CHES 2024 Challenge - WhibOx contest
The WhibOx contest is back for a 4th edition, continuing the last edition's focus on public-key white-box cryptography.
You think you can obfuscate an ECDSA signature implementation and make its secret key hard to extract? You'd like to break white-box ECDSA candidates? This challenge is made for you!
The WhibOx contest, Edition 2024, is a white-box cryptography competition organized as one of the CHES 2024 challenges. The contest will take place from late May to early September 2024.
As previous editions, the competition challenges two categories of competitors:
-
Coders are invited to post candidate white-box implementations computing an ECDSA signature (on the NIST P256 curve) from input message digest under a freely chosen secret key. The signature algorithm can be non-deterministic or deterministic with a freely chosen nonce derivation mechanism. Candidate implementations are expected to resist key extraction when submitted to white-box attackers. -
Attackers are invited to break the submitted implementations i.e. extract their hard-coded signing key.
Contestants are free to remain anonymous. Coders are not expected to explain their designs, but only to provide a C source code of the white-box implementation. Attackers are not expected to explain their techniques, but only to recover embedded key(s).
Wall of Fame
Final strawberry scoreboard (developer category)
| # | Pseudonym | Identities | Score | Prize |
|---|---|---|---|---|
| 1 | Idefix | Cryptography & Security team of IDEMIA | 224.03 | $600 |
| 2 | ἀναμάρτητος |
Jan Geuenich, Dominik Klein, Friederike Laus, Johannes Mittmann, Jan Simmer
Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany Aron Gohr (independent researcher) |
160.15 | $300 |
| 3 | bluecat | Nicolas Tranchant | 26.78 | $100 |
| 4 | sffoh_kcrek | anonymous | 25.76 | |
| 5 | dowejfreglei234 | anonymous | 18.81 | |
| 6 | Win95 | anonymous | 2.02 | |
| 7 | mcarter | anonymous | 0.84 | |
| 8 | chouloco |
Matthias Chouteau
École polytechnique, France |
0.02 | |
| 9 | nxmq | anonymous | 0.01 | |
| 10 | Second | anonymous | 0.0009 |
Final banana scoreboard (attacker category)
| # | Pseudonym | Identities | Score | Total Breaks | Prize |
|---|---|---|---|---|---|
| 1 | kerckhoffs |
Jan Geuenich, Dominik Klein, Friederike Laus, Johannes Mittmann, Jan Simmer
Bundesamt für Sicherheit in der Informationstechnik (BSI), Germany Aron Gohr (independent researcher) |
224.03 | 46 | $600 |
| 2 | Idefix | Cryptography & Security team of IDEMIA | 160.15 | 32 | $300 |
| 3 | BlackBox |
Hermann Drexler, Lars Hoffmann
Giesecke + Devrient, Munich |
48.39 | 38 | $100 |
| 4 | rod | anonymous | 17.24 | 19 | |
| 5 | bluecat | Nicolas Tranchant | 2.02 | 14 | |
| 6 | BugsBunny | anonymous | 0.009 | 12 | |
| 7 | Malcolm Carter | anonymous | 0.0007 | 1 | |
| 8 | jibe | anonymous | 0.0004 | 13 |
Challenge schedule
| Submission Open | May 26, 2024 @ 23:59 AoE |
|---|---|
| Submission deadline | August 8, 2024 @ 23:59 AoE |
| Attack deadline | September 1, 2024 @ 23:59 AoE |
| Winners Announcement | CHES 2024 rump session (September 6, 2024) |
As soon as a challenge implementation is submitted and verified, it is made public on the server and can hence be freely downloaded and broken by contestants. Implementations can be submitted from May 26 to Aug 8, 2024. After the submission deadline, attackers still have more than 3 weeks to continue breaking challenge implementations (until two days before CHES 2024 starts).
Winners will be announced at the CHES 2024 rump session.
Challenge rules
The detailed rules of the challenge can be found on this page.
Following questions on the slack channel regarding multiple accounts for submitting and attacking challenges, we provide the following addenda to the rules for clarification:
Designers are not allowed to break their own challenges.
More generally: it is forbidden for a team of attackers to break the challenge of a team of designers if there exists a non empty intersection between the two teams (i.e. at least one individual common to the two teams).
Any team publicly breaching the above rule will be disqualified.
One individual cannot be twice on the designer wall of fame (or podium) by being part of two different teams.
One individual cannot be twice on the attacker wall of fame (or podium) by being part of two different teams.
It is perfectly allowed to use different accounts for attacking and designing. Also, different accounts can be used in the same category but a single one will be accounted on the wall of fame, in accordance to the above points.
Cash prize
The winners of the challenge will be awarded with fame and a total of 2000$ cash prize. The 2000$ cash prize will be shared between the winners, as follows:
Designers’ podium:
600 for the strawberry winner
300 for the second highest strawberry score
100 for the third highest strawberry score
Attackers’ podium:
600 for the banana winner
300 for the second highest banana score
100 for the third highest banana score
Connect with the community
Stay tunned our official Twitter account @WhiboxC.
Join the discussion forum on Slack and get your questions answered by the organizing committee. Send us an invitation request at whibox.organizing.committee@gmail.com. You may also be invited by people that are already members.
The organizing committee is composed of Louis Goubin (UVSQ), Ryad Benadjila, Pascal Paillier, Matthieu Rivain (CryptoExperts), Alex Biryukov, Aleksei Udovenko (University of Luxembourg), and Junwei Wang.
Credits
This competition is one of the challenges of CHES 2024, a conference sponsored by IACR.
The source code of the submission server has been developed by CryptoExperts. It is fully open source and available on GitHub. The server of this edition is administrated and maintained by CryptoExperts.
Credits go to Ryad Benadjila for re-developing parts of the server at the occasion of this fourth edition of the WhibOx contest; the previous versions were created and upgraded by Thomas Baignères, Matthieu Finiasz and Junwei Wang.