105 lines
4.6 KiB
Plaintext
105 lines
4.6 KiB
Plaintext
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA256
|
|
|
|
I participated in the Powers of Tau ceremony, and here's my response file
|
|
hash (BLAKE2b):
|
|
|
|
db1eb34d 1f153f0e 32b287d7 4e7a81a2
|
|
49257944 5f9df1c4 7daf3fcd a7f3200a
|
|
2ab664b3 3c2b7dbc 1f46758f 4b1eb840
|
|
ff6afdaf 6e488849 88e4a0fa 504f5ad8
|
|
|
|
I used an auditable process to ensure (with high probability) that my
|
|
machine could not manipulate or influence the randomness used to
|
|
construct my response file. Thus, I was able to treat the machine as
|
|
if it were backdoored (hardware or software), and focus my energy
|
|
toward preventing exfiltration of the secrets.
|
|
|
|
I had a laptop sitting around for a few months. This morning I
|
|
installed Arch Linux on it, did not configure swap space. I removed
|
|
its wifi module after it was set up.
|
|
|
|
I also wrote this branch of the powersoftau code that I would be using
|
|
for my round of the ceremony:
|
|
|
|
https://github.com/ebfull/powersoftau/tree/cut-and-choose
|
|
|
|
(See commit fdc31d81ed47324f1dd1255d6ad615b928a0bb5d for the
|
|
implementation.)
|
|
|
|
Here's how it works: when it's my turn, I randomly select N random
|
|
strings and supply them to the machine. The machine uses these secrets
|
|
(and only these secrets) to seed PRNGs for generating N different
|
|
response files. Only instead of generating all of the response files,
|
|
which would take forever for large N, it only generates a portion of
|
|
each response file which _fully_ determines the remainder of the file.
|
|
|
|
The code will hash all of these portions of each response file together
|
|
into one BLAKE2b hash and print it out. I'll write it down, and then
|
|
run the full computation using one of the random secrets. I'll then
|
|
destroy the random secret, and extract the response file from the machine.
|
|
Then the machine is to be destroyed as well.
|
|
|
|
This makes it incredibly unlikely that the machine could influence the
|
|
randomness of the response file. It would know the secrets for each, but
|
|
it would have to guess in advance which one I would pick to use for my
|
|
response file. If it attempted to manipulate the randomness of any of the
|
|
others, it would be caught by the hash.
|
|
|
|
I travelled along with two close and trusted people in my life to a
|
|
quiet location near a state park in Colorado, along with a portable DVD
|
|
burner and my laptop, some notecards, some pens, and two 6-sided dice.
|
|
|
|
We rolled dice 50 times to produce each random string, producing N=20
|
|
random strings in total, writing them down on the notecards. I then
|
|
randomly shuffled the notecards and numbered them 1 through 20. I then
|
|
input each random string (very carefully!) into the machine using the
|
|
`cargo run --release --bin challenge` code. The machine produced the
|
|
following hash:
|
|
|
|
c4821644 4585ed20 c1bae0a5 e17cc04a
|
|
b6f49775 469e2896 1306e6e4 3a5e2ca1
|
|
8ed84bdc d3fdd4d4 b2f26104 04ee267e
|
|
81089313 c11b0371 7f521080 2a79e43d
|
|
|
|
I then randomly picked one of the notecards, in my case number 14. I
|
|
ran my compute process and input the secret for number 14 into the
|
|
machine. It performed the computation. When it finished, I burned
|
|
three CD-Rs containing the resulting response file. I then shut the
|
|
machine down and disconnected the battery from the laptop. I burned
|
|
notecard #14 with a blow torch.
|
|
|
|
The laptop and portable CD/DVD burner are currently awaiting a
|
|
painful MAPP gas death.
|
|
|
|
I used one of the CD-Rs to transfer the response file to my personal
|
|
machine. The other two are being kept for analysis and comparison to
|
|
see if the machine attempted to exfiltrate secrets via them, which is
|
|
the only plausible way that my part of the ceremony could have been
|
|
(unauditably) compromised.
|
|
|
|
I have updated my branch with a new commit...
|
|
|
|
930d3d81d13f195a6a75f556a853888925ac945c
|
|
|
|
... which contains the random numbers for the notecards (all except
|
|
14, which was destroyed.) Together with the response file, the
|
|
`verify_hash` tool in that branch can be compared with the hash that
|
|
I wrote down earlier.
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQIzBAEBCAAdFiEEA5XeClAnvgwfWvsDlWhCV9j4sDEFAlqKarQACgkQlWhCV9j4
|
|
sDGu/RAAwA1cNc4YUJsTAbSj+WXIlgX0E8w6Kq7Fmox7XB/eMT41aioQewEYqAQX
|
|
cuL/oh8FmA34QDqaXV5HAK1Ab/IPMmSGsM1UrDY1VMP6k+r9Vb2VT6MtJTFsRyvj
|
|
XifCNJQv/8TUs0WipYNs0/lPCkMwt4d+gYvyz5vdi2024PDd+bpps9uVOD4tAe/Q
|
|
UeMz2fr/EUgg1EIc/A7yh0Ln9xGipLE44oUvgcd0ZEr26Si/WNFEzndBd0xy1nVX
|
|
4eJ5c3S7lk/bRdcpilvIPeh3tRJzmQ8Nai08oTfoqTmoboIlWQt8fH1RP9F2q4Km
|
|
dwffZ9pBX2guaWLfBns6NcBr8OlL0pX8Tj7nn4ZDpzy97mgwoZKOc5MkjBWeHAg/
|
|
g1SgAu4BD9AA89jcgDgiyeJ2M2fCWX7TvOgBB1xTPSKn2MEETvx11k+G20lreYGt
|
|
8Qfu8YrVtUFDTpR51kh+J1vWPI4l/YMlVpBrRLjoDcPSV2PPpydtHSzdS4huUgs0
|
|
kvECT/d8yZJpHLttkW+vm6ueheFGu6IgkyK1z+MqdzktkP7mdUtzYpAvDKWlflpK
|
|
7dJVQ5Lrm2jDkxNZB9hJ/Gx9lswq/0JkSWnyGZ2jdq+8C3c3noYC3eHt9C53+Fbk
|
|
tybQAnlURoEATnbu4aKQF6VNHOLdrIyTRtegxX/meRuJSrvHCrk=
|
|
=5NAW
|
|
-----END PGP SIGNATURE-----
|