This repository contains C code and Python code of the two white-box implementations (a fast and less protected implementation and a slow and more protected implementation) of deterministic ECDSA signature algorithm on the NIST P-256 curve from the WhibOx CHES 2021 Challenge. These two white-box implementations are described in the paper ECDSA White-Box Implementations: Attacks and Designs from CHES 2021 Challenge.
In particular, this repository contains:
- C source code of the two white-box implementations in
C code
folder. Note that this is unobfuscated C source code. - Python code of the two white-box implementations in
Python code\implementation_*.py
. These are alternative but functionally-equivalent implementations to the C ones. The Python implementations are also unobfuscated, they are slower than the C ones, but easier to understand. - Python scripts to regenerate the C source code in
Python code\script_*.py
.
To run the Python implementations:
- Ensure SageMath>=9 and Python 3 is installed.
- Locate the following code block in
implementation_*.py
and introduce your ECDSA secret-public key pair:
# secret key d (as integer) and public key Q = d G as hexadecimal string pair
SECRET_KEY = None # e.g., 0x9C29EDDAEF2C2B4452052B668B83BE6365004278068884FA1AC3F6D0622875C3
Q_x_str = None # e.g., "78E0E9DACCC47DE94D674DF3B35624A2F08E600B26B3444077022AD575AF4DB7"
Q_y_str = None # e.g., "3084B4B8657EEA12396FDE260432BA7BDB3E092D61A42F830150D6CC8D798F9F"
- Locate the following code block in
implementation_*.py
and introduce a random seed:
# OTHER CONSTANTS
seed = None # e.g., 0
- Run
implementation_fast.py
orimplementation_slow.py
.
To generate the C implementations:
- Ensure SageMath>=9 and Python >= 3.8 is installed.
- Locate the following code block in
implementation_*.py
and introduce your ECDSA secret-public key pair:
# secret key d (as integer) and public key Q = d G as hexadecimal string pair
SECRET_KEY = None # e.g., 0x9C29EDDAEF2C2B4452052B668B83BE6365004278068884FA1AC3F6D0622875C3
Q_x_str = None # e.g., "78E0E9DACCC47DE94D674DF3B35624A2F08E600B26B3444077022AD575AF4DB7"
Q_y_str = None # e.g., "3084B4B8657EEA12396FDE260432BA7BDB3E092D61A42F830150D6CC8D798F9F"
- Locate the following code block in
implementation_*.py
and introduce a random seed:
# OTHER CONSTANTS
seed = None # e.g., 0
-
Locate the line
FAST_MODE = None # True or False
inscript_generate_overflows.py
and setFAST_MODE
toTrue
orFalse
. Runscript_generate_overflows.py
-
Locate the line
FAST_MODE = None # True or False
inscript_printCarray.py
and setFAST_MODE
to the same value as before. Runscript_printCarray.py
-
Move
list_overflows*.c
andequation*_binary.c
to the correspondingC code\* version
folder. -
Run
C code\* version\script_merge.sh
and check the final C codefinal_binary.c
withgcc -c final_binary.c -o final_binary.c -lgmp -Wno-builtin-declaration-mismatch -Wno-int-to-pointer-cast -Wno-trigraphs
.
To run and test the C implementation:
- Install the python library click.
- Locate the following code block in
test\PUBLICKEY.py
and introduce your ECDSA public key pair:
Q_x = None # e.g., "78E0E9DACCC47DE94D674DF3B35624A2F08E600B26B3444077022AD575AF4DB7"
Q_y = None # e.g., "3084B4B8657EEA12396FDE260432BA7BDB3E092D61A42F830150D6CC8D798F9F"
- Move the final C code
final_binary.c
totest
folder. - In
test\compile_and_test.py
, modifyos.environ['FILE_BASENAME']
with the name of the final C code (without the.c
extension) containingvoid ECDSA_256_sign
. - In macOS, uncomment the line
# ram = ram / 1000
ofcompile_and_test.py
(in macOS the RAM is expressed in bytes while in Linux is in kilobytes) - Finally, compile the code and run the tests:
gcc -w -c main.c -o main.o
python3 compile_and_test.py
The test
folder is from GitHub - CryptoExperts/whibox_contest_submission_server: Source code of the Whitebox Contest Submission Server.