Competition Rules

The competition is run by the ORGANIZING COMMITTEE.

User accounts

Anyone can create an account and post one or several challenges and/or break one or more challenges on the WhibOx competition website.

The account owner may remain completely anonymous when creating an account. In addition to creating a login/password, an email address must be entered (in case the ORGANIZING COMMITTEE needs to contact the owner directly). However, the email address is not verified except for basic syntax. Users may e.g. enter their primary email address or, if they are willing to remain anonymous, may use a free service such as Mailinator to create an untraceable email address.

Therefore, the same person may create several accounts. User accounts are password-protected but passwords CANNOT BE CHANGED and are NOT RECOVERABLE in case of loss. It is the users' responsibility to choose a strong enough password and to keep it in a safe place. Non-anonymous winners will be asked to log in publicly during the prize ceremony.

Every newly registered user, referred to as a participant, is assigned a BANANA score initialized to 0.

The website is public in the sense that anyone can freely browse it (including downloading challenges) but logging in is required to post or break challenges.

The competition website is referred to as the SYSTEM.

What is a challenge?

A challenge is a C source program that contains a function with prototype

void AES_128_encrypt(unsigned char ciphertext[16], unsigned char plaintext[16]);

The program must fulfill the following requirements:

  • It implements an AES-128 encryption under some 128-bit key embedded into the code.
  • The function AES_128_encrypt(ciphertext, plaintext) takes a 128-bit plaintext block as input (as a pointer on an array of 16 bytes) and writes the corresponding 128-bit ciphertext (as an array of 16 bytes) at the given address.
  • Requirements on the source:
    • The C language is the one accepted by GCC 6.2.3 with NO language dialect options. This is equivalent to the option -std=gnu90, meaning it is C90 with GNU extensions.
    • No #include or extern is allowed in the source code, and more generally linking to external libraries (even the standard C libraries) is forbidden. This is intended to prevent the inclusion of malware in submitted challenges. Any attempt to maliciously attack the SYSTEM or the computer system of attackers will lead to DISQUALIFICATION. In case evidence of malicious code is found in a challenge, contestants are invited to contact the ORGANIZING COMMITTEE directly ( If contestants are suspicious that some challenge program may contain malware, they may run GCC in docker or a virtual machine, exactly like the server does (using VirtualBox). Documentation on how the server runs is found on GitHub. Contestants are invited to download and install their own instance of the server if they want to ensure that their challenge will be accepted when submitted.
    • The type unsigned long is imposed to represent 32-bit integers, meaning that the target architecture is 32 bit oriented (as opposed to 64).
    • The source code must be completely portable and re-compilable towards ANY 32-bit target architecture. In other words, it must be made only of generic C which in particular, excludes the use of inline assembly.
    • The source code must be no bigger than 50MB.
    • The REFERENCE COMPILER must use at most 500MB of RAM to complete compilation.
    • The compilation must not exceed 100 seconds.
  • Requirements on the executable: once compiled by the REFERENCE COMPILER, the executable program must:
    • be 20MB in size or less,
    • use 20MB of RAM or less (this includes the stack and all global variables, at the exclusion of the code itself),
    • run, on average, in 1 second or less per function call. This is not absolute time but CPU time, measured within a VirtualBox VM by the SYSTEM. Contestants may check that their challenges comply with this limitation by using the utility ulimit with the -t option.

The SYSTEM will reject a program that does not comply with these requirements.

Compliance with the requirements can be tested by downloading and running a local instance of the submission server found here.

IPR and copyright disclaimer: contestants may indicate (typically in a header in their source) which license applies to their challenge program, if any.

Posting a challenge

A participant who posts a new challenge must temporarily reveal the embedded key to the SYSTEM for the purpose of verifying the consistency of the challenge program. The key is erased from the SYSTEM as soon as it has determined whether it is consistent or not with the challenge. This is done as follows.

Challenge-key verification procedure:

  1. The SYSTEM uses the REFERENCE IMPLEMENTATION of AES-128 to generate a number of random plaintext-ciphertext pairs under the given key. The number of pairs is determined by the SYSTEM but is at least 1000. Once this is done, the key is erased from the SYSTEM.
  2. The SYSTEM compiles the challenge program and checks that it complies with the above requirements. If not, the challenge is rejected.
  3. For each plaintext-ciphertext pair, the SYSTEM runs the executable on the plaintext and checks that the output is equal to the ciphertext.
  4. In case of mismatch,
    1. the procedure halts,
    2. the challenge program is rejected and
    3. the mismatching plaintext-ciphertext pair is returned to the submitting participant.
  5. Otherwise, the challenge program is accepted and:
    1. given a name by the system,
    2. declared as UNBROKEN,
    3. assigned a STRAWBERRY score initialized to 0.

When accepted, the challenge is published on the website for anyone to download and play with. In addition, a small subset of random plaintext-ciphertext pairs is kept by the SYSTEM for later key verification. The number of pairs is determined by the SYSTEM but is at least 10.

Winning strawberries

A participant may post challenges anytime between the STARTING DATE and the POSTING DEADLINE.

An UNBROKEN challenge gets more and more STRAWBERRIES as time goes by.

On the day the challenge is posted, its score is set to 0 STRAWBERRIES. After 24 hours, it gets 1 STRAWBERRY. After 48 hours, it gets 2 more STRAWBERRIES so that it has a total of 3 STRAWBERRIES. A challenge that is still UNBROKEN after \(n\) days receives \(n\) more STRAWBERRIES (so that its score increases quadratically with time).

When a challenge is BROKEN, the progression of its STRAWBERRY score is reversed. If the challenge has stayed UNBROKEN for \(n\) days, it looses 1 STRAWBERRY immediately, then \(n\) STRAWBERRIES 24 hours after it is declared BROKEN by the SYSTEM. It then looses another \(n-1\) STRAWBERRIES after 48 hours, and so forth, until its STRAWBERRY score reaches 0.

When the FINAL DEADLINE is reached, the STRAWBERRY scores of all challenges freeze.

Breaking challenges

A participant may break any challenge by submitting a putative key to the SYSTEM. The challenge may be UNBROKEN or already BROKEN.

Key verification procedure: Given the submitted key, the SYSTEM fetches the recorded plaintext-ciphertext pairs attached to the challenge and uses the REFERENCE IMPLEMENTATION again to check that the key matches all the pairs. The key is erased as soon as the verification is completed.

In case of mismatch, the mismatching pair is returned to the submitting participant and the break is rejected.

Otherwise, the submitting participant is notified that the break is accepted. If the challenge was UNBROKEN, it is declared as BROKEN at the time the SYSTEM accepted the break.

Participants may break challenges until the FINAL DEADLINE.

Winning bananas

A participant whose break has been accepted by the SYSTEM gets a chance to increase their BANANA score.

Noting \(S\) the current STRAWBERRY score of the challenge and \(B\) the participant's current BANANA score, \(B\) is updated as $$B = \max(B, S)\;.$$

Winning the competition

The winners are determined at the time of the FINAL DEADLINE. There are 2 winners, the STRAWBERRY WINNER and the BANANA WINNER.

The strawberry winner

The WINNING CHALLENGE is the challenge (BROKEN or UNBROKEN) which STRAWBERRY score has reached the highest peak between the STARTING DATE and the FINAL DEADLINE.

The STRAWBERRY WINNER is the participant who posted the WINNING CHALLENGE.

There may be several WINNING CHALLENGEs and STRAWBERRY WINNERs (no tie-breaking rule).

The banana winner

The BANANA WINNER is the participant with the highest BANANA score at the time of the FINAL DEADLINE.

There may be several BANANA WINNERs (no tie-breaking rule).


At any time, the ORGANIZING COMMITTEE may DISQUALIFY a participant in case of misconduct during the competition. Examples of misconduct include

  • posting a challenge program that does not implement AES-128,
  • posting a challenge program that contains malware,
  • attempting to attack/hack the SYSTEM or the computer system of attackers in any manner.

The user account of a DISQUALIFIED participant is disabled and challenges that the participant has posted may be withdrawn from the competition on a case-by-case basis.

Terms of reference

Important dates

STARTING DATEMay 15, 2017 @ 00:00 UTC
POSTING DEADLINEAugust 31, 2017 @ 23:59 UTC
FINAL DEADLINESeptember 24, 2017 @ 12:00 UTC (1 day before CHES 2017)

System and challenges

SYSTEMServer comprising the competition website and tools for compiling and testing challenge programs
REFERENCE COMPILERgcc with option -nostdinc (this is version 6.2.3 of gcc)
REFERENCE IMPLEMENTATIONaes.c file available from this GitHub repository.
BROKEN (challenge) At least one participant has been able to provide the SYSTEM with an AES-128 key that passes the key verification procedure.
UNBROKEN (challenge)A challenge that is not BROKEN.

Winning participants

WINNING CHALLENGEChallenge which STRAWBERRY score has reached the highest peak between the STARTING DATE and the FINAL DEADLINE.
BANANA WINNERParticipant with the highest BANANA score at the time of the FINAL DEADLINE.
DISQUALIFIED (participant) Misconducting participant excluded from the competition and whose challenges may be withdrawn.