98 lines
4.0 KiB
Plaintext
98 lines
4.0 KiB
Plaintext
-----BEGIN PGP SIGNED MESSAGE-----
|
|
Hash: SHA256
|
|
|
|
Powers of Tau Attestation
|
|
=============================
|
|
|
|
Round: 57
|
|
Date: 2018-02-13
|
|
Name: Sean Kelly
|
|
Location: Galway, Ireland
|
|
|
|
The BLAKE2b hash of `./response` is:
|
|
40db756c fdceae76 5472590b c0dd9ec1
|
|
7fa70475 f1cc9ef5 fdf99e0d 750cd6a2
|
|
ce010c95 b59130c6 d8c12eb2 c7fe5296
|
|
8858fca9 d6ba7bcb 67b391cf b1f5401d
|
|
|
|
Methodology
|
|
=============================
|
|
|
|
Firstly, thank you for organising this and for the opportunity to participate.
|
|
|
|
In a similar way to Matt in round 4, I decided to leverage a cloud
|
|
provider's security (this time Microsofts) by running the computation
|
|
using Azure (https://docs.microsoft.com/en-us/azure/security/azure-security),
|
|
thus introducing an additional channel that would need to be
|
|
compromised by an attacker (now Microsofts cloud security will need to
|
|
have been compromised as well as Google's and all other participants).
|
|
|
|
>From Azure Managent Portal, I created a "Jumpbox" Compute Instance
|
|
(D2s v3) with public IP for downloading Rust, the Powers of Tau
|
|
utility and the challenge file. I created 2 additional "Calculation"
|
|
Compute Instances (E2s v3) without public IP's to perform the
|
|
computations, these VMs were located in different datacenters (1 in
|
|
Europe and 1 in the US). I used Ubuntu Server 16.04 as the OS for all
|
|
VMs.
|
|
|
|
>From Azure Storage Manager, I created an Azure Files share that I
|
|
would use to transfer the files to the Calculation instances.
|
|
|
|
>From the Jumpbox, I downloaded Rust (v1.23.0), Powers of Tau (from
|
|
github.com/ebfull/powersoftau commit
|
|
d47a1d3d1f007063cbcc35f1ab902601a8b3bd91) and the Challenge File (from
|
|
S3). I transfered these files to the Calculation instances and ran the
|
|
computation from each instance simultaneously using random keyboard
|
|
inputs for additional entropy.
|
|
|
|
Once the responses were computed on both instance, I selected one of
|
|
the 2 response files by the flip of a coin. I copied the file to the
|
|
Jumpbox and deleted both Calculation instances. I then submitted its
|
|
hash to the mailing list (above) and uploaded the file to S3. I also
|
|
posted this hash on Twitter
|
|
(https://twitter.com/SeanKe11y/status/963592537310203905). Finally, I
|
|
deleted the Jumpbox compute instance and any other Azure resources
|
|
that were used to support the process.
|
|
|
|
Sidechannel Defenses
|
|
=============================
|
|
|
|
* I used my personal laptop (I'm reasonably confident that it's
|
|
secure) for connecting to Azure, it didn't leave my sight for the
|
|
duration of the process.
|
|
* I used a free Azure subscription I have that had never been used
|
|
before for any purpose.
|
|
* I connected to a VPN server in a country that I had never connected
|
|
to before prior to beginning the process.
|
|
* I downloded a browser I had never used before and used this for some
|
|
of the steps (I used PuTTY for everything else).
|
|
* The computations took place within Azure's datacenters leveraging
|
|
their security best practices.
|
|
* I ran the computation on multiple VMs simultaneously in two
|
|
different datacenters on different continents and randomly chose a
|
|
response to use.
|
|
* I deleted all VMs and associated Azure resources after the process
|
|
was completed.
|
|
* I didn't tell anyone I know that I was doing this, in case they are spies.
|
|
|
|
Sean Kelly
|
|
-----BEGIN PGP SIGNATURE-----
|
|
Version: Mailvelope v2.1.1
|
|
Comment: https://www.mailvelope.com
|
|
|
|
wsFcBAEBCAAQBQJag5fYCRCd9XEg9LQ87AAAiSwP/jHtBCVuB8skitvrAl6p
|
|
IUQrWjsCbeBj878qlqc7ejAu3zUKwTlh9v7BAqDrT71IDzZo9kNbcZGFW9X5
|
|
9c2Q7nnpo6Yk5Bf9Be7IoDLcrjPeM9O4aoKHirJlTdGpUmmmfHnDD6Og7DKk
|
|
ARxDZzy1vliNfVVZ3YhTP/gX/de5E+naV+NZqDksO1wTzkggK+PWxyvTRtM5
|
|
c7epzgJN0y7K/Zau0TpCF6pkZEN8FJTF+za8G7/+xF/HhS5u1p9gd/NZBHHf
|
|
M4UBl0u5Ple8bOJxLfuE52s8O74G9vQ8byRzQJW5xAOAdmB0K4GZNFLeL7pj
|
|
oVxoqTxzJQsK8g5DINnWwa9ZxoMpdvJ3u31lmFeX9meSOcSZW3z7z+e0rBlS
|
|
jQ6dtdzGV4QC12lTWLbdBGbbS/smWYquly5Mvrx0rQ2nVwC2V38Hx31GEb7X
|
|
HStmc3KK4IoaY4ZQ3ktLPkHgpGAdjoeHTWPQPoAwPKHE4pTyeJJAzi3amL6g
|
|
So/E0X9WRWf2HPMiNqZynRMRIs2sPUGAzn6Yf0phzja/N50fx0nxnPLmKO3t
|
|
W5EbGJIbVPmY7rzSkXJ/K8vjQ1GEwzaNVi+HedZYYSRSdezc6uP0I/HqxQn2
|
|
Wifd6bTkAoR9TbIECQWBhn2+QKOsWX0RHrpMWqMYDd3SaFHTYvQv9xnkWxcZ
|
|
6vfi
|
|
=Cva/
|
|
-----END PGP SIGNATURE-----
|