoExperts. It is fully open source and available on GitHub.