CHES 2017 Capture the Flag Challenge

The WhibOx Contest An ECRYPT White-Box Cryptography Competition

Go to Dashboard

Call for participation

The competition comes in two flavors for competitors:

  • Developers are invited to post challenge programs that are white-box implementations of AES-128 under freely chosen keys. Challenges are expected to resist key extraction against a white-box attacker.
  • Attackers are invited to break the submitted challenges i.e. extract their hard-coded encryption key.

Participants may remain completely anonymous or use their real-life identity, as they prefer. Implementers are not expected to explain their designs: they only have to provide a resulting C code. Attackers are not expected to explain their techniques: they only have to recover and provide the embedded key(s).

Why this competition?

The motivation for initiating the WhibOx contest comes from the growing interest of the industry towards white-box cryptography (most particularly for DRMs and mobile payments) and the obvious difficulty of designing secure solutions in a scientifically valid sense. The conjunction of these phenomena has prompted some companies to develop home-made solutions (with a security relying on the secrecy of the underlying techniques) rather than to rely on academic designs.

In such a context, the competition gives an opportunity for researchers and practitioners to confront their (secretly designed) white-box implementations to state-of-the-art attackers. It also provides attackers and evaluators with new training material.

We hope and believe that new ideas will arise from this contest and that they will have a strong, positive impact on both scientific research and industrial know-how in the field of white-box cryptography.

How to win?

In a nutshell:

  • A white-box implementation collects strawberry points as long as it stays unbroken. As a reward for not being broken after \(n\) days, a challenge implementation gets \(n\) extra strawberries on that day, so its strawberry score on the \(n\)-th day is $$\frac{n(n+1)}{2}.$$ The score of a broken implementation decreases symmetrically down to \(0\). The winning score is the maximal strawberry score reached by challenge programs throughout the competition. The strawberry winner is the developer whose challenge has realized the winning score.
  • An attacker who breaks a challenge implementation by recovering its hard-coded key, converts the current strawberry score of the broken challenge into banana points. Those are integrated into the attacker's current banana score through the max rule: the attacker's new score is the max between her previous score and the bananas earned from the break. The banana winner is the attacker with the most banana points when the competition ends.


The complete and detailed rules of the competition are available in the "Competition Rules" tab on the dashboard.

Important dates

  • May 15, 2017: Competition starting date, the submission server opens
  • Aug 31, 2017: Submission deadline (the submission period expires but attacks continue)
  • Sep 24, 2017: Final deadline (strawberry and banana scores are frozen)
  • CHES 2017 rump session: Announcement of winners

As soon as a challenge implementation is submitted, it is made public on the server and can hence be freely downloaded and broken by attackers. Implementations can be submitted from May 15 to Aug 31, 2017. After the submission deadline, attackers still have 24 days to continue breaking challenge implementations (until CHES 2017 starts).

Winners will be announced at the CHES 2017 rump session (CHES will take place from Sep 25 to 28 in Taiwan).


This competition is organised by the ECRYPT-CSA consortium.

The source code of the submission server has been developed by CryptoExperts. It is fully open source and available on GitHub.

The server is administered by TU Eindhoven during the competition.

Join the discussion forum on Slack and get your questions answered by the organizing committee. Invitation based - send us an invitation request at You may also be invited by people that are already members.

The organizing committee is composed of Emmanuel Prouff (CHES 2017 CTF Manager), Chen-Mou Cheng and Bo-Yin Yang (CHES 2017 General co-chairs), Thomas Baignères, Matthieu Finiasz, Pascal Paillier and Matthieu Rivain (CryptoExperts people, who initiated the idea and developped the server).