Paper 2022/385

ECDSA White-Box Implementations: Attacks and Designs from WhibOx 2021 Contest

Guillaume Barbu, Ward Beullens, Emmanuelle Dottax, Christophe Giraud, Agathe Houzelot, Chaoyun Li, Mohammad Mahzoun, Adrián Ranea, and Jianrui Xie


Despite the growing demand for software implementations of ECDSA secure against attackers with full control of the execution environment, the scientific literature on white-box ECDSA design is scarce. To assess the state-of-the-art and encourage practical research on this topic, the WhibOx 2021 contest invited developers to submit white-box ECDSA implementations and attackers to break the corresponding submissions. In this work we describe several attack techniques and designs used during the WhibOx 2021 contest. We explain the attack methods used by the team TheRealIdefix, who broke the largest number of challenges, and we show the success of each method against all the implementations in the contest. Moreover, we describe the designs, submitted by the team zerokey, of the two winning challenges; these designs represent the ECDSA signature algorithm by a sequence of systems of low-degree equations, which are obfuscated with affine encodings and extra random variables and equations. The WhibOx contest has shown that securing ECDSA in the white-box model is an open and challenging problem, as no implementation survived more than two days. To this end, our designs provide a starting methodology for further research, and our attacks highlight the weak points future work should address.

Available format(s)
Public-key cryptography
Publication info
Preprint. MINOR revision.
ECDSAWhite-box CryptographyWhibOx
Contact author(s)
agathe houzelot @ idemia com
christophe giraud @ idemia com
emmanuelle dottax @ idemia com
guillaume barbu @ idemia com
wbe @ zurich ibm com
m mahzoun @ tue nl
chaoyun li @ esat kuleuven be
adrian ranea @ esat kuleuven be
jianrui xie @ esat kuleuven be
2022-03-28: received
Short URL
Creative Commons Attribution


      author = {Guillaume Barbu and Ward Beullens and Emmanuelle Dottax and Christophe Giraud and Agathe Houzelot and Chaoyun Li and Mohammad Mahzoun and Adrián Ranea and Jianrui Xie},
      title = {ECDSA White-Box Implementations: Attacks and Designs from WhibOx 2021 Contest},
      howpublished = {Cryptology ePrint Archive, Paper 2022/385},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.