113 lines
5.1 KiB
Plaintext
113 lines
5.1 KiB
Plaintext
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA512
|
|
|
|
Powers of Tau Operational writeup
|
|
=================================
|
|
|
|
Round: 4
|
|
Date: 2017-11-12
|
|
Name: Matt Drollette
|
|
Location: Dallas, Texas
|
|
|
|
Challenge:
|
|
9b80a6140d42bd234fbe43eea542296df8bcb4c834ea5d0a16a194964b72fd11a6ee9efae9364eb74f99bb4471e7fb4ac9cb2bb3aa8e03fe22c6279a104f367b
|
|
|
|
Response:
|
|
53b6dc5a91d04c3000037cbc4f6f4bc9e9daf9448a41f997746b156c643a84f481c49bf7dadce388b3c9e8c147f94c12c5dacb5350a54e112ee45f57ffd8f34c
|
|
|
|
|
|
Preparation steps
|
|
=================
|
|
|
|
I noticed most participants were taking on a significant responsibility in
|
|
securing their own hardware and infrastructure in order to participate in this
|
|
process. I took a different approach in that I wanted to leverage the security
|
|
work done by people much more qualified than myself. I therefore used Google
|
|
Cloud Platform to generate my response (https://cloud.google.com/security/).
|
|
|
|
First, I created a new GCP project under a gmail account not belonging to any
|
|
other organizations and configured with Advanced Protection
|
|
(https://landing.google.com/advancedprotection/).
|
|
|
|
Next, I created a Compute Instance with an external IP to serve as the bastion
|
|
for external network access and collecting the responses.
|
|
|
|
I then created three compute instances in three different regions having three
|
|
different instance types. Each instance was running Google's Container-Optimized
|
|
OS (https://cloud.google.com/container-optimized-os/docs/concepts/security) and
|
|
did not have an external IP address.
|
|
|
|
Next, on the bastion I built a Docker image containing the compute binary built
|
|
from https://github.com/ebfull/powersoftau at commit 9e1553c437183540392a7231d0788318a19b18a3
|
|
|
|
I downloaded the challenge file to the bastion host and then transferred it to
|
|
each compute instance along with the compute Docker image via scp over the
|
|
internal network. I verified the sha256 hash of each challenge and compute
|
|
binary on each instance and then began the computation using different random
|
|
inputs for each process.
|
|
|
|
```
|
|
bastion
|
|
480c27457c467362a1d3dd3d972844e1230abde236f4d153d80938ab7ec19f7d challenge
|
|
4952c8b4e8d3e75ded8fafa28bffb4082e26732f17ec8176c7cd26591adaf93e powersoftau.docker
|
|
922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a /powersoftau/target/x86_64-unknown-linux-musl/release/compute
|
|
|
|
instance-1
|
|
480c27457c467362a1d3dd3d972844e1230abde236f4d153d80938ab7ec19f7d challenge
|
|
4952c8b4e8d3e75ded8fafa28bffb4082e26732f17ec8176c7cd26591adaf93e powersoftau.docker
|
|
922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a /powersoftau/target/x86_64-unknown-linux-musl/release/compute
|
|
|
|
instance-2
|
|
480c27457c467362a1d3dd3d972844e1230abde236f4d153d80938ab7ec19f7d challenge
|
|
4952c8b4e8d3e75ded8fafa28bffb4082e26732f17ec8176c7cd26591adaf93e powersoftau.docker
|
|
922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a /powersoftau/target/x86_64-unknown-linux-musl/release/compute
|
|
|
|
instance-3
|
|
480c27457c467362a1d3dd3d972844e1230abde236f4d153d80938ab7ec19f7d challenge
|
|
4952c8b4e8d3e75ded8fafa28bffb4082e26732f17ec8176c7cd26591adaf93e powersoftau.docker
|
|
922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a /powersoftau/target/x86_64-unknown-linux-musl/release/compute
|
|
```
|
|
|
|
|
|
Sidechannel defenses
|
|
====================
|
|
|
|
The scale of GCP and sheer number of compute instances makes a targeted
|
|
sidechannel attack practically impossible. Also, Google takes great care in
|
|
preventing known attack methods
|
|
(https://cloudplatform.googleblog.com/2017/01/7-ways-we-harden-our-KVM-hypervisor-at-Google-Cloud-security-in-plaintext.html).
|
|
|
|
In addition to Google's security practices, I also ran multiple compute
|
|
instances in multiple regions computing responses on the same challenge file at
|
|
the same time. I then selected only one of these responses at random to submit
|
|
and destroyed the others. I do not know which node computed the response that I
|
|
submitted.
|
|
|
|
|
|
Postprocessing
|
|
==============
|
|
|
|
Once the responses were computed on each instance, I recorded the hashes of each
|
|
response file and transferred all 3 files back to the bastion host and deleted
|
|
the 3 compute instances. I did not record which instance computed which
|
|
response. I then selected one of the 3 response files by dice roll and submitted
|
|
its hash to the mailing list and uploaded the file to S3. I then deleted the
|
|
bastion compute instance and deleted the entire GCP project.
|
|
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQIzBAEBCgAdFiEEcCbF98RdwnWkGV4WMFJx9gHK8m4FAloI+EMACgkQMFJx9gHK
|
|
8m69Lg/9Hpa33wVPdjSjfarwHEveAnIjryoIxemMI2OThJfK27aIhuKVjW94/t4W
|
|
eaX9KCYejcFOY8gXfLVlKd+/ZGGlt0tajSUwT1A6Nz9E8IKc3WnXaEyFWuFFiS/v
|
|
DyOeSAjjsJpAGNs2tIDFQZkmY/cKzC+L/G7PzVu6KLgWKpl0LXXPyVw7og9AcCIP
|
|
LiJaHcqDMbLrhQoL+13K2chtDU8exU6972Z6YH0di8EuhykTQ6ILX9/Ebju8/Tat
|
|
m4Mq/GpKMxqZUHMQwDlEkYdaf8q/b23iVmcl/+5UXfivA2vnqi7h05lbgr0QCoC/
|
|
KFLJoZ3qCMw2iTqZVrcAejrgcHXaHXyE2jrPpMN+b/1Ot9rcnKMOilKPuDCTSYSr
|
|
7/4hhEQQk8wBgikLeCbgkJD6UldWG1KSfZ7mH4f/5ywddSt7cctFVNk5kHjzvxJ2
|
|
N/0j8ZNZ0pQ9ME6oP9WlnzUhiMn6eA1BPMjOfzRZhvFV6F/+RMQwjEWx2ujYN30O
|
|
JF6VZ+RT8EqpG3rrdW7CvMIJs+EQ2M3EH5KEBZae+DRUNElIqrgx5gmYWrafdBI9
|
|
c4+qr16+6CN36XKvQr6o89xqjiSA19e+D5PLGAOLeMI2Xmokp2bd0R59Vzn7Ys24
|
|
0XK09E0zzIC3VM0S6eSVE2/b7bL6VP5ou/5a/6Agt34epTWsYrg=
|
|
=acF8
|
|
-----END PGP SIGNATURE-----
|