Cryptology ePrint Archive: Report 2020/342

Security Assessment of White-Box Design Submissions of the CHES 2017 CTF Challenge

Estuardo Alpirez Bock and Alexander Treff

Abstract: In 2017, the first CHES Capture the Flag Challenge was organized in an effort to promote good design candidates for white-box cryptography. In particular, the challenge assessed the security of the designs with regard to key extraction attacks. A total of 94 candidate programs were submitted, and all of them were broken eventually. Even though most candidates were broken within a few hours, some candidates remained robust against key extraction attacks for several days, and even weeks. In this paper, we perform a qualitative analysis on all candidates submitted to the CHES 2017 Capture the Flag Challenge. We test the robustness of each challenge against different types of attacks, such as automated attacks, extensions thereof and reverse engineering attacks. We are able to classify each challenge depending on their robustness against these attacks, highlighting how challenges vulnerable to automated attacks can be broken in a very short amount of time, while more robust challenges demand for big reverse engineering efforts and therefore for more time from the adversaries. Besides classifying the robustness of each challenge, we also give data regarding their size and efficiency and explain how some of the more robust challenges could actually provide acceptable levels of security for some real-life applications.

Category / Keywords: implementation / White-box cryptography, Capture the flag, Differential computation analysis, Differential fault analysis

Original Publication (in the same form): Constructive Side-Channel Analysis and Secure Design (Cosade) 2020

Date: received 21 Mar 2020, last revised 23 Mar 2020

Contact author: estuardo alpirezbock at gmail com,alexander treff@student uni-luebeck de

Available format(s): PDF | BibTeX Citation

Version: 20200324:001956 (All versions of this report)

Short URL:

[ Cryptology ePrint archive ]