--- ID: 1550 post_title: Ceremony Audit Results author: Paige Peterson post_excerpt: "" layout: post permalink: > https://blog.z.cash/ceremony-audit-results/ published: true post_date: 2017-09-21 00:00:00 --- As a science-focused team, ensuring the security of the Zcash protocol and the users of the network is a natural part of our development process. We are committed to serving our users and community, and one of the best ways we can do that is to provide transparency. We've shared the results of previous security audits that we contracted expert teams to undertake, and we intend to continue doing so on a regular basis. Today, we're sharing the results of an audit reviewing the parameter generation ceremony which took place just before the launch of the network last year. We contracted with NCC Group to analyse artifacts gathered from the station they operated as part of the ceremony. As participants, they had access to the compute node used to generate their shard of the toxic waste private key and the commitment hashes created and transferred between the network and compute nodes. In addition to the production compute node, NCC Group set up a test compute node which was a copy of the production node but modified with forensics capabilities to detect vulnerabilities in the process. This investigation was a protected secret until after the Ceremony completed, as described below in Operational Security. The NCC Group investigation did not reveal any fatal vulnerabilities in the Ceremony. It is important to emphasize that audits and forensics investigation cannot prove the absence of compromise. However, these results are one more of a set of measures the Zcash team undertook to provide strong assurances against compromise. Remember that the first line of defense was the Multi-Party Computation: in order for an attack to succeed, the attackers would have had to compromise all of the participants in the Ceremony.
"To perform such attacks, NCC Group and Zcash architected an attack test bed that modeled the ceremony, and NCC Group would operate under the name 'Moses Spears.' NCC Group would (and did) remain in audio/visual contact with the other ceremony members throughout the ceremony. NCC Group performed the tests by setting up a third node that was a copy of the compute node being used in the ceremony. This system was air gapped and used an exact copy of the DVD-R that was used in ceremony. Each attack was performed by NCC Group and only the DMA attack was successful at extracting memory from the 'test' compute node. The DMA attack was only able to perform a partial extraction of memory. Based on this finding, it is our recommendation that the computation process perform a pre-compute validation step that audits any detected DMA surface areas, namely FireWire, for being present on the device. After the ceremony was completed, an audit was performed on all of the ceremony media used to boot the live environment. Throughout the audit, no malicious processes were identified and no network listeners, or network transmissions, were attempted by the compute node on boot. Video of the ceremony, when in action, was taken. The facility's closed-circuit video, alarms, and access control systems were operable throughout the ceremony and no anomalous activity was detected during the ceremony. Based upon the evidence examined by NCC Group, it is our expert opinion that the NCC Group compute node was not compromised throughout the duration of the event."