-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Powers of Tau Operational writeup
=================================

Round: 4
Date: 2017-11-12
Name: Matt Drollette
Location: Dallas, Texas

Challenge: 
9b80a6140d42bd234fbe43eea542296df8bcb4c834ea5d0a16a194964b72fd11a6ee9efae9364eb74f99bb4471e7fb4ac9cb2bb3aa8e03fe22c6279a104f367b

Response: 
53b6dc5a91d04c3000037cbc4f6f4bc9e9daf9448a41f997746b156c643a84f481c49bf7dadce388b3c9e8c147f94c12c5dacb5350a54e112ee45f57ffd8f34c


Preparation steps
=================

I noticed most participants were taking on a significant responsibility in
securing their own hardware and infrastructure in order to participate in this
process. I took a different approach in that I wanted to leverage the security
work done by people much more qualified than myself. I therefore used Google
Cloud Platform to generate my response (https://cloud.google.com/security/).

First, I created a new GCP project under a gmail account not belonging to any
other organizations and configured with Advanced Protection
(https://landing.google.com/advancedprotection/).

Next, I created a Compute Instance with an external IP to serve as the bastion 
for external network access and collecting the responses.

I then created three compute instances in three different regions having three
different instance types. Each instance was running Google's Container-Optimized
OS (https://cloud.google.com/container-optimized-os/docs/concepts/security) and
did not have an external IP address.

Next, on the bastion I built a Docker image containing the compute binary built
from https://github.com/ebfull/powersoftau at commit 9e1553c437183540392a7231d0788318a19b18a3

I downloaded the challenge file to the bastion host and then transferred it to
each compute instance along with the compute Docker image via scp over the 
internal network. I verified the sha256 hash of each challenge and compute 
binary on each instance and then began the computation using different random 
inputs for each process.

```
bastion
480c27457c467362a1d3dd3d972844e1230abde236f4d153d80938ab7ec19f7d  challenge
4952c8b4e8d3e75ded8fafa28bffb4082e26732f17ec8176c7cd26591adaf93e  powersoftau.docker
922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a  /powersoftau/target/x86_64-unknown-linux-musl/release/compute

instance-1
480c27457c467362a1d3dd3d972844e1230abde236f4d153d80938ab7ec19f7d  challenge
4952c8b4e8d3e75ded8fafa28bffb4082e26732f17ec8176c7cd26591adaf93e  powersoftau.docker
922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a  /powersoftau/target/x86_64-unknown-linux-musl/release/compute

instance-2
480c27457c467362a1d3dd3d972844e1230abde236f4d153d80938ab7ec19f7d  challenge
4952c8b4e8d3e75ded8fafa28bffb4082e26732f17ec8176c7cd26591adaf93e  powersoftau.docker
922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a  /powersoftau/target/x86_64-unknown-linux-musl/release/compute

instance-3
480c27457c467362a1d3dd3d972844e1230abde236f4d153d80938ab7ec19f7d  challenge
4952c8b4e8d3e75ded8fafa28bffb4082e26732f17ec8176c7cd26591adaf93e  powersoftau.docker
922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a  /powersoftau/target/x86_64-unknown-linux-musl/release/compute
```


Sidechannel defenses
====================

The scale of GCP and sheer number of compute instances makes a targeted
sidechannel attack practically impossible. Also, Google takes great care in
preventing known attack methods 
(https://cloudplatform.googleblog.com/2017/01/7-ways-we-harden-our-KVM-hypervisor-at-Google-Cloud-security-in-plaintext.html).

In addition to Google's security practices, I also ran multiple compute
instances in multiple regions computing responses on the same challenge file at
the same time. I then selected only one of these responses at random to submit
and destroyed the others. I do not know which node computed the response that I
submitted.


Postprocessing
==============

Once the responses were computed on each instance, I recorded the hashes of each
response file and transferred all 3 files back to the bastion host and deleted
the 3 compute instances. I did not record which instance computed which
response. I then selected one of the 3 response files by dice roll and submitted
its hash to the mailing list and uploaded the file to S3. I then deleted the
bastion compute instance and deleted the entire GCP project.

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEcCbF98RdwnWkGV4WMFJx9gHK8m4FAloI+EMACgkQMFJx9gHK
8m69Lg/9Hpa33wVPdjSjfarwHEveAnIjryoIxemMI2OThJfK27aIhuKVjW94/t4W
eaX9KCYejcFOY8gXfLVlKd+/ZGGlt0tajSUwT1A6Nz9E8IKc3WnXaEyFWuFFiS/v
DyOeSAjjsJpAGNs2tIDFQZkmY/cKzC+L/G7PzVu6KLgWKpl0LXXPyVw7og9AcCIP
LiJaHcqDMbLrhQoL+13K2chtDU8exU6972Z6YH0di8EuhykTQ6ILX9/Ebju8/Tat
m4Mq/GpKMxqZUHMQwDlEkYdaf8q/b23iVmcl/+5UXfivA2vnqi7h05lbgr0QCoC/
KFLJoZ3qCMw2iTqZVrcAejrgcHXaHXyE2jrPpMN+b/1Ot9rcnKMOilKPuDCTSYSr
7/4hhEQQk8wBgikLeCbgkJD6UldWG1KSfZ7mH4f/5ywddSt7cctFVNk5kHjzvxJ2
N/0j8ZNZ0pQ9ME6oP9WlnzUhiMn6eA1BPMjOfzRZhvFV6F/+RMQwjEWx2ujYN30O
JF6VZ+RT8EqpG3rrdW7CvMIJs+EQ2M3EH5KEBZae+DRUNElIqrgx5gmYWrafdBI9
c4+qr16+6CN36XKvQr6o89xqjiSA19e+D5PLGAOLeMI2Xmokp2bd0R59Vzn7Ys24
0XK09E0zzIC3VM0S6eSVE2/b7bL6VP5ou/5a/6Agt34epTWsYrg=
=acF8
-----END PGP SIGNATURE-----