The competition is run by the ORGANIZING COMMITTEE.
Anyone can create an account and post one or several challenges and/or break one or more challenges on the WhibOx Edition 3 competition website.
The account owner may remain completely anonymous when creating an account. In addition to creating a login/password, an email address must be entered (in case the ORGANIZING COMMITTEE needs to contact the owner directly). However, the email address is not verified except for basic syntax. Users may e.g. enter their primary email address or, if they are willing to remain anonymous, may use a free service such as Mailinator to create an untraceable email address.
The same person may create several accounts. User accounts are password-protected but passwords CANNOT BE CHANGED and are NOT RECOVERABLE in case of loss. It is the users' responsibility to choose a strong enough password and to keep it in a safe place. Winners will be asked to log in and reveal their real name on the competition website if they want to be publicly awarded during the prize ceremony.
The website is public in the sense that anyone can freely browse it (including downloading challenges) but logging in is required to post or break challenges.
The competition website is referred to as the SYSTEM.
A challenge is a C source program that contains a function with prototype
void ECDSA_256_sign(unsigned char sig[64], const unsigned char hash[32]);
It implements an ECDSA signature algorithm on the NIST P-256 curve under some private key embedded into the code. The function ECDSA_256_sign takes two arguments:
hash : a pointer to the 32-byte hash of the message to be signed (the hash function is excluded from the implementation),sig : the address for the output 64-byte signature.The C language is the one accepted by GCC 10.2.0 with NO additional language dialect options. The source code must be completely portable and re-compilable towards any target architecture. In other words, it must be made only of generic C which in particular, excludes the use of inline assembly. Note that there is no restriction to a 32-bit architecture as in the previous editions of the WhibOx contest. Native 64-bit operations are supported by default and contestants may use them as they see fit.
The source file is allowed to include the GMP library (version 6.2.1) through #include <gmp.h>. Besides that, no #include or extern is allowed in the source code and more generally linking to external libraries (even the standard C libraries) is forbidden. Any attempt to maliciously attack the SYSTEM or the computer system of contestants will lead to DISQUALIFICATION. In case evidence of malicious code is found in a challenge, contestants are invited to report the issue to the ORGANIZING COMMITTEE directly ([email protected]). If contestants are suspicious that some challenge program may contain malware, they may run GCC in docker or a virtual machine, exactly like the server does (using VirtualBox).
The source code of the server will be made available on GitHub. Contestants are invited to download and install their own instance of the server if they want to ensure that their challenge will be accepted when submitted.
IPR and copyright disclaimer: contestants may indicate (typically in a header in their source) which license applies to their challenge program, if any.