CHES 2021 Challenge - WhibOx contest
The WhibOx contest is back for a 3rd edition, this time focusing on public-key white-box cryptography.
You think you can obfuscate an ECDSA signature implementation and make its secret key hard to extract? You'd like to break white-box ECDSA candidates? This challenge is made for you!
The WhibOx contest, Edition 2021, is a white-box cryptography competition organized as one of the CHES 2021 challenges. The contest took place from mid May to mid September 2021.
As previous editions, the competition challenges two categories of competitors:
-
Coders are invited to post candidate white-box implementations computing an ECDSA signature (on NIST P256 curve) from input message digest under a freely chosen secret key. The signature algorithm shall be deterministic with a freely chosen nonce derivation mechanism. Candidate implementations are expected to resist key extraction when submitted to white-box attackers.
-
Attackers are invited to break the submitted implementations i.e. extract their hard-coded signing key.
Contestants are free to remain anonymous. Coders are not expected to explain their designs, but only to provide a C source code of the white-box implementation. Attackers are not expected to explain their techniques, but only to recover embedded key(s).
The winners of the challenge were awarded with fame and a 2000$ cash prize.
Wall of Fame
Final strawberry scoreboard (developer category)
| # | Pseudonym | Identities | Score | Prize |
|---|---|---|---|---|
| 1 | zerokey |
Adrián Ranea, Ward Beullens, Jianrui Xie, Chaoyun Li
imec-COSIC, KU Leuven Mohammad Mahzoun Eindhoven University of Technology |
20.39 | $500 |
| 2 | auguste |
Tobias Damm, Max Gebhardt, Aron Gohr, Dominik Klein, Dennis Kügler, Friederike Laus, Johannes Mittmann, Vivien Thiel
Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany |
7.33 | $200 |
| 3 | mcs |
Changshe Ma, Wenwei Ye
School of Computer Science, South China Normal University |
5.73 | $100 |
| 4 | BlackSea | anonymous | 3.45 | |
| 5 | scnucrypto |
Yufeng Tang, Nanjiang Xie, Bin Li, Jinhai Chen, Zheng Gong
School of Computer Science, South China Normal University |
3.40 | |
| 6 | Maidei | anonymous | 1.56 | |
| 7 | bluecat | anonymous | 0.41 | |
| 8 | BugsBunny | anonymous | 0.32 | |
| 9 | GMorseCode |
Gregory Morse
Eötvös Loránd University (ELTE) |
0.29 | |
| 10 | OoOoOOoOO | anonymous | 0.28 |
Final banana scoreboard (attacker category)
| # | Pseudonym | Identities | Score | Total Breaks | Prize |
|---|---|---|---|---|---|
| 1 | bananaramadama |
Hermann Drexler, Sven Bauer
Giesecke+Devrient Mobile Security GmbH, Munich |
20.39 | 85 | $750 |
| 2 | auguste |
Tobias Damm, Max Gebhardt, Aron Gohr, Dominik Klein, Dennis Kügler, Friederike Laus, Johannes Mittmann, Vivien Thiel
Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany |
5.73 | 90 | $300 |
| 3 | TheRealIdefix | Cryptography & Security team of IDEMIA | 1.51 | 92 | $150 |
| 4 | ABC | anonymous | 0.28 | 27 | |
| 5 | O_o |
Chunya Hu, Yongbo Hu, Zichao Gong
Goodix |
0.23 | 69 | |
| 6 | patator | anonymous | 0.19 | 78 | |
| 7 | c2kc | anonymous | 0.05 | 57 | |
| 8 | scnucrypto |
Yufeng Tang, Nanjiang Xie, Bin Li, Jinhai Chen, Zheng Gong
School of Computer Science, South China Normal University |
0.02 | 18 | |
| 9 | Cronokirby | anonymous | 0.02 | 8 | |
| 10 | Account | anonymous | 0.02 | 3 |
Challenge schedule
| Detailed Rules Release | April 25, 2021 |
|---|---|
| Submission Open | May 17, 2021 @00:00 UTC |
| Submission deadline | August 22, 2021 @ 00:00 UTC |
| Attack deadline | September 11, 2021 @ 00:00 UTC |
| Winners Announcement | CHES 2021 rump session (September 16, 2021) |
Detailed rules of this edition was released on April 25, 2021.
As soon as a challenge implementation is submitted and verified, it is made public on the server and can hence be freely downloaded and broken by contestants. Implementations can be submitted from May 17 to Aug 22, 2021. After the submission deadline, attackers still have 3 weeks to continue breaking challenge implementations (until the day before CHES 2021 starts).
Winners were announced at the CHES 2021 rump session (virtually on September 16, 2021).
Connect with the community
Stay tunned our official Twitter account @WhiboxC.
Join the discussion forum on Slack and get your questions answered by the organizing committee. Send us an invitation request at whibox.organizing.committee@gmail.com. You may also be invited by people that are already members.
The organizing committee is composed of Stefan Kölbl (Google), Louis Goubin (UVSQ), Pascal Paillier, Matthieu Rivain, Aleksei Udovenko, and Junwei Wang (CryptoExperts).
Credits
This competition is one of the challenges of CHES 2021, a conference sponsored by IACR.
Stefan Kölbl (Google) has gracefully volunteered to host and manage the submission server, which is sponsored by Google Cloud.
The source code of the submission server has been developed by CryptoExperts. It is fully open source and available on GitHub.