75 lines
4.6 KiB
Plaintext
75 lines
4.6 KiB
Plaintext
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA256
|
|
|
|
Powers of Tau Operational Write-up
|
|
=============================
|
|
|
|
Round: 12
|
|
|
|
Date: 2017-11-20
|
|
|
|
Name: Miguel Angel Marco Buzunariz
|
|
|
|
Location: Spain
|
|
|
|
Response: BLAKE2b 22fd2b37f794b19dab85cfbb3dd018c8ab7a07e44b34394449ab1b28ed7ef133e8ca0fc77a497670a622dfb1e74e8af57cda01cc9b8614ba65a29a0d64dadadf
|
|
|
|
Procedure
|
|
=================
|
|
|
|
* Followed the plan written in plancommit.txt (sha256hash 8829a8a45363c98ced7d6059e90b9095f875863c78ba8474ea9017e9e9820405), to which I commited in the mailing list.
|
|
|
|
* Preparation:
|
|
* Downloaded [Powers of Tau](https://github.com/ebfull/powersoftau) commit d47a1d3d1f007063cbcc35f1ab902601a8b3bd91, and compiled it in a gentoo linux box with rustc 1.21.0-dev (compiled in the same system). Obtained a `compute` binary with sha256hash 2603d31c9394ac624a0a3bceb5c9d227f73447dac29c4e2a598dd69590c92cd3
|
|
* Take the hard drive and wifi card out of an old core2duo laptop with 4GB RAM to be used as airgapped node
|
|
* Download a Linux Mint 18.2 Kde .iso file from its website, and (sha256hash 9173901fbead7d2ece2454f8f51dbb375e1dfdfc74cfaef450342a3144955fe1) and burn it in six different usb drives.
|
|
* Ceremony
|
|
* Downloaded the `challenge` file from https://s3-us-west-2.amazonaws.com/powersoftau/lOg9HOyt0u1cxR0djXfFX1gmwLnU0y56/index.html, checked its sha256hash f767da9aa257a15869ead2e2c7b9019f5cbb3ae9454bf9cff2456b0cf73dd36e
|
|
* Copied the `challenge` file and the `compute` binary to six different usb drives.
|
|
* Chose one of the 6 Linux Mint usb drives at random (rolling a dice) and boot the airgapped node with it. Keep the other five untouched.
|
|
* Chose one of the 6 usb drives with the `challenge` and `compute` files at random (dice roll) and insert it in the airgapped machine. Keep the other five untouched.
|
|
* Checked the hash of the `compute` and `challenge`files in the airgapped machine, and run `compute`
|
|
* Inserted the source of entropy: a bunch of random keys, plus the result of 50 dice rolls.
|
|
* Copied the sha256hash of the `response` file ( d7c3f0f75867bed812e056a7ddef6b7994d2d9b3c658c60cbdd18f1e6a06dacf )
|
|
* Burnt the `response` file to six different DVD-R
|
|
* Chose one of the DVD-R at random with a dice, insert it in the network node, copied its content to the hard drive and verified the hash. The other five were kept untouched.
|
|
* Uploaded the response file to the [Amazon S3 bucket](https://s3-us-west-2.amazonaws.com/powersoftau/lOg9HOyt0u1cxR0djXfFX1gmwLnU0y56/index.html)
|
|
|
|
Side channel defenses
|
|
=================
|
|
|
|
Entropy source: Many keys pressed at random, plus the result of 50 dice rolls.
|
|
|
|
Computation took place on an airgapped machine, with no wifi card nor hard drive. The media that was used to move information between the compute mode was copied in 6 different devices, only one of each (chosen at random with a dice) was inserted in the other machine, the other five will be kept untouched for several months at least.
|
|
|
|
The following material will be kept available for forensic audit in case someone is interested in doing it:
|
|
|
|
* airgapped machine (will be kept turned off, with no battery and no power cable).
|
|
* the six usb drives with the live linux system (the one actually used and the other five that didn't gt in touch with the airgapped machine)
|
|
* the six usb drives with the `compute` binary, and the `challenge` file (again one was used, and the other five didn't get in contact with the airgapped machine)
|
|
* the six DVD-R with the `response` file (again, one was actually inserted in the network node, and the other five never touched it)
|
|
|
|
I plan to keep this material for several months. If someone is interested in auditing it, please get in touch with me. In case nobody shows interest, I might decide to reuse all or part of it at some point.
|
|
|
|
|
|
|
|
Miguel Angel Marco Buzunariz
|
|
Universidad de Zaragoza
|
|
mmarco@unizar.es
|
|
-----BEGIN PGP SIGNATURE-----
|
|
|
|
iQIzBAEBCAAdFiEEZqJ2ok+i5RbOpE2l3QEU7bdBBZIFAloT5/MACgkQ3QEU7bdB
|
|
BZIuMQ//Q8muX3qddgaAMUVUTrPv83tnLI5Ltx/T5qKw3JlCKB/fWeH9a2CGTQ6+
|
|
25FW4uzf92IZzWQqLQ/nmaF/VJza23ZRa8tcgASljefs0/CXHSaDETXjT59KDtIZ
|
|
ARQZ9DyyyFoxdnmJy1JxFV1sDzo4P4Jc2BkhgRgrf/Wh8t0N7DO5rOeIZQDB+O4e
|
|
l4LAMf/hUDUavBYcMtdUOHEukjpsuO+qOzA82Hdk4Go+6GMeUNTj+9WRVohR5uWL
|
|
GqNItlWEQfub33VJ+H+BeTsT8x5FvFPPIJ9SYLnDjlMPaU0d5WHoEImh861sSbl5
|
|
TQK4/XCUFcJfaMoAQO/sii0Zwa+fYwVcZta6MZA6R7PJt7BW3gbPnLN+1ou70PKR
|
|
aKYZ1NksUFczadqYhbp57YQaG04R2hMVXX0jV9/DVApJOYCibarTMCf4cC5X3Hy8
|
|
QYDlL5h9KxuRKXGvQIpKif2WIDewrSWrT4tFS1/5XtRb0yPaZ7tgW76Fsko5kiF3
|
|
z7xgfDgeUdMhCweM5onK5dNH2lAOcmgiJ6PLbuPY9eMB+v0JIYx5xSy1Jm75nLNi
|
|
2gksiLvsLhYSiKakp2Mg5lusPmomE1hfObiyF80paSZ6IXwxlW/cxSLEAIZ9fyDI
|
|
wh7pQx35PG/m+N480rOcVHUrpkW+UbMSk1d+Y2WDKuvdPRo5OO4=
|
|
=5Gb6
|
|
-----END PGP SIGNATURE-----
|