-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I participated in the Powers of Tau ceremony, and here's my response file
hash (BLAKE2b):

db1eb34d 1f153f0e 32b287d7 4e7a81a2
49257944 5f9df1c4 7daf3fcd a7f3200a
2ab664b3 3c2b7dbc 1f46758f 4b1eb840
ff6afdaf 6e488849 88e4a0fa 504f5ad8

I used an auditable process to ensure (with high probability) that my
machine could not manipulate or influence the randomness used to
construct my response file. Thus, I was able to treat the machine as
if it were backdoored (hardware or software), and focus my energy
toward preventing exfiltration of the secrets.

I had a laptop sitting around for a few months. This morning I
installed Arch Linux on it, did not configure swap space. I removed
its wifi module after it was set up.

I also wrote this branch of the powersoftau code that I would be using
for my round of the ceremony:

https://github.com/ebfull/powersoftau/tree/cut-and-choose

(See commit fdc31d81ed47324f1dd1255d6ad615b928a0bb5d for the
implementation.)

Here's how it works: when it's my turn, I randomly select N random
strings and supply them to the machine. The machine uses these secrets
(and only these secrets) to seed PRNGs for generating N different
response files. Only instead of generating all of the response files,
which would take forever for large N, it only generates a portion of
each response file which _fully_ determines the remainder of the file.

The code will hash all of these portions of each response file together
into one BLAKE2b hash and print it out. I'll write it down, and then
run the full computation using one of the random secrets. I'll then
destroy the random secret, and extract the response file from the machine.
Then the machine is to be destroyed as well.

This makes it incredibly unlikely that the machine could influence the
randomness of the response file. It would know the secrets for each, but
it would have to guess in advance which one I would pick to use for my
response file. If it attempted to manipulate the randomness of any of the
others, it would be caught by the hash.

I travelled along with two close and trusted people in my life to a
quiet location near a state park in Colorado, along with a portable DVD
burner and my laptop, some notecards, some pens, and two 6-sided dice.

We rolled dice 50 times to produce each random string, producing N=20
random strings in total, writing them down on the notecards. I then
randomly shuffled the notecards and numbered them 1 through 20. I then
input each random string (very carefully!) into the machine using the
`cargo run --release --bin challenge` code. The machine produced the
following hash:

	c4821644 4585ed20 c1bae0a5 e17cc04a
	b6f49775 469e2896 1306e6e4 3a5e2ca1
	8ed84bdc d3fdd4d4 b2f26104 04ee267e
	81089313 c11b0371 7f521080 2a79e43d

I then randomly picked one of the notecards, in my case number 14. I
ran my compute process and input the secret for number 14 into the
machine. It performed the computation. When it finished, I burned
three CD-Rs containing the resulting response file. I then shut the
machine down and disconnected the battery from the laptop. I burned
notecard #14 with a blow torch.

The laptop and portable CD/DVD burner are currently awaiting a
painful MAPP gas death.

I used one of the CD-Rs to transfer the response file to my personal
machine. The other two are being kept for analysis and comparison to
see if the machine attempted to exfiltrate secrets via them, which is
the only plausible way that my part of the ceremony could have been
(unauditably) compromised.

I have updated my branch with a new commit...

930d3d81d13f195a6a75f556a853888925ac945c

... which contains the random numbers for the notecards (all except
14, which was destroyed.) Together with the response file, the
`verify_hash` tool in that branch can be compared with the hash that
I wrote down earlier.
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEA5XeClAnvgwfWvsDlWhCV9j4sDEFAlqKarQACgkQlWhCV9j4
sDGu/RAAwA1cNc4YUJsTAbSj+WXIlgX0E8w6Kq7Fmox7XB/eMT41aioQewEYqAQX
cuL/oh8FmA34QDqaXV5HAK1Ab/IPMmSGsM1UrDY1VMP6k+r9Vb2VT6MtJTFsRyvj
XifCNJQv/8TUs0WipYNs0/lPCkMwt4d+gYvyz5vdi2024PDd+bpps9uVOD4tAe/Q
UeMz2fr/EUgg1EIc/A7yh0Ln9xGipLE44oUvgcd0ZEr26Si/WNFEzndBd0xy1nVX
4eJ5c3S7lk/bRdcpilvIPeh3tRJzmQ8Nai08oTfoqTmoboIlWQt8fH1RP9F2q4Km
dwffZ9pBX2guaWLfBns6NcBr8OlL0pX8Tj7nn4ZDpzy97mgwoZKOc5MkjBWeHAg/
g1SgAu4BD9AA89jcgDgiyeJ2M2fCWX7TvOgBB1xTPSKn2MEETvx11k+G20lreYGt
8Qfu8YrVtUFDTpR51kh+J1vWPI4l/YMlVpBrRLjoDcPSV2PPpydtHSzdS4huUgs0
kvECT/d8yZJpHLttkW+vm6ueheFGu6IgkyK1z+MqdzktkP7mdUtzYpAvDKWlflpK
7dJVQ5Lrm2jDkxNZB9hJ/Gx9lswq/0JkSWnyGZ2jdq+8C3c3noYC3eHt9C53+Fbk
tybQAnlURoEATnbu4aKQF6VNHOLdrIyTRtegxX/meRuJSrvHCrk=
=5NAW
-----END PGP SIGNATURE-----