I participated in the Powers of Tau ceremony, and here's my response file hash (BLAKE2b):
db1eb34d 1f153f0e 32b287d7 4e7a81a2 49257944 5f9df1c4 7daf3fcd a7f3200a 2ab664b3 3c2b7dbc 1f46758f 4b1eb840 ff6afdaf 6e488849 88e4a0fa 504f5ad8 I used an auditable process to ensure (with high probability) that my machine could not manipulate or influence the randomness used to construct my response file. Thus, I was able to treat the machine as if it were backdoored (hardware or software), and focus my energy toward preventing exfiltration of the secrets. I had a laptop sitting around for a few months. This morning I installed Arch Linux on it, did not configure swap space. I removed its wifi module after it was set up. I also wrote this branch of the powersoftau code that I would be using for my round of the ceremony: https://github.com/ebfull/powersoftau/tree/cut-and-choose (See commit fdc31d81ed47324f1dd1255d6ad615b928a0bb5d for the implementation.) Here's how it works: when it's my turn, I randomly select N random strings and supply them to the machine. The machine uses these secrets (and only these secrets) to seed PRNGs for generating N different response files. Only instead of generating all of the response files, which would take forever for large N, it only generates a portion of each response file which _fully_ determines the remainder of the file. The code will hash all of these portions of each response file together into one BLAKE2b hash and print it out. I'll write it down, and then run the full computation using one of the random secrets. I'll then destroy the random secret, and extract the response file from the machine. Then the machine is to be destroyed as well. This makes it incredibly unlikely that the machine could influence the randomness of the response file. It would know the secrets for each, but it would have to guess in advance which one I would pick to use for my response file. If it attempted to manipulate the randomness of any of the others, it would be caught by the hash. I travelled along with two close and trusted people in my life to a quiet location near a state park in Colorado, along with a portable DVD burner and my laptop, some notecards, some pens, and two 6-sided dice. We rolled dice 50 times to produce each random string, producing N=20 random strings in total, writing them down on the notecards. I then randomly shuffled the notecards and numbered them 1 through 20. I then input each random string (very carefully!) into the machine using the `cargo run --release --bin challenge` code. The machine produced the following hash: c4821644 4585ed20 c1bae0a5 e17cc04a b6f49775 469e2896 1306e6e4 3a5e2ca1 8ed84bdc d3fdd4d4 b2f26104 04ee267e 81089313 c11b0371 7f521080 2a79e43d I then randomly picked one of the notecards, in my case number 14. I ran my compute process and input the secret for number 14 into the machine. It performed the computation. When it finished, I burned three CD-Rs containing the resulting response file. I then shut the machine down and disconnected the battery from the laptop. I burned notecard #14 with a blow torch. The laptop and portable CD/DVD burner are currently awaiting a painful MAPP gas death. I used one of the CD-Rs to transfer the response file to my personal machine. The other two are being kept for analysis and comparison to see if the machine attempted to exfiltrate secrets via them, which is the only plausible way that my part of the ceremony could have been (unauditably) compromised. I have updated my branch with a new commit... 930d3d81d13f195a6a75f556a853888925ac945c ... which contains the random numbers for the notecards (all except 14, which was destroyed.) Together with the response file, the `verify_hash` tool in that branch can be compared with the hash that I wrote down earlier.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 I participated in the Powers of Tau ceremony, and here's my response file hash (BLAKE2b): db1eb34d 1f153f0e 32b287d7 4e7a81a2 49257944 5f9df1c4 7daf3fcd a7f3200a 2ab664b3 3c2b7dbc 1f46758f 4b1eb840 ff6afdaf 6e488849 88e4a0fa 504f5ad8 I used an auditable process to ensure (with high probability) that my machine could not manipulate or influence the randomness used to construct my response file. Thus, I was able to treat the machine as if it were backdoored (hardware or software), and focus my energy toward preventing exfiltration of the secrets. I had a laptop sitting around for a few months. This morning I installed Arch Linux on it, did not configure swap space. I removed its wifi module after it was set up. I also wrote this branch of the powersoftau code that I would be using for my round of the ceremony: https://github.com/ebfull/powersoftau/tree/cut-and-choose (See commit fdc31d81ed47324f1dd1255d6ad615b928a0bb5d for the implementation.) Here's how it works: when it's my turn, I randomly select N random strings and supply them to the machine. The machine uses these secrets (and only these secrets) to seed PRNGs for generating N different response files. Only instead of generating all of the response files, which would take forever for large N, it only generates a portion of each response file which _fully_ determines the remainder of the file. The code will hash all of these portions of each response file together into one BLAKE2b hash and print it out. I'll write it down, and then run the full computation using one of the random secrets. I'll then destroy the random secret, and extract the response file from the machine. Then the machine is to be destroyed as well. This makes it incredibly unlikely that the machine could influence the randomness of the response file. It would know the secrets for each, but it would have to guess in advance which one I would pick to use for my response file. If it attempted to manipulate the randomness of any of the others, it would be caught by the hash. I travelled along with two close and trusted people in my life to a quiet location near a state park in Colorado, along with a portable DVD burner and my laptop, some notecards, some pens, and two 6-sided dice. We rolled dice 50 times to produce each random string, producing N=20 random strings in total, writing them down on the notecards. I then randomly shuffled the notecards and numbered them 1 through 20. I then input each random string (very carefully!) into the machine using the `cargo run --release --bin challenge` code. The machine produced the following hash: c4821644 4585ed20 c1bae0a5 e17cc04a b6f49775 469e2896 1306e6e4 3a5e2ca1 8ed84bdc d3fdd4d4 b2f26104 04ee267e 81089313 c11b0371 7f521080 2a79e43d I then randomly picked one of the notecards, in my case number 14. I ran my compute process and input the secret for number 14 into the machine. It performed the computation. When it finished, I burned three CD-Rs containing the resulting response file. I then shut the machine down and disconnected the battery from the laptop. I burned notecard #14 with a blow torch. The laptop and portable CD/DVD burner are currently awaiting a painful MAPP gas death. I used one of the CD-Rs to transfer the response file to my personal machine. The other two are being kept for analysis and comparison to see if the machine attempted to exfiltrate secrets via them, which is the only plausible way that my part of the ceremony could have been (unauditably) compromised. I have updated my branch with a new commit... 930d3d81d13f195a6a75f556a853888925ac945c ... which contains the random numbers for the notecards (all except 14, which was destroyed.) Together with the response file, the `verify_hash` tool in that branch can be compared with the hash that I wrote down earlier. -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEA5XeClAnvgwfWvsDlWhCV9j4sDEFAlqKarQACgkQlWhCV9j4 sDGu/RAAwA1cNc4YUJsTAbSj+WXIlgX0E8w6Kq7Fmox7XB/eMT41aioQewEYqAQX cuL/oh8FmA34QDqaXV5HAK1Ab/IPMmSGsM1UrDY1VMP6k+r9Vb2VT6MtJTFsRyvj XifCNJQv/8TUs0WipYNs0/lPCkMwt4d+gYvyz5vdi2024PDd+bpps9uVOD4tAe/Q UeMz2fr/EUgg1EIc/A7yh0Ln9xGipLE44oUvgcd0ZEr26Si/WNFEzndBd0xy1nVX 4eJ5c3S7lk/bRdcpilvIPeh3tRJzmQ8Nai08oTfoqTmoboIlWQt8fH1RP9F2q4Km dwffZ9pBX2guaWLfBns6NcBr8OlL0pX8Tj7nn4ZDpzy97mgwoZKOc5MkjBWeHAg/ g1SgAu4BD9AA89jcgDgiyeJ2M2fCWX7TvOgBB1xTPSKn2MEETvx11k+G20lreYGt 8Qfu8YrVtUFDTpR51kh+J1vWPI4l/YMlVpBrRLjoDcPSV2PPpydtHSzdS4huUgs0 kvECT/d8yZJpHLttkW+vm6ueheFGu6IgkyK1z+MqdzktkP7mdUtzYpAvDKWlflpK 7dJVQ5Lrm2jDkxNZB9hJ/Gx9lswq/0JkSWnyGZ2jdq+8C3c3noYC3eHt9C53+Fbk tybQAnlURoEATnbu4aKQF6VNHOLdrIyTRtegxX/meRuJSrvHCrk= =5NAW -----END PGP SIGNATURE-----
