-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Powers of Tau Operational writeup
=================================
 
Round: 41
Principals: Ryan Pierce and Andrew Miller
Date: 2018-01-20
Location: North Illinois and Southern Wisconsin
Altitude: 3,000' AMSL / approx. 2200' AGL
Commit version: 9e1553c437183540392a7231d0788318a19b18a3
SHA256 of ./compute: 922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a
SHA256 of challenge file: c48fbf0a267ea9a9596c09aaf91f6acc18b48430e9239c18de583055b32d503d
 
blake2sum of response:
    8a5a9bcb a9c3ab76 c7e3a881 2ccd01e6
    9af2153b 5d0f9668 9f790493 37de1fb3
    28873f5f 771adef1 adf0486e 4904b28d
    96fe602c 8866f42e 8047ce3b dafe2f9e
    73c7d2cd 1b0c023d 3831a462 42bd6fc9
 
 
Preparation steps
=================
 
As we know, Powers of Tau is all about generating and safely disposing
of cryptographic "toxic waste." So, what better way to generate
entropy than with actual radioactive toxic waste?

For our contribution, the entropy source was a hardware-based random
number generator utilizing a Geiger tube and a radioactive source,
constructed and programmed by Ryan Pierce. It was based off of the
MightyOhm Geiger Counter kit, available for purchase at
http://mightyohm.com/geiger

The radioactive source chosen was a very small, low activity sample of
the graphite moderator ejected from the core of the Chernobyl Unit 4
nuclear reactor during the 1986 explosion and meltdown. The primary
activity of the source comes from the fission products Cs-137 (a gamma
and beta emitter) and Sr-90 (a beta emitter.) Gamma activity at the
surface of the sample container was approx. 0.7 uSv/h, falling
substantially below all thresholds that might restrict its
transportation by air, and posing no health risk. This dose rate is
only a few times the dose rate of normal background radiation.
 
The specific Geiger tube used was a Soviet SI-22G that was recovered
from the Chernobyl Exclusion Zone. This tube is sensitive to gamma and
hard beta radiation.
 
Ryan re-wrote the firmware for the kit's ATtiny2313 AVR
microcontroller to act as a random number generator, using the
difference in timing between consecutive pairs of Geiger tube pulses,
measured in microseconds. The idea for this method came from John
Walker, who implemented this in 1996.  See
https://www.fourmilab.ch/hotbits/
 
Ryan's source code is available at
https://github.com/RyanPierce/GeigerRNG
 
To sanity check the output of the generator, we ran a standard battery
of statistical tests, all of which passed:
 
    dieharder -a -k2 -Y 1 -f geigersamples.input >
    geigersamples.output
 
The Geiger input and output files are available via github, above. For
information on dieharder, see
https://webhome.phy.duke.edu/~rgb/General/dieharder.php
 
The code is configured to output a stream of 64 bytes of random
entropy, expressed as 128 hex characters, followed by a CRLF, when a
user presses a button on the Geiger counter RNG. The interface is a 6
pin FTDI header, and it transmits TTL serial data at 9600 baud. A
standard FTDI USB cable connects the Geiger counter RNG to the
laptop. The serial TTY was configured as follows:
 
    stty -F /dev/ttyUSB0 9600 raw
 
Pressing the button caused 64 bytes of entropy to be entered into the
computation program, without displaying it to the laptop screen, using
the following command:
 
    head -c 128 /dev/ttyUSB0 | ./compute
 
A picture of the RNG, tube, and source can be seen at
https://twitter.com/RyanPierce_Chi/status/954044819856347137
 
Side channel defenses
=====================
 
Andrew procured a laptop to serve as the compute node, purchased from
a randomly chosen 1 out 4 nearby Walmarts and/or Best Buys. The laptop
purchased was an HP Jaguar 15‑bs060wm, with 8GB of RAM and an Intel
i3-7100U processor (2.4 GHz, 2 cores). The laptop was booted from a
USB drive with Ubuntu 16.04. The hard drives and wifi were disabled in
software, but were *not* removed due to the difficulty in unscrewing
the laptop.
 
To reduce the risk of side channel attacks, we performed our
contribution to the ceremony while airborne in Ryan's Piper
Cherokee. Ryan and Andrew were the only occupants in the aircraft. No
mobile phones were powered on during the flight. The only mobile
device in use was an iPad 2, with cellular and WiFi disabled but
Bluetooth and GPS enabled, running ForeFlight electronic flight bag
software. We departed on a VFR flight from Waukegan airport (KUGN),
located in Illinois, near the Wisconsin border. Once we reached 3,000
feet AMSL, Ryan performed a 360 degree steep turn to assure ourselves
that no aircraft or drones were following us. We set up the Geiger
counter RNG and laptop and began the computation. During this time, we
made occasional random turns, flying over northern Illinois and
southern Wisconsin while remaining outside the O'Hare Class B
airspace, until the compute finished. We observed no suspicious
aircraft attempting to follow us. The total compute time took around
30 minutes. We then flew to Schaumburg Airport (06C) where we uploaded
the response file at Pilot Pete's restaurant. We made a return flight
to Waukegan later that afternoon.
 
Pictures from the trip:
 
https://twitter.com/RyanPierce_Chi/status/954776352225398784
https://twitter.com/RyanPierce_Chi/status/954777461782470656
https://twitter.com/RyanPierce_Chi/status/954779454961745921
https://twitter.com/RyanPierce_Chi/status/954854952396050432
https://twitter.com/RyanPierce_Chi/status/954908555873849344
https://twitter.com/RyanPierce_Chi/status/954855811951550464
 
We’re also currently producing a short video about our trip, which we
plan to publish to Youtube and notify the zapps-wg mailing list.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBAgAGBQJaZisvAAoJEFvUyhfk+7ICLOYQAIX7+nSe6CRVKFuwkjHYXJyu
Ll5G+X9+Kjrhq0RYXmjix50pEgkpEZhTzKnPxo4tNiiaRc34waKpCAFZpn2Yfpq5
8o3R3rTDjYlGcMVyWciipUvbtzxfxrs5GRXknTGhtLvhljZM+fq09O4raPn+oj5Y
tDiFKAO0tKx5wXqlg8diM5AxUfveX6Kov0844ctV+7rP6OYOgCEjqD/o/vM0kVUR
R5wvh7dqY2VHvh7LYAjUSOwbQ4M+3LCw9fK0dAZrXqT9Yn5DquGYKj39QsHJoJ9R
4uoDb6ltPJuZDCJ0wBKHiyfMr3++UKTDj6dRkHF2OD7aBk4jPZUC6YCC5zgQFPxL
MrBv137EBijmtu4uFfT2YM7SJkKa+AGXnhzsIdFKy5U4Ahqa7meA9sDdAHdOgR9W
RVq9wuO3OnL12Oj53N/PEVtxgmWxHVZfIKP5EPihhSklWC6RU8XVgV4OlfGkkYkA
YyrYNGjSTDI6YXVNXl4uKttzVg965tSt5+83HhuEFepR3+HFgmXz+suYa53J8rxX
njESFI0qV7j7VzLnwthAjV5u0ZAY0y9vOTnMB1nLwVZEKl/g3/WNZhDes9xuyYqV
fAXjVfM2YQ2mQui9U60g0XfSgnO/tnLVG8Fsiv3Jy2yx5baZect8nl3wX6qyWAiM
d/vM2xKNhdf49qfltNQn
=rmAp
-----END PGP SIGNATURE-----