Re: [zapps-wg] Powers of tau

[Innovative Inventor via zapps-wg]

Thanks for the clarification! I’m happy to help for both the “fork” and 2nd
round.

On Tue, Mar 27, 2018 at 7:10 AM Jason Davies 
wrote:

> On 27 Mar 2018, at 01:06, Innovative Inventor wrote:
>
> > I was unaware that I could join the powers of tau after March 20th. I
> was told
> > on the zcash community chat that they were no longer accepting new
> > participants. I would love to help out here if someone could tell me how.
>
> Just to clarify a few things:
>
> The parameter generation ceremony has two rounds (the first one is called
> "powers of tau").  The resulting parameters will be used in the upcoming
> Zcash
> "Sapling" upgrade.
>
> We are *not* accepting any new participants for the first round for this
> particular parameter generation ceremony.  The random beacon has already
> been
> announced and sampled (this is the final part of the first round) and we
> want
> to move on to the second round as soon as possible.
>
> As for the second round, you would be welcome to participate when that gets
> started.  Details have not been announced yet.
>
> Finally, we will probably continue with a "fork" of the first round to
> make it
> even stronger by adding more participants, so that it can be used to
> generate
> parameters for other projects (but not Zcash Sapling), assuming there is
> sufficient interest.  I will post an announcement to the list soon if we
> get
> this set up.
>
> Hope that helps,
>
> --
> Jason Davies, https://powersoftau.plutomonkey.com/

Re: [zapps-wg] Powers of tau

[Jason Davies via zapps-wg]

On 27 Mar 2018, at 01:06, Innovative Inventor wrote:

> I was unaware that I could join the powers of tau after March 20th. I was told
> on the zcash community chat that they were no longer accepting new
> participants. I would love to help out here if someone could tell me how.

Just to clarify a few things:

The parameter generation ceremony has two rounds (the first one is called
"powers of tau").  The resulting parameters will be used in the upcoming Zcash
"Sapling" upgrade.

We are *not* accepting any new participants for the first round for this
particular parameter generation ceremony.  The random beacon has already been
announced and sampled (this is the final part of the first round) and we want
to move on to the second round as soon as possible.

As for the second round, you would be welcome to participate when that gets
started.  Details have not been announced yet.

Finally, we will probably continue with a "fork" of the first round to make it
even stronger by adding more participants, so that it can be used to generate
parameters for other projects (but not Zcash Sapling), assuming there is
sufficient interest.  I will post an announcement to the list soon if we get
this set up.

Hope that helps,

--
Jason Davies, https://powersoftau.plutomonkey.com/

Re: [zapps-wg] Powers of Tau Attestation

[Sunny Aggarwal via zapps-wg]

Hi all!

I've completed my portion of the ceremony.
The setup was:

- 15" Macbook Pro 2016
- Fresh installation of MacOS 10.12.6
- Processor:  2.6 GHz Core i7 (I7-6700HQ)

How it was made:

Downloaded the challenge file and Rust source code on seperate computer.  
Disconnected from internet and unplugged router.  All wireless devices were 
shut off.  Compiled Rust source code.  Used wiped USB flash drive to transfer 
binary and challenge file to Macbook Pro running a new MacOS install that 
hadn't been connected to internet since new OS install, where computation was 
done.  Flash drive was used to move response back to original computer from 
where it was uploaded.

Randomness:
- Many dice rolls
- SHA256 of video recording of me making funny faces
- Keyboard smashing

The file was transferred and upload from another machine.

Had some trouble to uploading file to amazon instance, so uploaded to Jason 
directly, who will upload on my behalf.  My response file can be found at 
ipfs://QmXE4L7j2vtja9kNo3uhq3TPSExK8QkxtGhkSoLxPQ4rea 

The BLAKE2b hash of my response is:
9b142f13 cc68e096 196fd137 f125bb0e
64d3fcc5 c314935e 184975f2 72252e17
4a2b9744 b62af318 21232c72 4b083452
74218f7f 3f733c77 42df23fe 501da481

I have publicly tweeted these:  
https://twitter.com/sunnya97/status/974323886962683905

Special thanks to Jason for all his help!

Sunny Aggarwal

​Sent with ProtonMail Secure Email.​

‐‐‐ Original Message ‐‐‐

On March 14, 2018 2:50 PM, Gabor Losonci via zapps-wg 
 wrote:

> Hello! I have uploaded the file.
> 
> I used a HP Elitebook 2560, and the Go implementation of Powers of Tau by 
> Filosottile, run on a Centos 7 minimal. I mixed some own entropy to 
> /dev/random.
> 
> The taucompute binary was compiled on different machine, a Kali Linux, where 
> I also had to install Go 1.9 and Cmake 3.2 something.
> 
> Previously I have tried to compile on the Centos minimal but with latest 
> Cmake the "go install" phase failed with std99 error
> 
> (loop initial declaration in the C files), which I could not desptie trying 
> for hours.
> 
> I have used a separate network and compute node, the letter stripped from 
> WiFi, Bluetooth, modem and internal hard drive, booted from SD card.
> 
> The computation and the entropy mixing happened in a remote agricultural 
> building with electricity inside.
> 
> Files were transferred between nodes via USB with checking the files 
> integrity. Download took 20 minutes and compute around 2.5 hours on the 2 
> core CPU.
> 
> Upload took nearly two hours, and was done with dropbox because the 
> connection to aws broke several times, probably this has something to do with
> 
> the quality of the internet connection, an old ADSL.
> 
> The contribution happened from a small village : Ozmánbük, Hungary.
> 
> This was my second participation after November when I took part with running 
> the Rust implementation.
> 
> Thanks everyone for organising and contributing, specially to Jason Davies 
> for his patience :)
> 
> Blake2b HASH of response:
> 
> 8e929018636c1af3ac9ca50d1243efef984a04fa00eff8b6c3decfd0641b6c9a33d8d519d2e0d69a83104eb02294b7306231bbcb896beca71e41c7805fed0be5
> 
> SHA256 HASH of taucompute:
> 
> c67963299233b80314628b10f74182180049c3388eb1960d7e5adbe857613ba4
> 
> SHA-1 HASH of challange:
> 
> 53c239581a53536a649283e1bc49277b46ed9742
> 
> Best regards: Gabor

Re: [zapps-wg] Powers of Tau Attestation

[Devrandom via zapps-wg]

I'm attaching an OpenTimestamps receipt for my attestation.

On Tue, Mar 13, 2018 at 11:51 AM Devrandom 
wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> # Powers of Tau Attestation
>
> Author: devrandom
> Date: 12 March 2018
>
> Notes:
>
> * Hardware is an Intel laptop that has not been powered up in four years
> and has never been connected to a network after it was purchased.  CPU was
> a Celeron 1007U.  Wireless card was removed.
> * OS was a clean Ubuntu 14.04
> * Compute binary was created with a deterministic Gitian build, with
> report here:
> https://github.com/devrandom/golang-powersoftau/commit/241da6dac6166a68ff20ef7abbb0f8231a626a3c.
> The binary sha256sum is
> c28894877c8948960eaefa0d8f35da6c911031980672b983f361711a7dcb1ec8.  The
> binary was archived for future research.
> * A USB drive was purchased in person and used to transfer the binary and
> challenge into the laptop and the response out of the laptop.
> * Additional entropy was injected into /dev/random via keyboard mashing
> and dice throws
> * The laptop was disconnected from AC throughout the computation
> * The boot drive was destroyed
>
> The BLAKE2b hash is:
>
> a449bc6e d77cbc7b 2d6aa91b ac4ddc6e
> e398a6e8 6c2b08dd 529b796b f7fcfb7c
> ba5cfb94 a394731d e1a188ec bdf6dcaf
> 8444f688 975973ca 079b94f2 e0e7def0
>
> -BEGIN PGP SIGNATURE-
>
> iQEcBAEBCAAGBQJaqB0pAAoJEOOqsosn9c9K66MH/j79TuEGpSdS5weTRxKHVMHJ
> NMLEGdnFT6BVEIJrIbzC1eQFJHWQhROokTn0mrjaV3lsGSWXJ5D91/rYE6boVsrN
> o501eDQui1nSnkIICrQY3aDnzYIT98crtGPDBD29e8vTRqjGnWAay1ovjIA5Vr0V
> q3nxfrp2mqdk9kYFHDfLvjfeEJRkOujx1TrwRRqX2/0OTLnAnPgrqUncKaiojH0v
> IlcbYAoBe2VEboiwN1QDMV0AuYzNCfrTXsof0lU6g7sZwy49MLCQNsUmxW2bl3jz
> AzlCjcBG6EyLyh5T6J+FylEYrplcPdlZLmtcGNsdoM1VeohpL3f7ZqALUlCJjQU=
> =IvmM
> -END PGP SIGNATURE-
>
>


attestation.md.asc.ots
Description: application/vnd.oasis.opendocument.spreadsheet-template

Re: [zapps-wg] Powers of Tau Attestation

[Ryan Taylor via zapps-wg]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

My part of Powers of Tau was performed on a Penguin Adelie GNU / Linux
Laptop by Think Penguin.
Processor: Intel(R) Core(TM) i7-6700HQ CPU
OS: Debian GNU/Linux 9.3 (stretch)

Downloaded the challenge file and compiled the Go implementation. Then I
disconnected from the ethernet and unplugged the router. All devices,
besides the computation node, with a possible network connection,
microphone and/or camera were put on the other side of the apartment, as
far from the computation node as possible. Batteries and sim cards were
removed from all of those devices if possible.

Randomness was added via mashing buttons for a while and then entering
the sha512 hash of an audio file recorded at a street market earlier
today, followed by more button mashing.

The response file and BLAKE2b hash were then saved securely and I
shutdown the computation node. After a short period of time and a snack,
I booted the computer and uploaded the response file.

The BLAKE2b hash of `./response` is:
1d4530ec 2bc7c6c4 fa5d6491 acbfe0b3
e1ec1208 5bc0b4b0 a1ebef5c f0d71a1d
10c2e7db 7aa35013 a5b19d0b b80713bc
967dde55 8cb917ff f10a884b b816d90a

The hash was also publicly tweeted:
https://twitter.com/AdjyLeak/status/973629370593169408

I'm happy to have been able to participate. Thanks everybody who made
this possible!

- - Ryan Taylor

ps. This message was just sent but signed improperly. Trying one more
time ...
-BEGIN PGP SIGNATURE-

iQJABAEBCAAqFiEEBFn60L29DGPbP6x0NFOxz3ehH9UFAlqoG/kMHHJ5YW5Aei5j
YXNoAAoJEDRTsc93oR/VKFAP+gM9L27cVwFp6UWgCREl+v5EWh48sN+bwDvOph3C
xJR8MB9y429A8NevsY8s871ezv16Ew5gBI5I5MRZRdZLHzgJhKSvHPQdoGTRLGxb
qVcI1UL2Cq6Ur45CIcKN6e/DI3YwA8TeA8V8/AfCdjUe2Xp36o0ufUfv1OoP5RfY
IYDmPhUbBAufMOgQ07hCF9c4thdrd4W4g+Aa+twhtVfonVY+23XY/u+2eBQLzzGc
HeZbknZoL+9UBATOFI8MsC+NXuxTmgT8JpRrHHtgvh+qGsQ18jjukwac8E69Gdjl
N9q/Zte0wZsLwkFzVjs5BHIPG6MzLOBC4OsgQxaqUfCZ9d8Z9R8HzEo0MJFE+lN9
5f3ubPgRh5iP7k9F1xq4GNKHSnYx/nH6SqJOqmTHGKZk4PMkF/z++r+/GZ9mI8Nd
UDXG5pn26lPdg2VJYbn4d7EPV0lb1AXW4Gr/FpVKTmisnGuhQ5Ogk9NTqTNZas+6
vPhxfEGuY238OQBRx4lKLOhflzB6/e6jjt/UsQFBY/6fAPy2iTLberqqR/mdAQ79
zOLCOZcy+h1PNdWBy80wq+FpFHag0ONx9W3A1Kf27o852wXjaZykPLaXoYCTXl0W
j4mg9U9DAcveM18PXg1mXFPLSrrNHwvcuDH62wqRGZ2PO6KDfFy2hs6Mfj1oxz1K
wJkS
=1LiL
-END PGP SIGNATURE-

Re: [zapps-wg] Powers of Tau Response

[Chase Roberts via zapps-wg]

On Tue, Mar 6, 2018, 10:25 PM Chase Roberts  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> My response BLAKE2b.
>
> f8111d44 6841d376 5ef01319 14ab1007
> 779961a6 66998b1d ad63edbe c0123ba6
> b2581e69 936fc4c9 0ff51211 d5ff7cd0
> 85425f38 d8752ec2 25447c25 c29fc9ca
>
> The compute was done on an old air-gaped desktop. All network devices were
> removed from the desktop. I used a Ubuntu 16.04 boot drive that never was
> reconnected to the internet after the installation and setup was completed.
> After the response was verified, the desktop, keyboard, and all USB
> devices were destroyed with a hammer. What remains are in a vase on the bar
> in my apartment.
>
> I plan on adding this blake2b hash on the ZEC and Bitcoin blockchains
> after I finish miterms and spring break.
>
> Glad to be part of this. Cheers.
> -BEGIN PGP SIGNATURE-
> Version: Keybase OpenPGP v2.0.76
> Comment: https://keybase.io/crypto
>
> wsBcBAABCgAGBQJan1t4AAoJEL5U7Ddh2JzxidgH/1A19tx6QSV4kgs/1m6nj7H+
> lvk3rZd8/wpUx8fVxLOT6fgb/D5dv+oj5N7eTCSDI4M+FbHAuy3xUudGH964HwHE
> 8+BZlvX8mNUasAhPM1ddQbypYDii1TBRq97R1rDVAhotT43Uzct5MCy934Daec2o
> Eft9+n5Y9bF17Z6DV9G/drbBZnZnqiV59hBki/WKw0YJlPLPbkwDI/gwwyomzsu9
> 6rhoni+lCCTKO9IRQnP7NJA4TL03l9QCD2+zA2R793DoFX2dMPQ5TgquzbNPMxQX
> MejPYbiXiCDhy8YsuW8QpFYHFnzkMY5vxJDeYuoXosBecQRhroH4ALFxZXE4O6Y=
> =NPGU
> -END PGP SIGNATURE-
>
>

Re: [zapps-wg] Powers of Tau Attestation

[Troy Stackhouse via zapps-wg]

Due to email formatting issues, I'm attaching a clean copy of my prior
signed attestation message.

On Thu, Feb 22, 2018 at 12:49 PM, Troy Stackhouse
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> Powers of Tau Attestation by Troy Stackhouse
> Date: February 22, 2018
>
> I had a new, unconfigured laptop which provided an easy opportunity to
> participate, since I could just wipe it clean afterwards. I set it up
> fresh with Windows 10 a few days ago and made sure it was fully
> patched. I kept the machine offline when I wasn't using it, and more
> recently I downloaded the Rust implementation of powersoftau, which I
> compiled using Visual Studio Code w/ Rust rls (which also required I
> install Visual Studio C++ desktop tools).
>
> When it came to the ceremony, I kept the machine in my sight the whole
> time and no other human beings were nearby. For entropy, I simply
> mashed my keyboard... a lot (much longer than I felt was necessary).
> Upon completion, I fully wiped the drive with DBAN (currently in
> progress).
>
> Here's my BLAKE2b hash:
> 7573a747 d9b4e480 00de2715 c5bfa2ff
> 1c515371 4608cea3 97fae0fe 72846297
> 3a5b4d87 ce3e2a78 61d95a1e 59e723f9
> 6af41c1c f1b915ae 5ad5730d 1ccbaa91
>
> I also posted it on Reddit:
> https://www.reddit.com/r/zec/comments/7v0889/50_participants_now_for_powers_of_tau_its_not_too/duo4808/
>
> - -Troy Stackhouse
> -BEGIN PGP SIGNATURE-
> iQEzBAEBCAAdFiEE8neTVirh6YWW6scfQRWJHtHRLwYFAlqPKXEACgkQQRWJHtHR
> Lwbiigf/YGkwtsI9AX/FlIioRloEwGVDV3X5AcYqW781jnXDfOrP10EDyYtBMjS7
> PIPJYOZdqHLeMCG/dV2ZUhUWLXMAremeq5IwmbdQKz+gJQkjrUQIyFsQKVY01DeG
> FYkPH4tSURzcM71OlEbjgMzJ8R00nkbTOjoO1tBUntT/t6wTGO9hQR0HyEPMq6sM
> qAXZjpYxsjSxW1kTn2LWq+XN4APZCMErT10pc1/azOpaShfUrtZY9O7bj98wBHZ9
> N/ljlsEdRgdJsCZQJcsuJfiyu3b7sSaNcWjdOmZh0X3D/rSq/JLvmpJ+USz1xozo
> FNhPyqkHXNp1PDrO4FgBNyu1ANkWcA==
> =NoJW
> -END PGP SIGNATURE-
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Powers of Tau Attestation by Troy Stackhouse
Date: February 22, 2018


I had a new, unconfigured laptop which provided an easy opportunity to 
participate, since I could just wipe it clean afterwards. I set it up fresh 
with Windows 10 a few days ago and made sure it was fully patched. I kept the 
machine offline when I wasn't using it, and more recently I downloaded the Rust 
implementation of powersoftau, which I compiled using Visual Studio Code w/ 
Rust rls (which also required I install Visual Studio C++ desktop tools).


When it came to the ceremony, I kept the machine in my sight the whole time and 
no other human beings were nearby. For entropy, I simply mashed my keyboard... 
a lot (much longer than I felt was necessary). Upon completion, I fully wiped 
the drive with DBAN (currently in progress).


Here's my BLAKE2b hash:
7573a747 d9b4e480 00de2715 c5bfa2ff
1c515371 4608cea3 97fae0fe 72846297
3a5b4d87 ce3e2a78 61d95a1e 59e723f9
6af41c1c f1b915ae 5ad5730d 1ccbaa91


I also posted it on Reddit: 
https://www.reddit.com/r/zec/comments/7v0889/50_participants_now_for_powers_of_tau_its_not_too/duo4808/


- -Troy Stackhouse
-BEGIN PGP SIGNATURE-

iQEzBAEBCAAdFiEE8neTVirh6YWW6scfQRWJHtHRLwYFAlqPKXEACgkQQRWJHtHR
Lwbiigf/YGkwtsI9AX/FlIioRloEwGVDV3X5AcYqW781jnXDfOrP10EDyYtBMjS7
PIPJYOZdqHLeMCG/dV2ZUhUWLXMAremeq5IwmbdQKz+gJQkjrUQIyFsQKVY01DeG
FYkPH4tSURzcM71OlEbjgMzJ8R00nkbTOjoO1tBUntT/t6wTGO9hQR0HyEPMq6sM
qAXZjpYxsjSxW1kTn2LWq+XN4APZCMErT10pc1/azOpaShfUrtZY9O7bj98wBHZ9
N/ljlsEdRgdJsCZQJcsuJfiyu3b7sSaNcWjdOmZh0X3D/rSq/JLvmpJ+USz1xozo
FNhPyqkHXNp1PDrO4FgBNyu1ANkWcA==
=NoJW
-END PGP SIGNATURE-

Re: [zapps-wg] Powers of Tau Attestation

[Jason Davies via zapps-wg]

Verified, thanks!

Where might one find your PGP public key so that they can check your signature?

Jason

> On 22 Feb 2018, at 20:49, Troy Stackhouse via zapps-wg 
>  wrote:
> 
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
> Powers of Tau Attestation by Troy Stackhouse
> Date: February 22, 2018
> 
> I had a new, unconfigured laptop which provided an easy opportunity to
> participate, since I could just wipe it clean afterwards. I set it up
> fresh with Windows 10 a few days ago and made sure it was fully
> patched. I kept the machine offline when I wasn't using it, and more
> recently I downloaded the Rust implementation of powersoftau, which I
> compiled using Visual Studio Code w/ Rust rls (which also required I
> install Visual Studio C++ desktop tools).
> 
> When it came to the ceremony, I kept the machine in my sight the whole
> time and no other human beings were nearby. For entropy, I simply
> mashed my keyboard... a lot (much longer than I felt was necessary).
> Upon completion, I fully wiped the drive with DBAN (currently in
> progress).
> 
> Here's my BLAKE2b hash:
>7573a747 d9b4e480 00de2715 c5bfa2ff
>1c515371 4608cea3 97fae0fe 72846297
>3a5b4d87 ce3e2a78 61d95a1e 59e723f9
>6af41c1c f1b915ae 5ad5730d 1ccbaa91
> 
> I also posted it on Reddit:
> https://www.reddit.com/r/zec/comments/7v0889/50_participants_now_for_powers_of_tau_its_not_too/duo4808/
> 
> - -Troy Stackhouse
> -BEGIN PGP SIGNATURE-
> iQEzBAEBCAAdFiEE8neTVirh6YWW6scfQRWJHtHRLwYFAlqPKXEACgkQQRWJHtHR
> Lwbiigf/YGkwtsI9AX/FlIioRloEwGVDV3X5AcYqW781jnXDfOrP10EDyYtBMjS7
> PIPJYOZdqHLeMCG/dV2ZUhUWLXMAremeq5IwmbdQKz+gJQkjrUQIyFsQKVY01DeG
> FYkPH4tSURzcM71OlEbjgMzJ8R00nkbTOjoO1tBUntT/t6wTGO9hQR0HyEPMq6sM
> qAXZjpYxsjSxW1kTn2LWq+XN4APZCMErT10pc1/azOpaShfUrtZY9O7bj98wBHZ9
> N/ljlsEdRgdJsCZQJcsuJfiyu3b7sSaNcWjdOmZh0X3D/rSq/JLvmpJ+USz1xozo
> FNhPyqkHXNp1PDrO4FgBNyu1ANkWcA==
> =NoJW
> -END PGP SIGNATURE-

--
Jason Davies, https://powersoftau.plutomonkey.com/

Re: [zapps-wg] Powers of Tau Attestation

[Jason Davies via zapps-wg]

> On 17 Feb 2018, at 19:03, Kobi Gurkan  wrote:
> 
> How awful would it be with RPi 3 and microSD for swap?

Good point.  Someone should do a test run and report back!

--
Jason Davies, https://powersoftau.plutomonkey.com/

Re: [zapps-wg] Powers of Tau Attestation

[Kobi Gurkan via zapps-wg]

How awful would it be with RPi 3 and microSD for swap?

On Sat, Feb 17, 2018 at 8:48 PM, Jason Davies via zapps-wg <
zapps...@lists.z.cash.foundation> wrote:

> I like the creative sources of entropy. :)  Thanks!
>
> Shame about the Raspberry Pi.  I suspect it was the lack of memory that
> caused the process to be killed -- since the challenge file is ~1.2GB and
> it is loaded into memory, the 1GB on a standard Pi 3 will not be
> sufficient.  I managed successfully with 2GB (and no swap).
>
> --
> Jason Davies, https://powersoftau.plutomonkey.com/
>
>


-- 
--
Kobi Gurkan
Core Team Lead
(+972)-549743033 <+972%2054-974-3033>

Re: [zapps-wg] Powers of Tau Attestation

[Jason Davies via zapps-wg]

I like the creative sources of entropy. :)  Thanks!

Shame about the Raspberry Pi.  I suspect it was the lack of memory that caused 
the process to be killed -- since the challenge file is ~1.2GB and it is loaded 
into memory, the 1GB on a standard Pi 3 will not be sufficient.  I managed 
successfully with 2GB (and no swap).

--
Jason Davies, https://powersoftau.plutomonkey.com/

Re: [zapps-wg] Powers of Tau attestation (disturbedsquirrel)

[Sean Bowe via zapps-wg]

Awesome! I was excited for yours since you seemed like you were very paranoid.

Sean

On Thu, Feb 15, 2018 at 7:58 PM, disturbedsquirrel--- via zapps-wg
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> ###
>
> Powers of Tau attestation
>
> disturbedsquirrel
>
>
> ##
>
>
>
> ## General sidechannel defenses:
>
>
> # Contacted Sean Bowe using Whonix who forwarded my message to Jason Davies.
>
> # Always communicated using Tor to prevent an adversary from obtaining my
> geographical location prior to the computation.
>
> # Computation was done in an empty room in my home's basement. All
> unnecessary electronic devices were kept outside the ceremony room
> (including my phone which was additionally wrapped in tinfoil). I was the
> only person in the house at the time. Necessary Ethernet connections were
> made via 50 m cable to my server room upstairs. I was in the ceremony room
> the whole time.
>
>
>
> ## Preparation a few days prior to computation day:
>
>
> # Purchased a used desktop PC with cash from a stranger and removed the
> HDD. No Wifi equipment was present at the machine.
>
> # Drove to a friend of mine and downloaded a fresh Ubuntu 17.04 x64 DVD
> image via his machine running Linux Mint 17.04 as OS.
>
> # Verified the image via the hash provided on the Ubuntu homepage and
> wrote it to a raw DVD.
>
> # At home I booted up the Powers of Tau computation machine with the
> Ubuntu live DVD and built the compute binary which was then saved on a
> newly purchased USB drive. The USB drive was put into a safe.
>
>
>
> ## Procedure on computation day:
>
>
> # Booted a second machine (notebook) with the Ubuntu live DVD, downloaded
> and installed Tor Browser and retrieved the challenge file via Tor.
>
> # Copied the challenge file onto the USB drive which already contained the
> compute binary.
>
> # Powered down the notebook and booted the Powers of Tau computation
> machine with the same Ubuntu live DVD.
>
> # On computation machine first rust was installed and then Ethernet removed.
>
> # Plugged in USB drive and started computation via Terminal.
>
>
>
> ## Computation ceremony:
>
>
> # Entropy was generated by entering a random string in addition to 100
> numbers generated by a roulette wheel.
>
> # Computation took about one and a half hours.
>
>
> ##
>
> The BLAKE2b hash of `./response` is:
> bd44847d 072914a8 3de15761 45237532
> 8042e25b 8484a7f5 1742c003 8e05a217
> 5a1ea4c3 f6b50f9b 394babda 70fff55f
> 1ee30798 d8cd5590 7178f725 a1a5ebfb
>
> ##
>
>
>
> ## Postprocessing:
>
>
> # Saved the BLAKE2b hash on the USB drive and powered down the computation
> machine.
>
> # Booted notebook again with Ubuntu live DVD, downloaded and installed Tor
> Browser.
>
> # Plugged in the USB drive containing the response file.
>
> # Uploaded response file via Tor to AWS machine.
>
> # Wrote this report on a second notebook which was used to initially
> contact Sean Bowe while the response file was uploading on the first
> notebook which was used in the ceremony.
>
> # Mailed this report to Jason Davies
>
> # Nuked the USB drive via DBAN.
>
> ###
> -BEGIN PGP SIGNATURE-
>
> iQJ8BAEBCgBmBQJahkgEXxSAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
> ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxN0YwNURCNUFEODM1OTUyMkEzMjNCMDc2
> OUE1NDYzQUQ2NUMyRTg0AAoJEGmlRjrWXC6EGcUP/jD6Sa1WjauLF07sOrdrueS9
> Q+sS8ISqsIaihiFeT6GxOU7JYTz553exbUT3k3WwUbWf99cooHd/b7PXx8V0YeWA
> IuZYeC5WjCrSZREEFGwBUOYfjeHE+yYgL+BHMM9TVXw7FpgnNWIwS5Lxx/C9AsxI
> SvpiXgiezJLb2VwfbzN/9dh9MILrS+SuhvDgYLITW+rFbF4Uubuc5blaCrN98WjT
> YU3yaFA86bAlVBoZ2aligeqSAKb0LRTGfswLob7mT7AGKWcUBkN3ScbMOIT8h3zj
> l11TbF0zNhmMVjfZCynwAY/ejZ6qjtIzC/zR4E9xZmG+KNlKwaUgTForLEq+UghX
> /3E4Aztkw9V2d3u4Z4BqKt7NZgQUwDTMH6WL9gcrkn78SxC/QilB3gmCJUdTgo9l
> A+JyZtxF8U6fC1JwpbaZZwW2qtxJR8UUV+Xt0q+KQYGv2xGQV2A0uP0mClBIQR8B
> ryr8zvmQH117n3naVQFnkdxt7eGYHIsBVinIYEwD7b+Zc+PK46wpTmhZEeVZmMAr
> Fn0jjEbudngXhRhLliVZ2nor8mJVc27B/VXWTM2qtCwDvXIQLMqVl0RaaB0QssJN
> +yVcEhUc2EuvKRPiyfiUG0WR4NI1MOTuVdbNtvAQCc0pK4ZnMbtERNyJ/09Z6ayK
> TqS7iAn1q/f0+HibO21L
> =B/oI
> -END PGP SIGNATURE-
>
> ###
> -BEGIN PGP PUBLIC KEY BLOCK-
>
> mQINBFqBMT4BEADO+s6wu4uuasQwQ1Se8m551zprrcAnhuzZNU7SoQ3+IWmRuAmD
> T8nGG8VyQy3tvEnBX/lz1lz8nW/zKwB02RcVo5aaWk65j/P0qv6bnaPl9j6U3o9d
> C40YImujZK+sp5YZFRo6X4a74l9ncAmXlDo6YHI2zhkJC26WmimNbNSkrbBcoP/h
> Sth2vXCo/qxs+xzJ2fwilWMh82iJPfvUUlscIfuZ62h2vjtiJ65Yyig5kiW6+iFY
> T5TD5jjfEgqLGLIaukDkNYHizelWqhp0xmOJnmZwR3AYGNqf5lmr0FjcsAKQoMl4
> fOiNvGL5y7uhuQv7jOoLmGufSL2dYRDpKBfkbThV9BWJ1p9eY9wcvOshP0u2XA+e
> OcGQYjvxTdt+eVwgZ562Ug5uo3OFAPSh6RT6svYN/H5aCP5DDalRq6wIudZFH/1B
> OitIUN9QGLODsvT9sfir+UKi/s1FWrJZBqQ2kVjh/VcqUBZNWZGypJi0k+kay9wh
> RfX9zj11KmRBV/gLKsHtbyu8E5el88RQfv1Wutihmd5WXchrkG1DAzSe99lOmQBJ
> jsHkXRFH8Rg98u101s84ARXWMGjyXnxSm6NIVS4hUt3lEYxr

Re: [zapps-wg] Powers of Tau Attestation

[Alok Menghrajani via zapps-wg]

On Mon, Feb 12, 2018 at 5:01 PM, Jason Davies
 wrote:
> I've verified your uploaded response, thank you!
>
> I found your Twitter attestation: 
> https://twitter.com/alokmenghrajani/status/963212918505447424
>
> Would you mind posting a link to your co-worker's?

My co-worker's post:
https://twitter.com/wmcc_/status/963218431045545985

Alok

Re: [zapps-wg] Powers of Tau Attestation

[Jason Davies via zapps-wg]

I've verified your uploaded response, thank you!

I found your Twitter attestation: 
https://twitter.com/alokmenghrajani/status/963212918505447424

Would you mind posting a link to your co-worker's?

> On 13 Feb 2018, at 00:45, Alok Menghrajani via zapps-wg 
>  wrote:
> 
> Hi,
> 
> Thank you for coordinating all this!
> 
> I participated today (2/12/18) and my co-worker Will witnessed the
> entire process. Our response is:
> c13af4d4 477f66e7 53f25d51 1b6c4624
> 9f20f79a f63c20d8 c64e34c9 df90441b
> 0bf89ae2 8c05d71c 4ae9cb82 e0a3aa4d
> 41e99666 c54261a9 b0b75f6a 5c455436
> 
> Procedure:
> 1. We got a loaner MacBook Air from our employer. These machines are
> wiped before every use.
> 2. Used the Rust code from https://github.com/ebfull/powersoftau
> (d47a1d3d1f007063cbcc35f1ab902601a8b3bd91) with rustc version 1.23.0
> (766bd11c8 2018-01-01).
> 3. Disabled wifi after installing the necessary tools.
> 4. Challenge blake2:
> 52db7b1d b9ad9990 43c1fe97 bd151cd8
> f4910078 f531dc99 acdca8b6 36c74c5a
> 7605563b feda17ab 1e79b239 6dd0bde0
> f6538184 eb8e5425 93232fe9 4820dcae
> 5. Response: see above
> 6. We used a USB drive to copy the response file and we manually
> re-installed the OS once we were done. We returned the laptop so it
> can be wiped again.
> 
> Finally, we published our response hash on our social media accounts.
> 
> Alok

--
Jason Davies, https://powersoftau.plutomonkey.com/

Re: [zapps-wg] Powers of Tau (Joseph Tobin)

[Jason Davies via zapps-wg]

Thanks Joe!

For the record -- your first email was signed correctly (content-type 
"multipart/signed") but I wasn't able to verify the signature without knowing 
your public key.

Your follow-up email included a link to your public key as well as a signed 
plaintext message, which was slightly friendlier for adding to the attestations 
repository at https://github.com/ZcashFoundation/powersoftau-attestations

Thanks again!
--
Jason Davies, https://powersoftau.plutomonkey.com/

Re: [zapps-wg] Powers of Tau (Joseph Tobin)

[Joseph Tobin via zapps-wg]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512

There was a mistake with PGP in the original message.  Repeated below.

Hi Everyone!

Thank you for the opportunity to participate!
Date: 2018-2-11
Name: Joseph Tobin

Location: New Jersey, USA

Response (blake2b): 2ddd4358 b124100d 724e62a0 6f158dbc
c714ffbe 8784f619 887a40ff 12f9fab0
44649dfa 306a0385 06f95e0e 25c6cfb3
32f46f57 ea6331c8 057f46bf 5a079db4


Procedure
=
Git repository: https://github.com/ebfull/powersoftau
Commit hash: commit d47a1d3d1f007063cbcc35f1ab902601a8b3bd91
Compiler: rustc 1.23.0 (766bd11c8 2018-01-01)
Computer: Macbook Pro 2016 macOS High Sierra 10.13.3

I downloaded the challenge file from an Amazon S3 bucket set up by Jason
Davies. I computed a response locally with wifi disabled. I uploaded the
response file to the same Amazon S3 bucket.
Side channel defenses
=

Entropy source: Divine inspiration

I have no intention to destroy the compute node for the next 5 years.

If there are any questions, please feel free to reach out!

Sincerely,
Joseph Tobin
https://jobin212.github.io/
https://keybase.io/puffinrng
-BEGIN PGP SIGNATURE-
Version: Keybase OpenPGP v2.0.76
Comment: https://keybase.io/crypto

wsFcBAABCgAGBQJagODTAAoJEJcrg9B+fL2Tf84P/3+XH7ujCix21wJ6C66ZIx4K
W/b3G7gN9D82xAYlwRZZQM6mGmQYFDeuLdesLVSrDP0OFUfUUns2mPajbXtctSlv
ZyewhgdKxnfBhNUcbHgHMci5R3sWlN/vHFGdJNq9d2ruPV9FY5JzSgL1a6vW8KxL
NNxX/cU4xSzwwcvyTxcqQ4AbbrpZdin0ctohPJO8gGw+gKTVazz6mp8gOlq5c1Xr
4Cd5SfNLDDD4wIyAe1QhghqkWYfuJwS6kWvHhoMpiDAeBbxmyMS3vfX34Kg2ZQF4
X4G7gtrLp9orRzYNJuZ7TY/WhU82wkGfOrf81t7VuhqQmHmCc1syIexMm2SoBJnS
c3Uo3dnAfVjOSR3b03fZ38ISDG4aG5yJGNksTBCgHfpoZst2mcAPdCGHr5pqn4tv
ma68rLZgn0v3tT7Se2ych/CYXSkWjFnFKs3vMZRGBDfvQi1tdltix1PsJ2b68BMF
osQnQmF2EYG1jMo9zPeWQfLVLwJDl0z9kzxcluvnKxSGYk4Qt4dnwuic9KHqLLLq
wJz2D69zlhIFtRW4TnoiH0Kk7WVhI9YIoK6BlKy23j7WE9wULrXnnZEZM1SzlmWm
70i6Ajvaybu9ot5Antx1bGeoX+HXNlE3+cObG+Ed6IUgRx/sTmHHFYSP64qCpWpr
4nuXvRPj8Phc+7cIjwfx
=sD7z
-END PGP SIGNATURE-


On Sun, Feb 11, 2018 at 5:47 PM, Joseph Tobin  wrote:

> Hi Everyone!
>
> Thank you for the opportunity to participate!
>
> Date: 2018-2-11
>
> Name: Joseph Tobin
>
> Location: New Jersey, USA
>
> Response (blake2b): 2ddd4358 b124100d 724e62a0 6f158dbc
>   c714ffbe 8784f619 887a40ff 12f9fab0
>   44649dfa 306a0385 06f95e0e 25c6cfb3
>   32f46f57 ea6331c8 057f46bf 5a079db4
>
>
> Procedure
> =
>
> Git repository: https://github.com/ebfull/powersoftau
>
> Commit hash: commit d47a1d3d1f007063cbcc35f1ab902601a8b3bd91
>
> Compiler: rustc 1.23.0 (766bd11c8 2018-01-01)
>
> Computer: Macbook Pro 2016 macOS High Sierra 10.13.3
>
>
> I downloaded the challenge file from an Amazon S3 bucket set up by Jason
> Davies. I computed a response locally with wifi disabled. I uploaded the
> response file to the same Amazon S3 bucket.
>
> Side channel defenses
> =
>
> Entropy source: Divine inspiration
>
> I have no intention to destroy the compute node for the next 5 years.
>
>
> If there are any questions, please feel free to reach out!
>
>
> Sincerely,
>
> Joseph Tobin
>
> https://jobin212.github.io/
>
>
>

Re: [zapps-wg] Powers of Tau Attestation 54

[Sean Bowe via zapps-wg]

I love this! Very detailed and I was happy that someone managed to
leverage the next-challenge stuff locally during the ceremony.

Thank you!

Sean

On Fri, Feb 9, 2018 at 6:30 PM, Jan Jancar via zapps-wg
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Powers of Tau attestation
> =
>
> Round: 54
> Date: 2018-02-09
> Principals: Jan Jancar and Jakub Rafajdus
> Location: Zilina, Slovakia
>
> Go implementation commit:
> FiloSottile/powersoftau
> 7a08472c288cd7022c24ad01e1e181cfc47c3363
>
> Rust implementation commit:
> ebfull/powersoftau
> d47a1d3d1f007063cbcc35f1ab902601a8b3bd91
>
> sha256 challenge:
> bae01c605003b5c84b38436c7a0bc31c123a3fcf049ea95ff7967c9e0d5c8baa
>
> The BLAKE2b hash of `./response_j` is:
> 44d7dd87 08d40812 6bb1b661 ac08b58a
> ee200eb9 42592c36 bfbcb3f1 e74f5b26
> 07ff54d5 3ec93f98 10f88414 7a097a9d
> 4596c281 42449128 2a284343 cc921b32
>
> The BLAKE2b hash of `./response_k2` is:
> d0e254dc 319b760d 7e9f42aa fa87df46
> 95c2f7ab 8eebf17c 303e5a44 e7b3c41c
> 02a73eda d60c270b b6c643a7 753cb275
> f72fd24f de8b01cf 6711d83a b89795a8
>
> sha256 ubuntu-16.04.3-desktop-amd64.iso:
> 1384ac8f2c2a6479ba2a9cbe90a585618834560c477a699a4a7ebe7b5345ddc1
>
>
> Log
> - ---
>
> I decided to participate by producing two consecutive responses,
> produced by different machines (named k and j) and implementations.
> The plan was to run the Go implementation in parallel on two machines,
> after they both finish, choose randomly which response and next
> challenge should be used, then use the other machine and the Rust
> implementation to produce the second response. See the below log and
> diagram for more details on how this actually went.
>
> All times in UTC+1. On 09.02.2018:
>
>  - 09:25 - Downloaded challenge file to an external drive.
>  - 11:50 - Moved to location of machine k.
>  - 12:00 - Started trying to cross-compile the Go implementation for
>Windows, as machine k only had it installed.
>  - 12:50 - Gave up on trying to cross-compile, instead downloaded a
>Ubuntu 16.04 live USB.
>  - 13:00 - Booted up the live USB on machine k, installed Go, compiled
>FiloSottile/powersoftau.
>  - 13:05 - Copied the challenge file from the external drive to both
>machines.
>  - 13:07 - Started computation on both machines with the Go
>implementation.
>  - 14:19 - Machine j finished computing.
>  - 14:20 - Copied the response of machine j and the next challenge
>produced to the external drive.
>  - 14:40 - Machine k finished computing.
>  - 14:45 - Copied the response of machine k and the next challenge
>produced to the external drive.
>  - Flipped a coin to select which response of which machine to
>use for further computation, machine j was selected.
>  - 14:50 - Installed Rust on machine k live USB.
>  - 14:55 - Started computation on machine k, with the Rust
>implementation, using the challenge produced before by
>machine j.
>  - 16:40 - Uploaded the first response (produced by machine j).
>  - 16:45 - Machine k finished computing.
>  - 17:45 - Uploaded the second response (produced by machine k, based on
>the challenge produced by j first).
>
>
> Diagram
> - ---
>
>Go implementation  | Rust implementation
>----
>  ---> [Machine k] -> response_k   |
>  |-> challenge_next_k
>  ||
>  challenge   Coinflip chose j.
>  |   ||
>  |  \ /
>  ---> [Machine j] -> response_j   |
>   -> challenge_next_j --> [Machine k] -> response_k2
>
>  * response_j and response_k2 were uploaded.
>  * Machine j is mine, machine k is Jakub's.
> -BEGIN PGP SIGNATURE-
>
> iQJJBAEBCgAzFiEENiBWrajy9OQhVl74f0pEj+aPMp0FAlp+Sz0VHGpvaG55QG5l
> dXJvbWFuY2VyLnNrAAoJEH9KRI/mjzKdF2gP/jf3GEEfM7poM+1+Xo9jN5yBVPyv
> pF2pTfO/yyFNFr3fmDRjGk29ygNWn4WR4FIA9aUUuFBUSwZIPFPzmSEtvzS/aDQp
> ES5gNBoj5xIt97Hmq4GJM53wwOxrgTDF2TOPvFBPKbF2BQxQCwDjW9UUNThbPfy3
> 4M29gK2SvR4vlytKzNHXm9mjhwAvh+/m31A+Ht7u//TC7PEzzKm6Xu+FDMaVNBpZ
> E8RIGCk+Z/ox5g7rz9t4qeaR9I7xpkl52WvxEqhlPT6D8iHwNBVPprfIEhbt4eUQ
> Oroz7gHGD3wDlDNDYUSIGGTrVAkE/JfOHIehW6rR4Va5iHk+on4VAatS8tRzjGRa
> hsV2sap9Rpe1XsgbsEgirG7qZ4vo6Uq6JnibuJYwrwIOUakJ+eV38TbZJd0q1Wuo
> U5TCrnec2XEoLiXzfPzk9KHRJTLnh4LCeBZxyC3icBo2JrHnPNpy+N5TYtzqkRdE
> UhruNl+R5GwGa2CcIiO1bNk2KPZKJYB59nYXHiCqJmgrf34WUXju9/Yio7K4qZqA
> 8uuMKvRfTnAa9OUXjEYBFROFz0qBXD5eFvPQMbpgsJ+PptEgft39pFVz+y9+KHPh
> ZEouIrxzhu85cZ+ZMJY7+mETJo5RtXwGRZSm5jLEAIJSirOYjQBtEkseqtOWABcP
> EGvhW8tzj7Igj5gt
> =u1fo
> -END PGP SIGNATURE-

Re: [zapps-wg] Powers of Tau Attestation

[Sean Bowe via zapps-wg]

Excellent! Verified it. Adding to transcript now.

Sean

On Thu, Feb 8, 2018 at 12:40 PM, Mark Giannullo via zapps-wg
 wrote:
> I completed the challenge using Filippo's golang implementation:
> https://github.com/FiloSottile/powersoftau
>
> The BLAKE2b hash of `./response` is:
> a6a754d8 68697ff0 870c8413 c5cda8f6
> fe57e6bf 3a1dd30b 5f254ede 78d23879
> 175b4044 61573619 4df013db 4642f717
> 9f5602f5 1d37b9b6 88045d96 352927e1
>
> I have also posted this hash on Twitter:
> https://twitter.com/markgiannullo/status/961683650210402304

Re: [zapps-wg] Powers of Tau Attestation by Gսѕtavо Frеdегіc೦

[Sean Bowe via zapps-wg]

Thanks Gustavo! I've entered this into the transcript.

Sean

On Mon, Feb 5, 2018 at 7:12 PM, Gustavo Frederico via zapps-wg
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Powers of Tau Attestation by Gսѕtavо Frеdегіc೦
> - --
>
> Date: 5/Feb/2018
> Location: Ottawa, ON, Canada
> Main document given to Gսѕtavо with instructions: 
> https://github.com/ebfull/powersoftau/wiki.
>
> sha256sum -b challenge
> 81e7d56284c57a227841243565baad98aba3fae1165e859027ea03415706c726 *challenge
>
> Blake2b response file:
>
> The BLAKE2b hash of `./response` is:
> 8abb2666 2df43f23 310b3896 665fb8b0
> a9995403 a5c5c890 c785bbd4 92093c6b
> fd553da7 81623379 22184427 5b2c212b
> 722c78ca 5d02a204 f248e94e e8e5b00f
>
> My PGP public key:
> https://keys.mailvelope.com/pks/lookup?op=get&search=0xFB442070C0242E80
>
> My fingerprint: F3CE E9F3 1BDF 1268 DBF2  32C7 FB44 2070 C024 2E80
>
> Actions:
>   Principle: I didn't want to destroy any hardware because I'm not rich.
>
>   Environment: a small room, where I was alone.
>
>   Preparation: My host computer is a MacBook Pro with macOS 10.13.3. I 
> installed VirtualBox (www.virtualbox.org). I downloaded a Ubuntu desktop iso 
> image from https://www.ubuntu.com and I created a VM in VirtualBox. I enabled 
> "Disk Image Encryption" in the VM. I tured off its Bluetooth adapter. In the 
> beginning I left the network adapter connected to the host's. After 
> installing Ubuntu in the VM, I installed curl.
>
>   Other installs in the guest VM (still dependent on network adapter 
> connected to the host's at this stage):
>curl in shell
>Rust from https://www.rust-lang.org/
>Powers of Tau source from https://github.com/ebfull/powersoftau
>
>   Ceremonial step:
>cargo run --release --bin compute   # with network connection on
>   At the step where the program asks for keyboard input, Gustavo turned 
> the VM (guest) network connection off and the host connection off also.
>
>The input may have included counts of letters in words I read today, words 
> I read today in English and in Russian, and people that I counted today. It 
> may have included names of people. I also may have played a song by Beethoven 
> in the keyboard as if it were a piano. And I may have played the fingering of 
> a Bach violin concerto as if the keyboard were a violin fingerboard. And I 
> may have typed random keys in the keyboard.
>
>At the end of the computation (it tooks almost 3 hours), I copied to 
> clipboard the BLAKE2b hash of the response file. Then I rebooted the VM. 
> After that, created a volume share between guest and host. I then saved the 
> response file in the host computer. Then I deleted the VM, including all of 
> its (encrypted) files. After, around 7 pm UTC-6 I uploaded the response file 
> to the URL given to me by email ( it began with 
> https://s3-us-west-2.amazonaws.com/powersoftau/p6RZ )
>
>
>
>
>
> B̸̡͔̻̬̩̖͚̬͈͙͔̫̩͙̻̉̈̄̌̊͐̄̂̈́̊̾͆͠Ḑ̸̻̣̲̗͇͍͍͍̞̩̖͗̉͊S̸̢̝͕͎̝̘̥̬̲͉̯̣͙͂̐͜
>
>
>
>
>
> - --
> -BEGIN PGP SIGNATURE-
>
> iQIzBAEBCAAdFiEE887p8xvfEmjb8jLH+0QgcMAkLoAFAlp5DvAACgkQ+0QgcMAk
> LoDPexAA1JbFpCsgZWq/j1b+Ng7ItKBE2/l8NS0sWiqn4bHBW2oEEOGTUsRAFGCj
> HFylW8aDVi+YY7Gene+Gr5EDkbhT0en8lBeSK0qBRNkHN5yrzw0cZJWHNOoofeTZ
> SJzodJiFlkq9P9cIO12v1XdRP59VmaAM/4npDpbqrjB76cUG4aEaxwz5OgE4Er3A
> WvLs1aGd3le34KROLnrGGOYm1msX9MdFWFS9UEztqTYcMsn9ayz6e6HNPIk4u2Ry
> GcOZTdw+RCaqJhA10PkSEsGhoL1JexsksYIapy0i9xOKaqMXMrbYfs3S4ktHY4q6
> aOBMR2yQ6hJ1BQ/LsvkTL27p00UFXr/Vi/ZjwZZtRAP9YFxlrg7NrFIw7Xf+IF6v
> a+WFDX5Qt8YQ2gup+pheR15kQViNKrqx3OkpBVzj+D4RSvrbmCerOEYxrw4PJh7F
> xSyZ8MOjB5pAdhQ2nt56GjEKa57ID/3UQM+iPrrmurbOlVUs4kSJ2SbX2hq1p2CY
> ETgxUM+o9W956wT7Un3khptIUSkLqJoY0KPz6InpI2fdLHSSF2s4OG9ghtiF3uyE
> LHaXu/mB2xM/2GI/1K9Z446dSlh6xaL84JDyRXed06F51LstYNgLb0K43ivc1ilq
> XYC8ZDgaJbF9BYSYZlsKfrzS+7pNH6M7vh7iuq/jiOOB/DF718k=
> =M6yK
> -END PGP SIGNATURE-
>

Re: [zapps-wg] Powers of Tau Attestation 48

[Justin via zapps-wg]

I had a conversation with filippo, he pushed one commit as he reproduced my 
problems (he said he broke it when adding -next)

So fingers crossed it works now!

Justin

> Am 02.02.2018 um 09:08 schrieb Sean Bowe via zapps-wg 
> :
> 
> Awesome job, thank you so much. :)
> 
> By the way, the challenge file that Gabe used is located here:
> https://powersoftau-transcript.s3-us-west-2.amazonaws.com/challenge.48
> 
> I'd be curious to see why Filippo's Go code can't deserialize it.
> Maybe a platform specific bug?
> 
> Sean
> 
> On Thu, Feb 1, 2018 at 3:56 PM, Gabe Ortiz via zapps-wg
>  wrote:
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA512
>> 
>> Powers of Tau Attestation by Gabe Ortiz (@signalnine)
>> =
>> 
>> Round: 48
>> Date: 2018-02-01
>> Location: Albuquerque, NM, USA
>> Commit version: d47a1d3d1f007063cbcc35f1ab902601a8b3bd91
>> 
>> SHA256 challenge file:
>> 35b60456f4d4a17ceefb1acfd0371d7134789319649cfd6bf77aca35d2824950
>> 
>> Blake2b response file:
>> The BLAKE2b hash of `./response` is:
>> 7c220a51 5804a837 d314eb18 f861198f
>> e1bff8e0 f3e4018f 68a6b2c6 8a4bc89b
>> 59a80446 52cc2602 4c3f72f9 32730700
>> 1bff8df0 429da619 70d6f587 72629732
>> 
>> 
>> Methodology
>> =
>> 
>> The hardware used was a mid-2011 MacBook Air running OS X 10.11.6. WiFi and
>> Bluetooth were disabled and the MAC address of the WiFi adapter was blocked
>> at my router. I transferred the challenge file via USB drive. I first
>> attempted to use Filippo Valsorda’s golang implementation but ran into an
>> issue where it was throwing an error, “Failed to read the challenge: point
>> is compressed.” So, I ran the standard Rust implementation instead.
>> Additional entropy was produced via a USB-connected keyboard. I again
>> transferred the response and response hash via a USB drive to my
>> network-connected laptop for upload. The MacBook Air and the USB drive used
>> to do the compute was then destroyed.
>> 
>> Just for fun, here’s an imgur album of the laptop destruction (yes, we made
>> sure to avoid damage to the battery cells):
>> https://imgur.com/a/IkG3i
>> -BEGIN PGP SIGNATURE-
>> 
>> iQIzBAEBCgAdFiEE2eDG1CCBN16+WtTSC6+LqJ7Wy2QFAlpzmksACgkQC6+LqJ7W
>> y2SkYQ/+OlYd79nl1EX6St7dgvbJvb2lZbP1qYG2dEdJsTY0yTILREPLwOfOlopJ
>> DOm7hn2SGbi7FUe2XIMc07bi+shvH3h8mpKnSt9HYw/KtwAmgqt9o0DpbMNibOyw
>> 8q9rDtmbgV8/Hg9GBDaR0V+ocy/uObdLehxb3zsm2gLToTOj4sEM75nje2zbhVSd
>> +F/UN7qYNq5DwUIA/rqqPAA4EVaOa6zan8h803fIeokTNkw7bcIDiJkdbcZh8fko
>> qcVEnRdhf4t0OS2ZIyGGQ8YU/EUhu8e1xvGj8aKZ+uzarMV6lgef7yOosMWbnjkh
>> JHqEZnBXqqWGW4uslE8Flh68CmKAa7Z8gtnSOxfrIDCwN7IMM1bQzAI45yydLYCB
>> 1rjJndasmmxkP+kzzAz0ixP6nEiMOnsNZibqTdi5kQjvytKQwm/viVeuAE5d24cM
>> JBfBArbsug3ZvAKSgwuaboIC77/qhZYqYxxfGiM91g9KQsFrg7SXYpH3cf806JID
>> RAHT/6z1M7RegjZL74BH74QB6tb2pVIDqDDnY9wp1Lj8PeiGx2u5+eiW71NYAX5h
>> GtWThZrd5yk6+EBzsyIeRnPmf4oaw/Y0jMs8qePVHcaXDiWHAdwIg2lwmVfqZx80
>> lR5mSBmiV0tDX14SDgbQuONAqFtop102QZkawvR4ZbYPNpf/Jjc=
>> =EmVb
>> -END PGP SIGNATURE-

Re: [zapps-wg] Powers of Tau Attestation 48

[Sean Bowe via zapps-wg]

Awesome job, thank you so much. :)

By the way, the challenge file that Gabe used is located here:
https://powersoftau-transcript.s3-us-west-2.amazonaws.com/challenge.48

I'd be curious to see why Filippo's Go code can't deserialize it.
Maybe a platform specific bug?

Sean

On Thu, Feb 1, 2018 at 3:56 PM, Gabe Ortiz via zapps-wg
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Powers of Tau Attestation by Gabe Ortiz (@signalnine)
> =
>
> Round: 48
> Date: 2018-02-01
> Location: Albuquerque, NM, USA
> Commit version: d47a1d3d1f007063cbcc35f1ab902601a8b3bd91
>
> SHA256 challenge file:
> 35b60456f4d4a17ceefb1acfd0371d7134789319649cfd6bf77aca35d2824950
>
> Blake2b response file:
> The BLAKE2b hash of `./response` is:
> 7c220a51 5804a837 d314eb18 f861198f
> e1bff8e0 f3e4018f 68a6b2c6 8a4bc89b
> 59a80446 52cc2602 4c3f72f9 32730700
> 1bff8df0 429da619 70d6f587 72629732
>
>
> Methodology
> =
>
> The hardware used was a mid-2011 MacBook Air running OS X 10.11.6. WiFi and
> Bluetooth were disabled and the MAC address of the WiFi adapter was blocked
> at my router. I transferred the challenge file via USB drive. I first
> attempted to use Filippo Valsorda’s golang implementation but ran into an
> issue where it was throwing an error, “Failed to read the challenge: point
> is compressed.” So, I ran the standard Rust implementation instead.
> Additional entropy was produced via a USB-connected keyboard. I again
> transferred the response and response hash via a USB drive to my
> network-connected laptop for upload. The MacBook Air and the USB drive used
> to do the compute was then destroyed.
>
> Just for fun, here’s an imgur album of the laptop destruction (yes, we made
> sure to avoid damage to the battery cells):
> https://imgur.com/a/IkG3i
> -BEGIN PGP SIGNATURE-
>
> iQIzBAEBCgAdFiEE2eDG1CCBN16+WtTSC6+LqJ7Wy2QFAlpzmksACgkQC6+LqJ7W
> y2SkYQ/+OlYd79nl1EX6St7dgvbJvb2lZbP1qYG2dEdJsTY0yTILREPLwOfOlopJ
> DOm7hn2SGbi7FUe2XIMc07bi+shvH3h8mpKnSt9HYw/KtwAmgqt9o0DpbMNibOyw
> 8q9rDtmbgV8/Hg9GBDaR0V+ocy/uObdLehxb3zsm2gLToTOj4sEM75nje2zbhVSd
> +F/UN7qYNq5DwUIA/rqqPAA4EVaOa6zan8h803fIeokTNkw7bcIDiJkdbcZh8fko
> qcVEnRdhf4t0OS2ZIyGGQ8YU/EUhu8e1xvGj8aKZ+uzarMV6lgef7yOosMWbnjkh
> JHqEZnBXqqWGW4uslE8Flh68CmKAa7Z8gtnSOxfrIDCwN7IMM1bQzAI45yydLYCB
> 1rjJndasmmxkP+kzzAz0ixP6nEiMOnsNZibqTdi5kQjvytKQwm/viVeuAE5d24cM
> JBfBArbsug3ZvAKSgwuaboIC77/qhZYqYxxfGiM91g9KQsFrg7SXYpH3cf806JID
> RAHT/6z1M7RegjZL74BH74QB6tb2pVIDqDDnY9wp1Lj8PeiGx2u5+eiW71NYAX5h
> GtWThZrd5yk6+EBzsyIeRnPmf4oaw/Y0jMs8qePVHcaXDiWHAdwIg2lwmVfqZx80
> lR5mSBmiV0tDX14SDgbQuONAqFtop102QZkawvR4ZbYPNpf/Jjc=
> =EmVb
> -END PGP SIGNATURE-

Re: [zapps-wg] Powers of Tau

[Lucas Vogelsang via zapps-wg]

Thanks for publishing the go implementation. Awesome to have another
implementation to choose from. I will take a look at your repository.

@Sean, I'd love to participate anytime next week. I'm available every
mon-fri 9am-2pm EST.

On Wed, Jan 24, 2018 at 5:46 PM, Andrew Miller via zapps-wg <
zapps...@lists.z.cash.foundation> wrote:

> That's outstanding, thanks! The independent Go-language implementation of
> the compute node is an amazing bonus contribution. I'd love to learn more
> about this project. I'll ask questions in the github repo.
> Cheers,
>
> On Wed, Jan 24, 2018 at 6:54 PM, Filippo Valsorda via zapps-wg <
> zapps...@lists.z.cash.foundation> wrote:
>
>> The BLAKE2b hash of `./response` is:
>> 7b55c0f5 68a8b4df 2ca14085 2e816df2
>> b9a2dafe 50b2c5e2 5e6c9b6a df239de0
>> 223a9866 aba481a8 436fbd42 04a2c48a
>> 43725d94 2de47b23 c10c5e87 38fd6467
>>
>> The main feature of this contribution is that it was computed with an
>> independent implementation of Powers of Tau.
>>
>> My implementation, which I am open sourcing now at [1], was not public at
>> the
>> time of computation. It is written in Go, shares no code with the main
>> Rust
>> implementation, and uses the RELIC library for BLS12-381. The only detail
>> that
>> was copied verbatim from the Rust codebase is the value of the curve
>> coefficient, but that's being resolved at [2]. The Zcash Company sponsored
>> this effort, but it was proposed and conducted by me independently.
>>
>> The computation was simply performed on my main MacBook Pro, where the
>> code
>> was developed. The laptop was rebooted after the computation and before
>> re-enabling Wi-Fi and reopening the browser. The git hash of the codebase
>> was
>> 26a0231c674ec6043ef77997d33d94787c55634a, the Go version 1.9.2, extra
>> entropy
>> was fed to /dev/random before starting.
>>
>> The full terminal transcript, and this attestation signed with a
>> minisign/signify
>> key published at [3] are attached, and available at [4].
>>
>> [1] https://github.com/FiloSottile/powersoftau
>> [2] https://github.com/relic-toolkit/relic/issues/64
>> [3] https://twitter.com/FiloSottile/status/956325095013863425
>> [4] https://gist.github.com/FiloSottile/cc142b683666ee1ce5ee77759bd0a367
>>
>> -- Filippo Valsorda
>>
>> 2018-01-22 22:17 GMT+0100 Filippo Valsorda :
>> > _o/
>> >
>> > I'm ready to go whenever there's a slot.
>> >
>> > It will probably take me half a day, upload included.
>>
>
>
>
> --
> Andrew Miller
> University of Illinois at Urbana-Champaign
>

Re: [zapps-wg] Powers of Tau

[Andrew Miller via zapps-wg]

That's outstanding, thanks! The independent Go-language implementation of
the compute node is an amazing bonus contribution. I'd love to learn more
about this project. I'll ask questions in the github repo.
Cheers,

On Wed, Jan 24, 2018 at 6:54 PM, Filippo Valsorda via zapps-wg <
zapps...@lists.z.cash.foundation> wrote:

> The BLAKE2b hash of `./response` is:
> 7b55c0f5 68a8b4df 2ca14085 2e816df2
> b9a2dafe 50b2c5e2 5e6c9b6a df239de0
> 223a9866 aba481a8 436fbd42 04a2c48a
> 43725d94 2de47b23 c10c5e87 38fd6467
>
> The main feature of this contribution is that it was computed with an
> independent implementation of Powers of Tau.
>
> My implementation, which I am open sourcing now at [1], was not public at
> the
> time of computation. It is written in Go, shares no code with the main Rust
> implementation, and uses the RELIC library for BLS12-381. The only detail
> that
> was copied verbatim from the Rust codebase is the value of the curve
> coefficient, but that's being resolved at [2]. The Zcash Company sponsored
> this effort, but it was proposed and conducted by me independently.
>
> The computation was simply performed on my main MacBook Pro, where the code
> was developed. The laptop was rebooted after the computation and before
> re-enabling Wi-Fi and reopening the browser. The git hash of the codebase
> was
> 26a0231c674ec6043ef77997d33d94787c55634a, the Go version 1.9.2, extra
> entropy
> was fed to /dev/random before starting.
>
> The full terminal transcript, and this attestation signed with a
> minisign/signify
> key published at [3] are attached, and available at [4].
>
> [1] https://github.com/FiloSottile/powersoftau
> [2] https://github.com/relic-toolkit/relic/issues/64
> [3] https://twitter.com/FiloSottile/status/956325095013863425
> [4] https://gist.github.com/FiloSottile/cc142b683666ee1ce5ee77759bd0a367
>
> -- Filippo Valsorda
>
> 2018-01-22 22:17 GMT+0100 Filippo Valsorda :
> > _o/
> >
> > I'm ready to go whenever there's a slot.
> >
> > It will probably take me half a day, upload included.
>



-- 
Andrew Miller
University of Illinois at Urbana-Champaign

Re: [zapps-wg] Powers of Tau

[Sean Bowe via zapps-wg]

This is excellent! I'm so impressed. I've added this to the transcript.

Thanks,

Sean

On Wed, Jan 24, 2018 at 5:54 PM, Filippo Valsorda via zapps-wg
 wrote:
> The BLAKE2b hash of `./response` is:
> 7b55c0f5 68a8b4df 2ca14085 2e816df2
> b9a2dafe 50b2c5e2 5e6c9b6a df239de0
> 223a9866 aba481a8 436fbd42 04a2c48a
> 43725d94 2de47b23 c10c5e87 38fd6467
>
> The main feature of this contribution is that it was computed with an
> independent implementation of Powers of Tau.
>
> My implementation, which I am open sourcing now at [1], was not public at the
> time of computation. It is written in Go, shares no code with the main Rust
> implementation, and uses the RELIC library for BLS12-381. The only detail that
> was copied verbatim from the Rust codebase is the value of the curve
> coefficient, but that's being resolved at [2]. The Zcash Company sponsored
> this effort, but it was proposed and conducted by me independently.
>
> The computation was simply performed on my main MacBook Pro, where the code
> was developed. The laptop was rebooted after the computation and before
> re-enabling Wi-Fi and reopening the browser. The git hash of the codebase was
> 26a0231c674ec6043ef77997d33d94787c55634a, the Go version 1.9.2, extra entropy
> was fed to /dev/random before starting.
>
> The full terminal transcript, and this attestation signed with a 
> minisign/signify
> key published at [3] are attached, and available at [4].
>
> [1] https://github.com/FiloSottile/powersoftau
> [2] https://github.com/relic-toolkit/relic/issues/64
> [3] https://twitter.com/FiloSottile/status/956325095013863425
> [4] https://gist.github.com/FiloSottile/cc142b683666ee1ce5ee77759bd0a367
>
> -- Filippo Valsorda
>
> 2018-01-22 22:17 GMT+0100 Filippo Valsorda :
>> _o/
>>
>> I'm ready to go whenever there's a slot.
>>
>> It will probably take me half a day, upload included.

Re: [zapps-wg] Powers of Tau

[Filippo Valsorda via zapps-wg]

The BLAKE2b hash of `./response` is:
7b55c0f5 68a8b4df 2ca14085 2e816df2
b9a2dafe 50b2c5e2 5e6c9b6a df239de0
223a9866 aba481a8 436fbd42 04a2c48a
43725d94 2de47b23 c10c5e87 38fd6467

The main feature of this contribution is that it was computed with an
independent implementation of Powers of Tau.

My implementation, which I am open sourcing now at [1], was not public at the
time of computation. It is written in Go, shares no code with the main Rust
implementation, and uses the RELIC library for BLS12-381. The only detail that
was copied verbatim from the Rust codebase is the value of the curve
coefficient, but that's being resolved at [2]. The Zcash Company sponsored
this effort, but it was proposed and conducted by me independently.

The computation was simply performed on my main MacBook Pro, where the code
was developed. The laptop was rebooted after the computation and before
re-enabling Wi-Fi and reopening the browser. The git hash of the codebase was
26a0231c674ec6043ef77997d33d94787c55634a, the Go version 1.9.2, extra entropy
was fed to /dev/random before starting.

The full terminal transcript, and this attestation signed with a 
minisign/signify
key published at [3] are attached, and available at [4].

[1] https://github.com/FiloSottile/powersoftau
[2] https://github.com/relic-toolkit/relic/issues/64
[3] https://twitter.com/FiloSottile/status/956325095013863425
[4] https://gist.github.com/FiloSottile/cc142b683666ee1ce5ee77759bd0a367

-- Filippo Valsorda

2018-01-22 22:17 GMT+0100 Filippo Valsorda :
> _o/
> 
> I'm ready to go whenever there's a slot.
> 
> It will probably take me half a day, upload included.


attestation.txt.minisig
Description: Binary data
The BLAKE2b hash of `./response` is:
7b55c0f5 68a8b4df 2ca14085 2e816df2
b9a2dafe 50b2c5e2 5e6c9b6a df239de0
223a9866 aba481a8 436fbd42 04a2c48a
43725d94 2de47b23 c10c5e87 38fd6467

The main feature of this contribution is that it was computed with an
independent implementation of Powers of Tau.

My implementation, which I am open sourcing now at [1], was not public at the
time of computation. It is written in Go, shares no code with the main Rust
implementation, and uses the RELIC library for BLS12-381. The only detail that
was copied verbatim from the Rust codebase is the value of the curve
coefficient, but that's being resolved at [2]. The Zcash Company sponsored
this effort, but it was proposed and conducted by me independently.

The computation was simply performed on my main MacBook Pro, where the code
was developed. The laptop was rebooted after the computation and before
re-enabling Wi-Fi and reopening the browser. The git hash of the codebase was
26a0231c674ec6043ef77997d33d94787c55634a, the Go version 1.9.2, extra entropy
was fed to /dev/random before starting.

The full terminal transcript follows below.

This attestation is signed with a minisign/signify key published at [3].

[1] https://github.com/FiloSottile/powersoftau
[2] https://github.com/relic-toolkit/relic/issues/64
[3] https://twitter.com/FiloSottile/status/956325095013863425

---

➜  powersoftau alias download
download='aria2c --check-certificate=true --http-accept-gzip=true -s 16 -k 5M 
-x 4 -j 16'
➜  powersoftau download 
https://s3-us-west-2.amazonaws.com/powersoftau/UPK2HSUb3XsjWDcyXkiAALsCyCNmIpwl/challenge

01/24 16:04:29 [NOTICE] Downloading 1 item(s)
[#430007 0B/0B CN:1 DL:0B]
01/24 16:04:31 [NOTICE] Allocating disk space. Use --file-allocation=none to 
disable it. See --file-allocation option in man page for more details.
 *** Download Progress Summary as of Wed Jan 24 16:05:30 2018 ***
=
[#430007 69MiB/1.1GiB(6%) CN:4 DL:1.1MiB ETA:15m7s]
FILE: /Users/filippo/tmp/powersoftau/challenge
-

 *** Download Progress Summary as of Wed Jan 24 16:06:31 2018 ***
=
[#430007 139MiB/1.1GiB(12%) CN:4 DL:1.2MiB ETA:13m46s]
FILE: /Users/filippo/tmp/powersoftau/challenge
-

 *** Download Progress Summary as of Wed Jan 24 16:07:31 2018 ***
=
[#430007 212MiB/1.1GiB(18%) CN:4 DL:1.2MiB ETA:12m9s]
FILE: /Users/filippo/tmp/powersoftau/challenge
-

 *** Download Progress Summary as of Wed Jan 24 16:08:32 2018 ***
=
[#430007 281MiB/1.1GiB(24%) CN:4 DL

Re: [zapps-wg] Powers of Tau

[Andrew Miller via zapps-wg]

was booted from a
> USB drive with Ubuntu 16.04. The hard drives and wifi were disabled in
> software, but were *not* removed due to the difficulty in unscrewing
> the laptop.
>
> To reduce the risk of side channel attacks, we performed our
> contribution to the ceremony while airborne in Ryan's Piper
> Cherokee. Ryan and Andrew were the only occupants in the aircraft. No
> mobile phones were powered on during the flight. The only mobile
> device in use was an iPad 2, with cellular and WiFi disabled but
> Bluetooth and GPS enabled, running ForeFlight electronic flight bag
> software. We departed on a VFR flight from Waukegan airport (KUGN),
> located in Illinois, near the Wisconsin border. Once we reached 3,000
> feet AMSL, Ryan performed a 360 degree steep turn to assure ourselves
> that no aircraft or drones were following us. We set up the Geiger
> counter RNG and laptop and began the computation. During this time, we
> made occasional random turns, flying over northern Illinois and
> southern Wisconsin while remaining outside the O'Hare Class B
> airspace, until the compute finished. We observed no suspicious
> aircraft attempting to follow us. The total compute time took around
> 30 minutes. We then flew to Schaumburg Airport (06C) where we uploaded
> the response file at Pilot Pete's restaurant. We made a return flight
> to Waukegan later that afternoon.
>
> Pictures from the trip:
>
> https://twitter.com/RyanPierce_Chi/status/954776352225398784
> https://twitter.com/RyanPierce_Chi/status/954777461782470656
> https://twitter.com/RyanPierce_Chi/status/954779454961745921
> https://twitter.com/RyanPierce_Chi/status/954854952396050432
> https://twitter.com/RyanPierce_Chi/status/954908555873849344
> https://twitter.com/RyanPierce_Chi/status/954855811951550464
>
> We’re also currently producing a short video about our trip, which we
> plan to publish to Youtube and notify the zapps-wg mailing list.
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v1
>
> iQIcBAEBAgAGBQJaZisvAAoJEFvUyhfk+7ICLOYQAIX7+nSe6CRVKFuwkjHYXJyu
> Ll5G+X9+Kjrhq0RYXmjix50pEgkpEZhTzKnPxo4tNiiaRc34waKpCAFZpn2Yfpq5
> 8o3R3rTDjYlGcMVyWciipUvbtzxfxrs5GRXknTGhtLvhljZM+fq09O4raPn+oj5Y
> tDiFKAO0tKx5wXqlg8diM5AxUfveX6Kov0844ctV+7rP6OYOgCEjqD/o/vM0kVUR
> R5wvh7dqY2VHvh7LYAjUSOwbQ4M+3LCw9fK0dAZrXqT9Yn5DquGYKj39QsHJoJ9R
> 4uoDb6ltPJuZDCJ0wBKHiyfMr3++UKTDj6dRkHF2OD7aBk4jPZUC6YCC5zgQFPxL
> MrBv137EBijmtu4uFfT2YM7SJkKa+AGXnhzsIdFKy5U4Ahqa7meA9sDdAHdOgR9W
> RVq9wuO3OnL12Oj53N/PEVtxgmWxHVZfIKP5EPihhSklWC6RU8XVgV4OlfGkkYkA
> YyrYNGjSTDI6YXVNXl4uKttzVg965tSt5+83HhuEFepR3+HFgmXz+suYa53J8rxX
> njESFI0qV7j7VzLnwthAjV5u0ZAY0y9vOTnMB1nLwVZEKl/g3/WNZhDes9xuyYqV
> fAXjVfM2YQ2mQui9U60g0XfSgnO/tnLVG8Fsiv3Jy2yx5baZect8nl3wX6qyWAiM
> d/vM2xKNhdf49qfltNQn
> =rmAp
> -END PGP SIGNATURE-
>
> On Sat, Jan 20, 2018 at 12:08 PM, Miller, Andrew via zapps-wg <
> zapps...@lists.z.cash.foundation> wrote:
>
>> Here's our response, should be done uploading to s3 in a moment.
>> 9af2153b5d0f96689f79049337de1fb328873f5f771adef1adf0486e4904
>> b28d96fe602c8866f42e8047ce3bdafe2f9e73c7d2cd1b0c023d3831a46242bd6fc9
>>
>> Long story short:
>> - Contributor: Ryan Pierce and Andrew Miller
>> - Isolation: 3,000 feet above ground in a Piper Cherokee
>> - Entropy source: geiger counter and a Chernobyl reactor graphite sample
>> Entertaining writeup and video to follow! (Note: all appropriate aviation
>> and radiation regulations were followed to a tee)
>>
>> --
>> Andrew Miller
>> University of Illinois at Urbana-Champaign
>> 
>> From: Sean Bowe [s...@z.cash]
>> Sent: Wednesday, January 17, 2018 10:22 PM
>> To: Miller, Andrew
>> Cc: Zapps wg
>> Subject: Re: [zapps-wg] Powers of Tau
>>
>> It does interfere with someone, but we could make it work Saturday
>> morning if you don't expect it to take longer than the morning.
>>
>> Sean
>>
>> On Wed, Jan 17, 2018 at 9:18 PM, Andrew Miller via zapps-wg
>>  wrote:
>> > Greetings everyone,
>> >I have a good one planned. But it's got a difficult time constraint.
>> I
>> > need to go this coming Saturday morning. Hopefully it won't interfere
>> with
>> > the batting order much if I ask for priority! Thanks,
>>
>
>
>
> --
> Andrew Miller
> University of Illinois at Urbana-Champaign
>



-- 
Andrew Miller
University of Illinois at Urbana-Champaign

Re: [zapps-wg] Powers of Tau

[Andrew Miller via zapps-wg]

formed a 360 degree steep turn to assure ourselves
that no aircraft or drones were following us. We set up the Geiger
counter RNG and laptop and began the computation. During this time, we
made occasional random turns, flying over northern Illinois and
southern Wisconsin while remaining outside the O'Hare Class B
airspace, until the compute finished. We observed no suspicious
aircraft attempting to follow us. The total compute time took around
30 minutes. We then flew to Schaumburg Airport (06C) where we uploaded
the response file at Pilot Pete's restaurant. We made a return flight
to Waukegan later that afternoon.

Pictures from the trip:

https://twitter.com/RyanPierce_Chi/status/954776352225398784
https://twitter.com/RyanPierce_Chi/status/954777461782470656
https://twitter.com/RyanPierce_Chi/status/954779454961745921
https://twitter.com/RyanPierce_Chi/status/954854952396050432
https://twitter.com/RyanPierce_Chi/status/954908555873849344
https://twitter.com/RyanPierce_Chi/status/954855811951550464

We’re also currently producing a short video about our trip, which we
plan to publish to Youtube and notify the zapps-wg mailing list.
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQIcBAEBAgAGBQJaZisvAAoJEFvUyhfk+7ICLOYQAIX7+nSe6CRVKFuwkjHYXJyu
Ll5G+X9+Kjrhq0RYXmjix50pEgkpEZhTzKnPxo4tNiiaRc34waKpCAFZpn2Yfpq5
8o3R3rTDjYlGcMVyWciipUvbtzxfxrs5GRXknTGhtLvhljZM+fq09O4raPn+oj5Y
tDiFKAO0tKx5wXqlg8diM5AxUfveX6Kov0844ctV+7rP6OYOgCEjqD/o/vM0kVUR
R5wvh7dqY2VHvh7LYAjUSOwbQ4M+3LCw9fK0dAZrXqT9Yn5DquGYKj39QsHJoJ9R
4uoDb6ltPJuZDCJ0wBKHiyfMr3++UKTDj6dRkHF2OD7aBk4jPZUC6YCC5zgQFPxL
MrBv137EBijmtu4uFfT2YM7SJkKa+AGXnhzsIdFKy5U4Ahqa7meA9sDdAHdOgR9W
RVq9wuO3OnL12Oj53N/PEVtxgmWxHVZfIKP5EPihhSklWC6RU8XVgV4OlfGkkYkA
YyrYNGjSTDI6YXVNXl4uKttzVg965tSt5+83HhuEFepR3+HFgmXz+suYa53J8rxX
njESFI0qV7j7VzLnwthAjV5u0ZAY0y9vOTnMB1nLwVZEKl/g3/WNZhDes9xuyYqV
fAXjVfM2YQ2mQui9U60g0XfSgnO/tnLVG8Fsiv3Jy2yx5baZect8nl3wX6qyWAiM
d/vM2xKNhdf49qfltNQn
=rmAp
-END PGP SIGNATURE-

On Sat, Jan 20, 2018 at 12:08 PM, Miller, Andrew via zapps-wg <
zapps...@lists.z.cash.foundation> wrote:

> Here's our response, should be done uploading to s3 in a moment.
> 9af2153b5d0f96689f79049337de1fb328873f5f771adef1adf0486e4904
> b28d96fe602c8866f42e8047ce3bdafe2f9e73c7d2cd1b0c023d3831a46242bd6fc9
>
> Long story short:
> - Contributor: Ryan Pierce and Andrew Miller
> - Isolation: 3,000 feet above ground in a Piper Cherokee
> - Entropy source: geiger counter and a Chernobyl reactor graphite sample
> Entertaining writeup and video to follow! (Note: all appropriate aviation
> and radiation regulations were followed to a tee)
>
> --
> Andrew Miller
> University of Illinois at Urbana-Champaign
> 
> From: Sean Bowe [s...@z.cash]
> Sent: Wednesday, January 17, 2018 10:22 PM
> To: Miller, Andrew
> Cc: Zapps wg
> Subject: Re: [zapps-wg] Powers of Tau
>
> It does interfere with someone, but we could make it work Saturday
> morning if you don't expect it to take longer than the morning.
>
> Sean
>
> On Wed, Jan 17, 2018 at 9:18 PM, Andrew Miller via zapps-wg
>  wrote:
> > Greetings everyone,
> >I have a good one planned. But it's got a difficult time constraint. I
> > need to go this coming Saturday morning. Hopefully it won't interfere
> with
> > the batting order much if I ask for priority! Thanks,
>



-- 
Andrew Miller
University of Illinois at Urbana-Champaign
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Powers of Tau Operational writeup
=
 
Round: 41
Principals: Ryan Pierce and Andrew Miller
Date: 2018-01-20
Location: North Illinois and Southern Wisconsin
Altitude: 3,000' AMSL / approx. 2200' AGL
Commit version: 9e1553c437183540392a7231d0788318a19b18a3
SHA256 of ./compute: 
922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a
SHA256 of challenge file: 
c48fbf0a267ea9a9596c09aaf91f6acc18b48430e9239c18de583055b32d503d
 
blake2sum of response:
8a5a9bcb a9c3ab76 c7e3a881 2ccd01e6
9af2153b 5d0f9668 9f790493 37de1fb3
28873f5f 771adef1 adf0486e 4904b28d
96fe602c 8866f42e 8047ce3b dafe2f9e
73c7d2cd 1b0c023d 3831a462 42bd6fc9
 
 
Preparation steps
=
 
As we know, Powers of Tau is all about generating and safely disposing
of cryptographic "toxic waste." So, what better way to generate
entropy than with actual radioactive toxic waste?

For our contribution, the entropy source was a hardware-based random
number generator utilizing a Geiger tube and a radioactive source,
constructed and programmed by Ryan Pierce. It was based off of the
MightyOhm Geiger Counter kit, available for purchase at
http://mightyohm.com/geiger

The radioactive source chosen was a very small, low activity sample of
the graphite moderator ejected from the core of the Chernobyl Unit 4
nuclear reactor during the 1986 

Re: [zapps-wg] Powers of Tau Attestation

[Bastien Teinturier via zapps-wg]

Thanks for the explanation Sean.
Indeed it's better to hide it then for next participants, good catch Daira!

On Mon, Jan 22, 2018 at 12:56 PM, Sean Bowe  wrote:

> There are potentially few useful entropy sources on an isolated system
> with its peripherals removed that has just booted (for example), so a cat
> walking across the keyboard can be used to strengthen the randomness at
> little cost. It's mostly defense-in-depth.
>
> Sean
>
> On Mon, Jan 22, 2018 at 1:59 AM, Bastien Teinturier via zapps-wg <
> zapps...@lists.z.cash.foundation> wrote:
>
>> It's a good point, and I was wondering why this "manual input" entropy is
>> needed.
>> I don't understand what it adds to the entropy implicitly grabbed from
>> the system by the executable.
>> If we assume that an adversary is able to monitor the system and
>> replicate the entropy of the random generator used in the code, that
>> adversary is probably able to grab the input to the process as well right?
>> I'm interested in learning more about why you felt it was necessary to
>> ask the user to provide some random input.
>>
>> Cheers,
>> Bastien
>>
>> On Sat, Jan 20, 2018 at 2:04 PM, Daira Hopwood via zapps-wg <
>> zapps...@lists.z.cash.foundation> wrote:
>>
>>> On 18/01/18 13:46, Bastien Teinturier via zapps-wg wrote:
>>> > Powers of Tau Attestation
>>>
>>> Notice that PowersOfTau_2.jpg leaks the additional entropy provided
>>> to the computation. That's ok, it uses operating system entropy as
>>> well; just noting that future participants might want to avoid that.
>>>
>>> --
>>> Daira Hopwood  ⚧Ⓐ
>>>
>>>
>>
>>
>> --
>>
>> [image: stratumn-logo.jpg]
>>
>>
>> Bastien Teinturier
>>
>> Senior Software Engineer
>>
>> Stratumn SAS, 1 bis Cité Paradis, 75010 Paris, France
>>
>> +33 6 28 57 71 59 <+33%206%2028%2057%2071%2059> • bast...@stratumn.com •
>> stratumn.com 
>>
>> We are hiring  • Read about us
>>  • Twitter 
>>
>
>


-- 

[image: stratumn-logo.jpg]


Bastien Teinturier

Senior Software Engineer

Stratumn SAS, 1 bis Cité Paradis, 75010 Paris, France

+33 6 28 57 71 59 • bast...@stratumn.com • stratumn.com


We are hiring  • Read about us
 • Twitter 

Re: [zapps-wg] Powers of Tau Attestation

[Sean Bowe via zapps-wg]

There are potentially few useful entropy sources on an isolated system with
its peripherals removed that has just booted (for example), so a cat
walking across the keyboard can be used to strengthen the randomness at
little cost. It's mostly defense-in-depth.

Sean

On Mon, Jan 22, 2018 at 1:59 AM, Bastien Teinturier via zapps-wg <
zapps...@lists.z.cash.foundation> wrote:

> It's a good point, and I was wondering why this "manual input" entropy is
> needed.
> I don't understand what it adds to the entropy implicitly grabbed from the
> system by the executable.
> If we assume that an adversary is able to monitor the system and replicate
> the entropy of the random generator used in the code, that adversary is
> probably able to grab the input to the process as well right?
> I'm interested in learning more about why you felt it was necessary to ask
> the user to provide some random input.
>
> Cheers,
> Bastien
>
> On Sat, Jan 20, 2018 at 2:04 PM, Daira Hopwood via zapps-wg <
> zapps...@lists.z.cash.foundation> wrote:
>
>> On 18/01/18 13:46, Bastien Teinturier via zapps-wg wrote:
>> > Powers of Tau Attestation
>>
>> Notice that PowersOfTau_2.jpg leaks the additional entropy provided
>> to the computation. That's ok, it uses operating system entropy as
>> well; just noting that future participants might want to avoid that.
>>
>> --
>> Daira Hopwood  ⚧Ⓐ
>>
>>
>
>
> --
>
> [image: stratumn-logo.jpg]
>
>
> Bastien Teinturier
>
> Senior Software Engineer
>
> Stratumn SAS, 1 bis Cité Paradis, 75010 Paris, France
>
> +33 6 28 57 71 59 <+33%206%2028%2057%2071%2059> • bast...@stratumn.com •
> stratumn.com 
>
> We are hiring  • Read about us
>  • Twitter 
>

Re: [zapps-wg] Powers of Tau Attestation

[Bastien Teinturier via zapps-wg]

It's a good point, and I was wondering why this "manual input" entropy is
needed.
I don't understand what it adds to the entropy implicitly grabbed from the
system by the executable.
If we assume that an adversary is able to monitor the system and replicate
the entropy of the random generator used in the code, that adversary is
probably able to grab the input to the process as well right?
I'm interested in learning more about why you felt it was necessary to ask
the user to provide some random input.

Cheers,
Bastien

On Sat, Jan 20, 2018 at 2:04 PM, Daira Hopwood via zapps-wg <
zapps...@lists.z.cash.foundation> wrote:

> On 18/01/18 13:46, Bastien Teinturier via zapps-wg wrote:
> > Powers of Tau Attestation
>
> Notice that PowersOfTau_2.jpg leaks the additional entropy provided
> to the computation. That's ok, it uses operating system entropy as
> well; just noting that future participants might want to avoid that.
>
> --
> Daira Hopwood  ⚧Ⓐ
>
>


-- 

[image: stratumn-logo.jpg]


Bastien Teinturier

Senior Software Engineer

Stratumn SAS, 1 bis Cité Paradis, 75010 Paris, France

+33 6 28 57 71 59 • bast...@stratumn.com • stratumn.com


We are hiring  • Read about us
 • Twitter 

Re: [zapps-wg] Powers of Tau

[SuperKerem via zapps-wg]

This sounds excellent!

SuperKerem

On Sat, Jan 20, 2018 at 9:12 pm, Sean Bowe via zapps-wg 
 wrote:

> Verified and added to transcript. Looking forward to additional info! Sean On 
> Sat, Jan 20, 2018 at 11:08 AM, Miller, Andrew wrote: > Here's our response, 
> should be done uploading to s3 in a moment. > 
> 9af2153b5d0f96689f79049337de1fb328873f5f771adef1adf0486e4904b28d96fe602c8866f42e8047ce3bdafe2f9e73c7d2cd1b0c023d3831a46242bd6fc9
>  > > Long story short: > - Contributor: Ryan Pierce and Andrew Miller > - 
> Isolation: 3,000 feet above ground in a Piper Cherokee > - Entropy source: 
> geiger counter and a Chernobyl reactor graphite sample > Entertaining writeup 
> and video to follow! (Note: all appropriate aviation and radiation 
> regulations were followed to a tee) > > -- > Andrew Miller > University of 
> Illinois at Urbana-Champaign >  > 
> From: Sean Bowe [s...@z.cash] > Sent: Wednesday, January 17, 2018 10:22 PM > 
> To: Miller, Andrew > Cc: Zapps wg > Subject: Re: [zapps-wg] Powers of Tau > > 
> It does interfere with someone, but we could make it work Saturday > morning 
> if you don't expect it to take longer than the morning. > > Sean > > On Wed, 
> Jan 17, 2018 at 9:18 PM, Andrew Miller via zapps-wg > wrote: >> Greetings 
> everyone, >> I have a good one planned. But it's got a difficult time 
> constraint. I >> need to go this coming Saturday morning. Hopefully it won't 
> interfere with >> the batting order much if I ask for priority! Thanks, 
> @lists.z.cash.foundation> @illinois.edu>

Re: [zapps-wg] Powers of Tau

[Sean Bowe via zapps-wg]

Verified and added to transcript. Looking forward to additional info!

Sean

On Sat, Jan 20, 2018 at 11:08 AM, Miller, Andrew  wrote:
> Here's our response, should be done uploading to s3 in a moment.
> 9af2153b5d0f96689f79049337de1fb328873f5f771adef1adf0486e4904b28d96fe602c8866f42e8047ce3bdafe2f9e73c7d2cd1b0c023d3831a46242bd6fc9
>
> Long story short:
> - Contributor: Ryan Pierce and Andrew Miller
> - Isolation: 3,000 feet above ground in a Piper Cherokee
> - Entropy source: geiger counter and a Chernobyl reactor graphite sample
> Entertaining writeup and video to follow! (Note: all appropriate aviation and 
> radiation regulations were followed to a tee)
>
> --
> Andrew Miller
> University of Illinois at Urbana-Champaign
> 
> From: Sean Bowe [s...@z.cash]
> Sent: Wednesday, January 17, 2018 10:22 PM
> To: Miller, Andrew
> Cc: Zapps wg
> Subject: Re: [zapps-wg] Powers of Tau
>
> It does interfere with someone, but we could make it work Saturday
> morning if you don't expect it to take longer than the morning.
>
> Sean
>
> On Wed, Jan 17, 2018 at 9:18 PM, Andrew Miller via zapps-wg
>  wrote:
>> Greetings everyone,
>>I have a good one planned. But it's got a difficult time constraint. I
>> need to go this coming Saturday morning. Hopefully it won't interfere with
>> the batting order much if I ask for priority! Thanks,

Re: [zapps-wg] Powers of Tau

[Miller, Andrew via zapps-wg]

Here's our response, should be done uploading to s3 in a moment.
9af2153b5d0f96689f79049337de1fb328873f5f771adef1adf0486e4904b28d96fe602c8866f42e8047ce3bdafe2f9e73c7d2cd1b0c023d3831a46242bd6fc9

Long story short:
- Contributor: Ryan Pierce and Andrew Miller
- Isolation: 3,000 feet above ground in a Piper Cherokee
- Entropy source: geiger counter and a Chernobyl reactor graphite sample
Entertaining writeup and video to follow! (Note: all appropriate aviation and 
radiation regulations were followed to a tee)

--
Andrew Miller
University of Illinois at Urbana-Champaign

From: Sean Bowe [s...@z.cash]
Sent: Wednesday, January 17, 2018 10:22 PM
To: Miller, Andrew
Cc: Zapps wg
Subject: Re: [zapps-wg] Powers of Tau

It does interfere with someone, but we could make it work Saturday
morning if you don't expect it to take longer than the morning.

Sean

On Wed, Jan 17, 2018 at 9:18 PM, Andrew Miller via zapps-wg
 wrote:
> Greetings everyone,
>I have a good one planned. But it's got a difficult time constraint. I
> need to go this coming Saturday morning. Hopefully it won't interfere with
> the batting order much if I ask for priority! Thanks,

Re: [zapps-wg] Powers of Tau Attestation

[Daira Hopwood via zapps-wg]

On 18/01/18 13:46, Bastien Teinturier via zapps-wg wrote:
> Powers of Tau Attestation

Notice that PowersOfTau_2.jpg leaks the additional entropy provided
to the computation. That's ok, it uses operating system entropy as
well; just noting that future participants might want to avoid that.

-- 
Daira Hopwood  ⚧Ⓐ



signature.asc
Description: OpenPGP digital signature

Re: [zapps-wg] Powers of Tau participation request

[Sean Bowe via zapps-wg]

Sounds good! I'll be in touch.

Sean

On Thu, Jan 18, 2018 at 12:47 AM, Gabe Ortiz via zapps-wg
 wrote:
> Hi, I’d like to participate. I can go anytime next week between 9am and 5pm
> MST.
>
> -Gabe

Re: [zapps-wg] Powers of Tau Attestation

[Sean Bowe via zapps-wg]

This is great! I've entered it into the transcript. Thanks!

Sean

On Thu, Jan 18, 2018 at 6:46 AM, Bastien Teinturier via zapps-wg <
zapps...@lists.z.cash.foundation> wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Powers of Tau Attestation
> 
>
> Date: 2018-1-18
> Name: Bastien Teinturier
> Location: Paris, France
>
> Response hash:
> e4dafd1b 0fa438a2 b313d66c c9566a0a
> be6d7abe 76252eeb 7d294028 770f830d
> e8670f14 5ed8c8af 4e5c3476 f591d0c7
> bfd58ddd 36dd7c4d 311d1358 420d551f
>
> Posted on Github:
> https://gist.github.com/t-bast/7cddb36d8f583e48f60c3cc76aa679ed
>
> Process
> 
>
> Dell Precision Tower 3420
> UBUNTU 14.04.5 Desktop (Trusty)
> Rust v1.23.0 (766bd11c8 2018-01-01)
> powersoftau (github.com/ebfull/powersoftau commit
> d47a1d3d1f007063cbcc35f1ab902601a8b3bd91)
> VirtualBox 5.2.6
> Kali Linux 64-bit 2017.3 live run
>
> At first I wanted to make a Rump unikernel to run this directly on Xen,
> QEMU or KVM, but I didn't take enough time to prepare.
> But I think it could be a fun experiment for another participant if
> someone is interested.
>
> So instead I did this on an Ubuntu desktop.
> I created a Kali Linux VM in VirtualBox that I booted in "live run" mode.
> I didn't share volumes between the VM and the host.
> I installed the rust toolchain on it and built the github repository.
>
> Then I turned the network card off, wrapped the desktop tower in tin foil
> and ran the computation.
> I left a wireshark running on the host OS and saw only failing legit DNS
> and ICMP packets.
> At the end of the computation, I put the network back on to upload the
> response while monitoring wireshark traffic.
> I didn't notice anything unusual, so once the file was uploaded I turned
> the network card off again and deleted the VM.
> I turned off the PC, unplugged all cables to let it discharge and rebooted.
>
> I would have loved to destroy my PC Mr Robot style, but I really do need
> it :).
>
>
> -BEGIN PGP SIGNATURE-
>
> wsFcBAEBCAAQBQJaYKOjCRC+XTQq02jBOgAALykQAEXkra5nOARp93xRItriB0p/
> TdWa+n7CL48Azm/Gjd5Hg3xlxyVvCT6s6Bw5Jk2/1+OzgFDpntYeehZsgxgLf/ie
> 16gVSG58bLrd1hUUmdsRFp96HkjRL5zT4jQhJiYfNUTrRk4ni2XzIydU6HXC94JZ
> IKvkX7mXgYkQ5LO0ue3Omhtqo7H4zY8qRLsN48EqwR/FA7gcS/KxJJdVwxwokwHo
> xkjAeE0vIzaXbUmOkyGPIU1eVJQVbiQZI6kdIivf+r7cOuo3kmFGBVKYTSY9TQNA
> lBUu0CffoIJI4j6fen5ujIp5uH5vvm8NZ2Z5GI6odo9KQm3eghpFBXgv4pFgOmcl
> 4k9SzxarmnKSJC/BLRhcvUkFImDz1zgZ1T8QGkZkrwyVzC9nvR1wTqS05kuBD0f8
> 3M7u28gUdccxOiKDkWWhg94PynS0VuZ/mdn7cRFB1wYszcjUYuwooFZb1SRDssfQ
> t5I38D6f16r6x9jWMgbGEql2fVvRsVI3dDp1NIakZwpWjD5cinxG3pCrDoYwNPli
> PnmUzf1u4lj211DVA/LWhQkrrrnWHWzxojSLkqzNgQzzYj9uRtcCIb7ifIti3rdI
> hkwcu1FhmJpaiFZbSc2dnSym+edMINRif68d1IKomLcd2e4wfQtLUs7lgOQbu7Th
> OPGA4WGhAJsvfiUQn0Lb
> =j6c/
> -END PGP SIGNATURE-
>
> [image: stratumn-logo.jpg]
>
>
> Bastien Teinturier
>
> Senior Software Engineer
>
> Stratumn SAS, 1 bis Cité Paradis, 75010 Paris, France
>
> +33 6 28 57 71 59 <+33%206%2028%2057%2071%2059> • bast...@stratumn.com •
> stratumn.com 
>
> We are hiring  • Read about us
>  • Twitter 
>

Re: [zapps-wg] Powers of Tau

[Sean Bowe via zapps-wg]

It does interfere with someone, but we could make it work Saturday
morning if you don't expect it to take longer than the morning.

Sean

On Wed, Jan 17, 2018 at 9:18 PM, Andrew Miller via zapps-wg
 wrote:
> Greetings everyone,
>I have a good one planned. But it's got a difficult time constraint. I
> need to go this coming Saturday morning. Hopefully it won't interfere with
> the batting order much if I ask for priority! Thanks,

Re: [zapps-wg] Powers of Tau Round 38 Attestation

[Sean Bowe via zapps-wg]

Thank you! Another fun attestation. :)

Sean

On Wed, Jan 17, 2018 at 7:47 PM, Ryan Close via zapps-wg
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Powers of Tau Attestation
> =
>
> Round: 38
> Date: 2018-1-17
> Name: Ryan Close
> Location: Florida, US
>
> Challenge:
> a58bcc60b15a6cd3d69fa7ef87b4f9d2f9be6eb2d470f66e0dadc8058a14c8ca18efaa1ca69346865d3f83bbc9fe1320e5c16f3580567963a206d337377a82ea
> Response:
> c63d895327712427bb14295d7935af4cb79bbdf9b84411684b9cd3292750f63261f3a874ec160e070cdd98bcdd2b1dd21cf20f937fb486c0ac1cab12bb3a0046
> (tweeted: https://twitter.com/closerm/status/953816452997500929 )
>
> Process
> ===
>
> UBUNTU 16.04.3 Desktop (x2)
> Rust v1.23.0 (766bd11c8 2018-01-01)
> powersoftau (github.com/ebfull/powersoftau commit
> d47a1d3d1f007063cbcc35f1ab902601a8b3bd91)
>
> I began by installing ubuntu-16.04.3-desktop-amd64.iso to a brand new
> formatted USB thumbdrive. The drive was encrypted (cryptsetup).
> I booted from this drive in VirtualBox, allowing me to update the OS,
> install the rust toolchain, and clone the needed git repository.
> The VM was shutdown, and the thumbdrive was removed to be used with an
> offline machine (no wifi, disconnected ethernet) that has no other physical
> drives.
>
> The above was performed twice, and moved to two seperate offline machines.
>
> Prior to attaching the Ubuntu OS thumbdrives to either stand-alone machine,
> each machines was booted with a live image and memtest was run.
>
> The provided challenge file was downloaded and placed on a second new and
> newly formatted thumbdrive and moved to the disconnected computer(s).
>
> For each compute node, extra entropy was introduced by letting my kids type
> at the keyboard until they felt good and satisfied, or until one of them
> accidently hit [enter].
>
> When complete, each node was verified (via verify_transform), results copied
> to the thumbdrive. Dice (and kids) were then used to choose which payload to
> report, and the result was uploaded.
>
> All 3 thumbdrives have since been securely erased, reformatted, and
> intermixed with a stash of several other similar and empty drives.
>
> Driveless stand-alone machines have since been booted and memtest run, and
> will eventually be brought back onto the network.
>
>
>
> Side Note
> 
>
> Attempts were made to use additional hardware, OS, and software
> configurations.
>
> Raspberry Pi3 nodes were tested to see if they could be used, but do not
> have enough RAM to complete the compute job.
> PINE64 nodes were tested to see if they could be used, and while they faired
> much better than the Raspberry Pi's, they ultimately failed to complete the
> compute job aswell.
>
>
> -BEGIN PGP SIGNATURE-
> Version: Keybase OpenPGP v2.0.76
> Comment: https://keybase.io/crypto
>
> wsFcBAABCgAGBQJaYAmKAAoJEIKOoktVTw1jxVkP/iKfNVYlHGzZLVzjzlRqwi+U
> pedJjROB5LhWRXq4cPB1CfWOkVyzvljOEdgDuzzwN8Ar+QFoQnd8YpanGx8ysWVR
> UHZrMMlfQq/V/pI76DEsxXYNhuh/hs95TSnf7DaZtGPizYXE2nJrWQBl7tiZ8FyQ
> RYcIiK4sPaHnFwKTpFqy9fzetPG5hdvNb/cTYpucyHyflZbiqchOW7o8WFGK7jr/
> 3tTnPDL6L5ywknre4CJ8iWDL+nOYTfhSSjNTjWVvGE0VeM/RfxtBcBDbt9YpNLRj
> IZ9o0JJDEV/wDVI/BDCg3IMKzMrGTirN9edCv1Iyem6cj5lOlFZHqHby/kLTXqWH
> sdk6aowVxR2AyVJY85vWfD0bcAexb2hEWxXLrzxUGX7bSDzE4g6lLT3KtvIlRRIY
> gaSqVPwZ2puKZVXEz2op8573lhZ1LSBHw9UFWgXvZAE+3ob3+/vFXp425h4/Zvd2
> 8cTkVWpKUo1GijIoJWysuOc4gouO6oav055ix7GfXCLQ6kYeKwLmS7iDvUK7yIm1
> kBnCiVvY8kGdfm1TQAYucH/HVmfVmuoMmI37G7yEKFFEB/XDwdK2ynoo+sbr+ZZL
> 7Qd1FpAbBpl+YXFnOYXP3TDrXQ8X1kk5YoCQwzAsPS5a/TTaVJyk7e2nPDZverP2
> hDYsjfVq5oaE+tYLCeiR
> =2Par
> -END PGP SIGNATURE-
>

Re: [zapps-wg] Powers of Tau participation

[Sean Bowe via zapps-wg]

Cool, we'll get you in likely early next month then.

Sean

On Wed, Jan 17, 2018 at 6:22 PM, Jan Jancar via zapps-wg
 wrote:
> Hi all,
> I would like to participate in the Powers of Tau ceremony. I have a
> compute node ready, am in the UTC +2 timezone, and generally available
> until the 22.01.2018 and then from 01.02.2018.
>
> Cheers,
> --
> Jan
> __
>/\  # PGP: 362056ADA8F2F4E421565EF87F4A448FE68F329D
>   /__\  # https://neuromancer.sk
>  /\  /\  # Eastern Seaboard Phishing Authority
> /__\/__\  #
>

Re: [zapps-wg] Powers of Tau Ceremony

[Sean Bowe via zapps-wg]

Great! I'll be in touch.

On Tue, Jan 16, 2018 at 12:25 AM, Jacob Lyles via zapps-wg
 wrote:
> Hi everyone!
>
> I'd like to participate in the ZCash Powers of Tau ceremony. As far as
> crypto cred goes, I was an author of the glacier protocol
> (https://glacierprotocol.org/), a bitcoin enthusiast since 2012, and a ZCash
> enthusiast since well before the launch day. It would mean a lot to me to be
> part of this history.
>
> Tuesday the 30th would be a great day for me to participate. I can also find
> some other days and times if necessary.
>
> I'm looking forward to being part of this!
>
> Peace,
> Jacob

Re: [zapps-wg] Powers of Tau Contribution

[Sean Bowe via zapps-wg]

I added this to the transcript, thank you! :)

Sean

On Mon, Jan 8, 2018 at 11:09 AM, James Prestwich via zapps-wg
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> I've finshed running the powers of tau contriubtion, and uploaded the
> response.
>
> $ sha256sum challenge
> 85a1f6af395e10eab667edca18272b7c30d8b57da1fe2bd1cba2eeae66757c4b
>
> The BLAKE2b hash of `./response` is:
>   829a70f6 d8107c88 f20bd02a b130d598
>   091cc1fc bc4a826c ed7f5889 067bdb8e
>   4bef3e38 94fd532c d7a242a4 3900468f
>   d6fb72b5 48cc45bc b330adbf 800e3383
>
> I modified compute.rs to use a different CSPRNG and source of entropy.
> -BEGIN PGP SIGNATURE-
> Version: Mailvelope v2.1.1
> Comment: https://www.mailvelope.com
>
> wsFcBAEBCAAQBQJaU7LUCRBRngEKeQKMzAAA1awP/1ZLC8V+bBB5T+CVENRB
> 8Vc3BjxU7+mtXhpMju6We4zH0nPvcVhYKlT2dsFHz6hGe1rZlBnXn+EQUipl
> Qm5w61j2FYdI9XcbJK0t5mVredocdJ6KPRRWakaTb+KQKGQG8ttk1vusOJqr
> mNBvj4qvdN2eBzVBBVQsaK+Gn5yRRylNaoqShJR1+mWrV6iNoSPPWIsh7jaJ
> OtVk36qMho/WcMZwc4rdy0OqzyVW6znN4Q772Rr+wsxol9OMSa3n5hYRd++Q
> 4/q1r36eJh2hbuPpYJCg50ptb/Lwn7yTyTSIc7uRlvtCz9QjmgQ0Yu7qV9TL
> kDq3yoL9p6A3kBulAPX11D/G8kf+nF2ACemleiLmHuJn2dhHo0RxbCQRfACt
> YQIiCCtk1hpz8AbFzCu7LRBWJfbh4hOKokQNJ6KlRAIuMrsvPt1ASbKFtH+t
> RzHkkTf6Gp1wP1Q9It9RVDmCjVPKe1z1jx7a2/12Zd7cXlI6le33sQwtSkzq
> EcbIKR+EJXmKOg6VwLcSus+VKSohAv25g1s3WzQQi6FRNdgD8JZGU1TVY9VF
> PPs6zpULeV+EYp58VA+SpL+eoufuaKH92niNVuPC+ctqGTX5w3QzD6T1Y9gA
> rQbt53Ilh1GsNlk55UYXaaKxzAJlGvC77Lr7oRU38g/z9nsfeeG5oa+cygl2
> voA5
> =+lmK
> -END PGP SIGNATURE-

Re: [zapps-wg] Powers of Tau Attestation

[Sean Bowe via zapps-wg]

Thanks! I've added this to the transcript.

Sean

On Sat, Jan 6, 2018 at 8:02 PM, Brian via zapps-wg
 wrote:
> Powers of Tau Operational Writeup
> =
> Date: 2018-01-06
> Name: Brian Gomes Bascoy
> Location: Seattle, WA, USA
>
> Challenge:
> bdfadf02e016d8fac9a77659ce4bf6e066d07c168c69d27f3132344c26dc3eb657b77ce
> 2327f5a3483f5d33d5d391757a23a4a09a88f02868353aa65cdcfcb3a
> Response:
> 02dc27a0df3d1a838bc1087774c20d7ce61a4a467ce1e0ac8cac03d2a7c91c8d6cd5485
> 7873d4b7bc00500b1d6f85d917bd7aa2d92a659f4ac3a195aaa66cf36
>
>
> Preparation Steps
> =
> Host system:
> Linux yuri 4.14.11-1-ARCH #1 SMP PREEMPT Wed Jan 3 07:02:42 UTC 2018
> x86_64 GNU/Linux
>
> Guest system:
> Linux debian 4.14.0.2-amd64 #1 SMP Debian 4.14.7-1 (2017-12-22) x86_64
> GNU/Linux
>
> On 2018-01-05 I installed Debian "buster" (I had to use testing for the
> cargo package) with encrypted LVM on a VirtualBox VM with a 8GB fixed
> size virtual HD. I kept the laptop (a ThinkPad T450s that I bought
> about two years ago) with me the whole time here in my apartment. The
> host OS is Arch Linux without swap space, which I had fully upgraded a
> few hours before. To the best of my knowledge I never had any kind of
> security incident with this computer, which I have used for instance to
> do valuable cryptocurrencies transactions and also to manage banks and
> investments accounts, so I'm relatively confident that it's somewhat
> trustworthy.
>
> Used apt-get to install unzip, rustc, cargo and all its dependencies.
> Downloaded the current Powers of Tau master branch with wget from
> GitHub (https://github.com/ebfull/powersoftau/archive/master.zip).
>
>
> Side Channel Defenses
> =
> It's not much but: I left my cell phone far away from the basement room
> where I had my laptop, disabled the wifi kernel modules, and unplugged
> the power adapter before starting the process. I didn't use any other
> electronic device (not even my lovely mechanical keyboard ^_^).
>
>
> Procedure
> =
> Sean Bowe sent me a link to a page hosted on an Amazon S3 instance with
> a link to the challenge file. I downloaded it using the host system at
> 11:20 AM (PST) and then I disconnect it from the Internet and unplugged
> the charger. I started the guest system VM and used scp to copy the
> challenge. I ran cargo, introduced more than a minute of random
> keyboard typing, then waited for almost 4 hours for the process to
> complete (unfortunately I had to charge the batteries after the 3rd
> hour for about 30 minutes). When it finished I took a picture of the
> hash with a Canon EOS, and copied the response file using scp to the
> host system.
>
>
> Postprocessing
> ==
> Deleted all the VM files with shred, rebooted and then ran Lenovo's
> Diagnostic tool on CPU, RAM, HDD and motherboard, to cleanup registers,
> memory, caches, buffers, etc.
>
> I verified the photograph of the response's BLAKE2 checksum, and after
> posting this report I will check it again from the mailing list archive
> using different devices.
>
>
> SHA256SUMS
> ==
> a3a5b581169394e68a0d566e72df3a6a4bd3c54e7e75c87b01c4c981401dcfd4  virtu
> albox-5.2.4-1-x86_64.pkg.tar.xz
> a8e8aff5c5709657ec40b1a8eb5c58c9f543386532261bdd4a30ca3ca462e3e4  virtu
> albox-host-modules-arch-5.2.4-6-x86_64.pkg.tar.xz
>
> 41670305b5468693e4fb17f8a695ba1fe5385a088d7fc2b1efb81b956f68c5c1  debia
> n-testing-amd64-netinst.iso
>
> 2f186a48f45c31844b8288d9ee403b97ff558735478a215c49bb13652fe2fdc5  cargo
> _0.23.0-1_amd64.deb
> 88a2e940bd7573c62ee3a979f823c47c2e252ef54ec6a885fdcac56705cd1a8a  rustc
> _1.22.1+dfsg1-1_amd64.deb
> d0d8d9ab3e55b139a207c43b7a15faec17faf7b0da77f9b844ffd2d2c03b68e6  unzip
> _6.0-21_amd64.deb
>
> 0902301defc0705d3d824d9ec17382f40785cb9ce84502ee13b774840752def7  maste
> r.zip
>
>
> Debian ISO's SHA256SUMS.SIGN
> 
> iQIzBAABCAAdFiEE9B0wNC81RmlfZcZpQkaPQAnqisMFAlpJvagACgkQQkaPQAnq
> isMUsg//SsY1iF8ZoBPsD2hyHytKNBzZXBKRoMxy0DYfAvo62ARu1IfLAroMJIIq
> ZZl9OL+mppxbbx1PKFPAfVDhNeRHQBsR2bK3dfo7enhg53sr4CEu0HRI2Zgul+t9
> nWaT0qBW6hPn5XLAPSj4IzIcSCimh8v0CVHLUMNhCB9UMF2kSW+9Ye5vba5CeDfI
> YMcr2tacqeOQyWECiOudOQ9Ph01B3w9Hm6ikCK/JSj1lURjvOerILqLQYdliI4Nq
> +KCIYqDdKeoFYFhkVOEJGEKL/q9J0Y2k22xZbtt304s+W4Rd9PPX2Dyn8cCrDeBy
> S6ZwQbNP3lJOXkQQKlboPL25tjnOsSAnWC51K9sYJnAB+/nJEBn38Z1sHld1K4IE
> QjTLoPbx7uNKNFvkUaDN+wcV0tIZye/ypQE97tb9BijPk8LFX+C7Zlj7lHBq0ouq
> Nqb+XXdJ/2qS2INsClrab0+s1nU2zs27V5ahOyL9PIxynBpVl/ma4hKUHQDC6nN/
> i179GWtejIwNxOlQ+uEjsweo5wxhZzxD8OYfPqQk6Dn65OdC/aqrbC4uDoMnO4JV
> UlhQJ2Lo5ad5njWib8wLN+8p1v4Op7BcRa63gDEdtNv2+xX2lmtbS3r93dtmMQIn
> qD4oiJgEfGNe/DChROy+Qvt2rszXbuF0KwDAhQg32QrHbu8gbmE=
> =Sqtk
>

Re: [zapps-wg] Powers of Tau participation + zk proof question

[James Prestwich via zapps-wg]

10-20s proving time is more than fast enough for me.

I'm going to dig through the gadgetlibs to get a feel for what it'd take to
implement this, but it's been a long time since my last algebra class.

On Wed, Jan 3, 2018 at 3:06 PM Andrew Miller  wrote:

> Yeah! It's 2018 and we still don't have a libsnark gadget for
> verifying major cryptocurrency signatures? What gives?
>
> Call me old fashioned #slowcrypto but even with 10-20s proving time it
> could still be useful for things.
>
> On Wed, Jan 3, 2018 at 4:01 PM, James Prestwich  wrote:
> > This is about the point where my math and libsnark knowledge runs out :)
> >
> > My usecase is specifically cryptocurrency related, so I'm mostly
> interested
> > in curves that are used by cryptocurrency signature algorithms. E.g.
> > secp256k1 (Bitcoin and its kids), ed25519 (Sia, Stellar, and a few
> others).
> > Jubjub is definitely on the list once sapling is closer to deployment.
> After
> > a bit of consideration, ed25519 would probably be the most interesting at
> > first.
> >
> > On Wed, Jan 3, 2018 at 2:33 PM Sean Bowe  wrote:
> >>
> >> I believe those gadgets are specifically for curves where the scalar
> >> field is the base field of the curve you're working with, so they
> >> probably wouldn't be that useful for arbitrary fields. Most of the
> >> complexity here is the bignum arithmetic inside the circuit, though.
> >>
> >> > Is there any more clever way to do this than just providing splitting
> >> > into bits to implement modular arithmetic in a different field?
> >>
> >> Not that I know of. I explored the feasibility of this kind of stuff
> >> in the past and concluded each point addition would be around the cost
> >> of a SHA256 invocation. You can minimize the number of additions using
> >> window tables. The best approach seemed to be giant window tables
> >> queried with merkle tree lookups using something like MiMC. The
> >> additions are most efficient when working with affine formulas
> >> (inversions can be witnessed as efficiently as multiplications). You
> >> may be able to get this down to 2^20 constraints for ~256-bit scalars,
> >> which might be around 10-20 second proving time.
> >>
> >> Sean
> >>
> >> On Wed, Jan 3, 2018 at 1:36 PM, Andrew Miller 
> >> wrote:
> >> > Suppose one did want to build a secp256k1 gadget. I notice that
> libsnark
> >> > already provides a general gadget for  weierstrass form elliptic
> curves,
> >> > parameterized by a field. So all we'd have to do is define the
> secp256k1
> >> > operations in the alt_bn128 or in bls12 fields. Is there any more
> clever
> >> > way
> >> > to do this than just providing splitting into bits to implement
> modular
> >> > arithmetic in a different field?
> >> >
> >> > On Jan 3, 2018 2:11 PM, "Sean Bowe"  wrote:
> >> >>
> >> >> If any curve is acceptable, I would encourage Jubjub, which we'll be
> >> >> using for the next version of Zcash. In which case you will be able
> to
> >> >> leverage our Sapling crypto code once it is more mature over the next
> >> >> month or so. https://github.com/zcash-hackworks/sapling-crypto
> >> >>
> >> >> Sean
> >> >>
> >> >> On Wed, Jan 3, 2018 at 1:02 PM, James Prestwich via zapps-wg
> >> >>  wrote:
> >> >> > I'd prefer sha256 or bitcoin-style hash160. I'm interested in a few
> >> >> > different curves, including secp256k1. Eventually for EdDSA keys as
> >> >> > well. Is
> >> >> > there a list of supported curve operations?
> >> >> >
> >> >> > On Wed, Jan 3, 2018 at 12:57 PM Andrew Miller <
> soc1...@illinois.edu>
> >> >> > wrote:
> >> >> >>
> >> >> >> Thank you so much for expressing your question in
> Camenisch-Stadler
> >> >> >> notation! That makes it very clear what you're going for.
> >> >> >>
> >> >> >> What hash function H do you have in mind, would SHA2 work? Also
> what
> >> >> >> group
> >> >> >> G do you have in mind, secp256k1?
> >> >> >>
> >> >> >> If so, I do not know of any existing implementation of secp256k1
> >> >> >> operations specifically in libsnark, so that would presumably be
> the
> >> >> >> biggest
> >> >> >> challenge.
> >> >> >>
> >> >> >>
> >> >> >> On Jan 3, 2018 1:47 PM, "James Prestwich via zapps-wg"
> >> >> >>  wrote:
> >> >> >>
> >> >> >> I'd like to participate in the setup ceremony.
> >> >> >>
> >> >> >> I also have an app I'd like to build using a zk-proof of knowledge
> >> >> >> of
> >> >> >> an
> >> >> >> ECC private key. {(a) : A = a * G, B = H(a)}. Can anyone point me
> to
> >> >> >> good
> >> >> >> resources on getting started?
> >> >> >>
> >> >> >>
> >> >> >
>
>
>
> --
> Andrew Miller
> University of Illinois at Urbana-Champaign
>

Re: [zapps-wg] Powers of Tau participation + zk proof question

[Andrew Miller via zapps-wg]

Yeah! It's 2018 and we still don't have a libsnark gadget for
verifying major cryptocurrency signatures? What gives?

Call me old fashioned #slowcrypto but even with 10-20s proving time it
could still be useful for things.

On Wed, Jan 3, 2018 at 4:01 PM, James Prestwich  wrote:
> This is about the point where my math and libsnark knowledge runs out :)
>
> My usecase is specifically cryptocurrency related, so I'm mostly interested
> in curves that are used by cryptocurrency signature algorithms. E.g.
> secp256k1 (Bitcoin and its kids), ed25519 (Sia, Stellar, and a few others).
> Jubjub is definitely on the list once sapling is closer to deployment. After
> a bit of consideration, ed25519 would probably be the most interesting at
> first.
>
> On Wed, Jan 3, 2018 at 2:33 PM Sean Bowe  wrote:
>>
>> I believe those gadgets are specifically for curves where the scalar
>> field is the base field of the curve you're working with, so they
>> probably wouldn't be that useful for arbitrary fields. Most of the
>> complexity here is the bignum arithmetic inside the circuit, though.
>>
>> > Is there any more clever way to do this than just providing splitting
>> > into bits to implement modular arithmetic in a different field?
>>
>> Not that I know of. I explored the feasibility of this kind of stuff
>> in the past and concluded each point addition would be around the cost
>> of a SHA256 invocation. You can minimize the number of additions using
>> window tables. The best approach seemed to be giant window tables
>> queried with merkle tree lookups using something like MiMC. The
>> additions are most efficient when working with affine formulas
>> (inversions can be witnessed as efficiently as multiplications). You
>> may be able to get this down to 2^20 constraints for ~256-bit scalars,
>> which might be around 10-20 second proving time.
>>
>> Sean
>>
>> On Wed, Jan 3, 2018 at 1:36 PM, Andrew Miller 
>> wrote:
>> > Suppose one did want to build a secp256k1 gadget. I notice that libsnark
>> > already provides a general gadget for  weierstrass form elliptic curves,
>> > parameterized by a field. So all we'd have to do is define the secp256k1
>> > operations in the alt_bn128 or in bls12 fields. Is there any more clever
>> > way
>> > to do this than just providing splitting into bits to implement modular
>> > arithmetic in a different field?
>> >
>> > On Jan 3, 2018 2:11 PM, "Sean Bowe"  wrote:
>> >>
>> >> If any curve is acceptable, I would encourage Jubjub, which we'll be
>> >> using for the next version of Zcash. In which case you will be able to
>> >> leverage our Sapling crypto code once it is more mature over the next
>> >> month or so. https://github.com/zcash-hackworks/sapling-crypto
>> >>
>> >> Sean
>> >>
>> >> On Wed, Jan 3, 2018 at 1:02 PM, James Prestwich via zapps-wg
>> >>  wrote:
>> >> > I'd prefer sha256 or bitcoin-style hash160. I'm interested in a few
>> >> > different curves, including secp256k1. Eventually for EdDSA keys as
>> >> > well. Is
>> >> > there a list of supported curve operations?
>> >> >
>> >> > On Wed, Jan 3, 2018 at 12:57 PM Andrew Miller 
>> >> > wrote:
>> >> >>
>> >> >> Thank you so much for expressing your question in Camenisch-Stadler
>> >> >> notation! That makes it very clear what you're going for.
>> >> >>
>> >> >> What hash function H do you have in mind, would SHA2 work? Also what
>> >> >> group
>> >> >> G do you have in mind, secp256k1?
>> >> >>
>> >> >> If so, I do not know of any existing implementation of secp256k1
>> >> >> operations specifically in libsnark, so that would presumably be the
>> >> >> biggest
>> >> >> challenge.
>> >> >>
>> >> >>
>> >> >> On Jan 3, 2018 1:47 PM, "James Prestwich via zapps-wg"
>> >> >>  wrote:
>> >> >>
>> >> >> I'd like to participate in the setup ceremony.
>> >> >>
>> >> >> I also have an app I'd like to build using a zk-proof of knowledge
>> >> >> of
>> >> >> an
>> >> >> ECC private key. {(a) : A = a * G, B = H(a)}. Can anyone point me to
>> >> >> good
>> >> >> resources on getting started?
>> >> >>
>> >> >>
>> >> >



-- 
Andrew Miller
University of Illinois at Urbana-Champaign

Re: [zapps-wg] Powers of Tau participation + zk proof question

[James Prestwich via zapps-wg]

This is about the point where my math and libsnark knowledge runs out :)

My usecase is specifically cryptocurrency related, so I'm mostly interested
in curves that are used by cryptocurrency signature algorithms. E.g.
secp256k1 (Bitcoin and its kids), ed25519 (Sia, Stellar, and a few others).
Jubjub is definitely on the list once sapling is closer to deployment.
After a bit of consideration, ed25519 would probably be the most
interesting at first.

On Wed, Jan 3, 2018 at 2:33 PM Sean Bowe  wrote:

> I believe those gadgets are specifically for curves where the scalar
> field is the base field of the curve you're working with, so they
> probably wouldn't be that useful for arbitrary fields. Most of the
> complexity here is the bignum arithmetic inside the circuit, though.
>
> > Is there any more clever way to do this than just providing splitting
> into bits to implement modular arithmetic in a different field?
>
> Not that I know of. I explored the feasibility of this kind of stuff
> in the past and concluded each point addition would be around the cost
> of a SHA256 invocation. You can minimize the number of additions using
> window tables. The best approach seemed to be giant window tables
> queried with merkle tree lookups using something like MiMC. The
> additions are most efficient when working with affine formulas
> (inversions can be witnessed as efficiently as multiplications). You
> may be able to get this down to 2^20 constraints for ~256-bit scalars,
> which might be around 10-20 second proving time.
>
> Sean
>
> On Wed, Jan 3, 2018 at 1:36 PM, Andrew Miller 
> wrote:
> > Suppose one did want to build a secp256k1 gadget. I notice that libsnark
> > already provides a general gadget for  weierstrass form elliptic curves,
> > parameterized by a field. So all we'd have to do is define the secp256k1
> > operations in the alt_bn128 or in bls12 fields. Is there any more clever
> way
> > to do this than just providing splitting into bits to implement modular
> > arithmetic in a different field?
> >
> > On Jan 3, 2018 2:11 PM, "Sean Bowe"  wrote:
> >>
> >> If any curve is acceptable, I would encourage Jubjub, which we'll be
> >> using for the next version of Zcash. In which case you will be able to
> >> leverage our Sapling crypto code once it is more mature over the next
> >> month or so. https://github.com/zcash-hackworks/sapling-crypto
> >>
> >> Sean
> >>
> >> On Wed, Jan 3, 2018 at 1:02 PM, James Prestwich via zapps-wg
> >>  wrote:
> >> > I'd prefer sha256 or bitcoin-style hash160. I'm interested in a few
> >> > different curves, including secp256k1. Eventually for EdDSA keys as
> >> > well. Is
> >> > there a list of supported curve operations?
> >> >
> >> > On Wed, Jan 3, 2018 at 12:57 PM Andrew Miller 
> >> > wrote:
> >> >>
> >> >> Thank you so much for expressing your question in Camenisch-Stadler
> >> >> notation! That makes it very clear what you're going for.
> >> >>
> >> >> What hash function H do you have in mind, would SHA2 work? Also what
> >> >> group
> >> >> G do you have in mind, secp256k1?
> >> >>
> >> >> If so, I do not know of any existing implementation of secp256k1
> >> >> operations specifically in libsnark, so that would presumably be the
> >> >> biggest
> >> >> challenge.
> >> >>
> >> >>
> >> >> On Jan 3, 2018 1:47 PM, "James Prestwich via zapps-wg"
> >> >>  wrote:
> >> >>
> >> >> I'd like to participate in the setup ceremony.
> >> >>
> >> >> I also have an app I'd like to build using a zk-proof of knowledge of
> >> >> an
> >> >> ECC private key. {(a) : A = a * G, B = H(a)}. Can anyone point me to
> >> >> good
> >> >> resources on getting started?
> >> >>
> >> >>
> >> >
>

Re: [zapps-wg] Powers of Tau participation + zk proof question

[Sean Bowe via zapps-wg]

I believe those gadgets are specifically for curves where the scalar
field is the base field of the curve you're working with, so they
probably wouldn't be that useful for arbitrary fields. Most of the
complexity here is the bignum arithmetic inside the circuit, though.

> Is there any more clever way to do this than just providing splitting into 
> bits to implement modular arithmetic in a different field?

Not that I know of. I explored the feasibility of this kind of stuff
in the past and concluded each point addition would be around the cost
of a SHA256 invocation. You can minimize the number of additions using
window tables. The best approach seemed to be giant window tables
queried with merkle tree lookups using something like MiMC. The
additions are most efficient when working with affine formulas
(inversions can be witnessed as efficiently as multiplications). You
may be able to get this down to 2^20 constraints for ~256-bit scalars,
which might be around 10-20 second proving time.

Sean

On Wed, Jan 3, 2018 at 1:36 PM, Andrew Miller  wrote:
> Suppose one did want to build a secp256k1 gadget. I notice that libsnark
> already provides a general gadget for  weierstrass form elliptic curves,
> parameterized by a field. So all we'd have to do is define the secp256k1
> operations in the alt_bn128 or in bls12 fields. Is there any more clever way
> to do this than just providing splitting into bits to implement modular
> arithmetic in a different field?
>
> On Jan 3, 2018 2:11 PM, "Sean Bowe"  wrote:
>>
>> If any curve is acceptable, I would encourage Jubjub, which we'll be
>> using for the next version of Zcash. In which case you will be able to
>> leverage our Sapling crypto code once it is more mature over the next
>> month or so. https://github.com/zcash-hackworks/sapling-crypto
>>
>> Sean
>>
>> On Wed, Jan 3, 2018 at 1:02 PM, James Prestwich via zapps-wg
>>  wrote:
>> > I'd prefer sha256 or bitcoin-style hash160. I'm interested in a few
>> > different curves, including secp256k1. Eventually for EdDSA keys as
>> > well. Is
>> > there a list of supported curve operations?
>> >
>> > On Wed, Jan 3, 2018 at 12:57 PM Andrew Miller 
>> > wrote:
>> >>
>> >> Thank you so much for expressing your question in Camenisch-Stadler
>> >> notation! That makes it very clear what you're going for.
>> >>
>> >> What hash function H do you have in mind, would SHA2 work? Also what
>> >> group
>> >> G do you have in mind, secp256k1?
>> >>
>> >> If so, I do not know of any existing implementation of secp256k1
>> >> operations specifically in libsnark, so that would presumably be the
>> >> biggest
>> >> challenge.
>> >>
>> >>
>> >> On Jan 3, 2018 1:47 PM, "James Prestwich via zapps-wg"
>> >>  wrote:
>> >>
>> >> I'd like to participate in the setup ceremony.
>> >>
>> >> I also have an app I'd like to build using a zk-proof of knowledge of
>> >> an
>> >> ECC private key. {(a) : A = a * G, B = H(a)}. Can anyone point me to
>> >> good
>> >> resources on getting started?
>> >>
>> >>
>> >

Re: [zapps-wg] Powers of Tau participation + zk proof question

[Andrew Miller via zapps-wg]

Suppose one did want to build a secp256k1 gadget. I notice that libsnark
already provides a general gadget for  weierstrass form elliptic curves,
parameterized by a field. So all we'd have to do is define the secp256k1
operations in the alt_bn128 or in bls12 fields. Is there any more clever
way to do this than just providing splitting into bits to implement modular
arithmetic in a different field?

On Jan 3, 2018 2:11 PM, "Sean Bowe"  wrote:

> If any curve is acceptable, I would encourage Jubjub, which we'll be
> using for the next version of Zcash. In which case you will be able to
> leverage our Sapling crypto code once it is more mature over the next
> month or so. https://github.com/zcash-hackworks/sapling-crypto
>
> Sean
>
> On Wed, Jan 3, 2018 at 1:02 PM, James Prestwich via zapps-wg
>  wrote:
> > I'd prefer sha256 or bitcoin-style hash160. I'm interested in a few
> > different curves, including secp256k1. Eventually for EdDSA keys as
> well. Is
> > there a list of supported curve operations?
> >
> > On Wed, Jan 3, 2018 at 12:57 PM Andrew Miller 
> wrote:
> >>
> >> Thank you so much for expressing your question in Camenisch-Stadler
> >> notation! That makes it very clear what you're going for.
> >>
> >> What hash function H do you have in mind, would SHA2 work? Also what
> group
> >> G do you have in mind, secp256k1?
> >>
> >> If so, I do not know of any existing implementation of secp256k1
> >> operations specifically in libsnark, so that would presumably be the
> biggest
> >> challenge.
> >>
> >>
> >> On Jan 3, 2018 1:47 PM, "James Prestwich via zapps-wg"
> >>  wrote:
> >>
> >> I'd like to participate in the setup ceremony.
> >>
> >> I also have an app I'd like to build using a zk-proof of knowledge of an
> >> ECC private key. {(a) : A = a * G, B = H(a)}. Can anyone point me to
> good
> >> resources on getting started?
> >>
> >>
> >
>

Re: [zapps-wg] Powers of Tau participation + zk proof question

[Sean Bowe via zapps-wg]

If any curve is acceptable, I would encourage Jubjub, which we'll be
using for the next version of Zcash. In which case you will be able to
leverage our Sapling crypto code once it is more mature over the next
month or so. https://github.com/zcash-hackworks/sapling-crypto

Sean

On Wed, Jan 3, 2018 at 1:02 PM, James Prestwich via zapps-wg
 wrote:
> I'd prefer sha256 or bitcoin-style hash160. I'm interested in a few
> different curves, including secp256k1. Eventually for EdDSA keys as well. Is
> there a list of supported curve operations?
>
> On Wed, Jan 3, 2018 at 12:57 PM Andrew Miller  wrote:
>>
>> Thank you so much for expressing your question in Camenisch-Stadler
>> notation! That makes it very clear what you're going for.
>>
>> What hash function H do you have in mind, would SHA2 work? Also what group
>> G do you have in mind, secp256k1?
>>
>> If so, I do not know of any existing implementation of secp256k1
>> operations specifically in libsnark, so that would presumably be the biggest
>> challenge.
>>
>>
>> On Jan 3, 2018 1:47 PM, "James Prestwich via zapps-wg"
>>  wrote:
>>
>> I'd like to participate in the setup ceremony.
>>
>> I also have an app I'd like to build using a zk-proof of knowledge of an
>> ECC private key. {(a) : A = a * G, B = H(a)}. Can anyone point me to good
>> resources on getting started?
>>
>>
>

Re: [zapps-wg] Powers of Tau participation + zk proof question

[Sean Bowe via zapps-wg]

> I'd like to participate in the setup ceremony.

Great! I'll be in touch.

> {(a) : A = a * G, B = H(a)}

Are you constrained by the choice of H and/or the curve?

Sean

On Wed, Jan 3, 2018 at 12:47 PM, James Prestwich via zapps-wg
 wrote:
> I'd like to participate in the setup ceremony.
>
> I also have an app I'd like to build using a zk-proof of knowledge of an ECC
> private key. {(a) : A = a * G, B = H(a)}. Can anyone point me to good
> resources on getting started?

Re: [zapps-wg] Powers of Tau participation + zk proof question

[James Prestwich via zapps-wg]

I'd prefer sha256 or bitcoin-style hash160. I'm interested in a few
different curves, including secp256k1. Eventually for EdDSA keys as well.
Is there a list of supported curve operations?

On Wed, Jan 3, 2018 at 12:57 PM Andrew Miller  wrote:

> Thank you so much for expressing your question in Camenisch-Stadler
> notation! That makes it very clear what you're going for.
>
> What hash function H do you have in mind, would SHA2 work? Also what group
> G do you have in mind, secp256k1?
>
> If so, I do not know of any existing implementation of secp256k1
> operations specifically in libsnark, so that would presumably be the
> biggest challenge.
>
>
> On Jan 3, 2018 1:47 PM, "James Prestwich via zapps-wg"
>  wrote:
>
> I'd like to participate in the setup ceremony.
>
> I also have an app I'd like to build using a zk-proof of knowledge of an
> ECC private key. {(a) : A = a * G, B = H(a)}. Can anyone point me to good
> resources on getting started?
>
>
>

Re: [zapps-wg] Powers of Tau participation + zk proof question

[Andrew Miller via zapps-wg]

Thank you so much for expressing your question in Camenisch-Stadler
notation! That makes it very clear what you're going for.

What hash function H do you have in mind, would SHA2 work? Also what group
G do you have in mind, secp256k1?

If so, I do not know of any existing implementation of secp256k1 operations
specifically in libsnark, so that would presumably be the biggest challenge.

On Jan 3, 2018 1:47 PM, "James Prestwich via zapps-wg"
 wrote:

I'd like to participate in the setup ceremony.

I also have an app I'd like to build using a zk-proof of knowledge of an
ECC private key. {(a) : A = a * G, B = H(a)}. Can anyone point me to good
resources on getting started?

Re: [zapps-wg] Powers of Tau contribution

[Kevin via zapps-wg]

I guess I meant mining and contributing to this.  I didn't mean to come 
off as rude so I do apologize if it seemed that way.




On 1/2/2018 9:39 PM, Andrew Miller via zapps-wg wrote:
Hi Kevin, thanks for your note, I think we were just thrown off by the 
word "mining" and wondered if you were in the wrong place :)
Do you want to go next? If so Sean will designate you a spot in the 
queue...


To contribute, I'd suggest reading a sample of a few reports from 
people who have gone earlier, for where to find the software and 
possible steps you can take to contribute with good opsec.

https://github.com/ZcashFoundation/powersoftau-attestations

You can get the software to run from this github repository: 
https://github.com/ebfull/powersoftau/ though others have made mirrors 
and dockerfiles etc you could use too.


On Tue, Jan 2, 2018 at 7:11 PM, Zx100 via zapps-wg 
<mailto:zapps...@lists.z.cash.foundation>> wrote:


Excuse us? You asked "how do I start mining?" which is completely
unrelated to the topic at hand. You are not entitled to a
response, especially since it takes two minutes to Google for the
official information.


 Original Message ----
    Subject: Re: [zapps-wg] Powers of Tau contribution
Local Time: January 3, 2018 12:45 AM
UTC Time: January 3, 2018 12:45 AM
From: zapps...@lists.z.cash.foundation
<mailto:zapps...@lists.z.cash.foundation>
To: zapps...@lists.z.cash.foundation
<mailto:zapps...@lists.z.cash.foundation>


Not to hijack the thread, but I've asked how to contribute and
was not given an answer.



On 1/2/2018 3:12 PM, Tony Arcieri via zapps-wg wrote:

I have finished running Powers of Tau. Here is the output:

The BLAKE2b hash of `./response` is:
d129d960 a645c735 ec52fc80 91f081d1
a6e4ff78 90e4fa55 51faa85e 95e3878a
96bd0c07 8315c0d4 e8e3f1a3 26dbb607
1ea2b43b 844a0d1e 0a3bca5a 8e21c3a5

I'm not a fan of GPG, but I can post a raw Ed25519 signature of
./response, with Base64 public key:

a7aP6Okqx1YBtRubECVoiY2Z4reR34F9BPuPwTtxpQU

I have also posted this same public key to Twitter:
https://twitter.com/bascule/status/948285074872532992
<https://twitter.com/bascule/status/948285074872532992>

The Base64url signature on my response under the aforementioned
key is:


BkDDl831jxB21rPHX-6pC1REdZ2UoZs_sGuAfCTt8xAP_E-Cva6Qg72fjX8yuMG-ufn3sc4FoAuMKGMT_OGPBQ

I have since destroyed the private key/scalar used to produce
this signature.

--

Tony Arcieri




<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon>
Virus-free.www.avast.com

<https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link>







--
Andrew Miller
University of Illinois at Urbana-Champaign




---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Re: [zapps-wg] Powers of Tau contribution

[Andrew Miller via zapps-wg]

Hi Kevin, thanks for your note, I think we were just thrown off by the word
"mining" and wondered if you were in the wrong place :)
Do you want to go next? If so Sean will designate you a spot in the queue...

To contribute, I'd suggest reading a sample of a few reports from people
who have gone earlier, for where to find the software and possible steps
you can take to contribute with good opsec.
https://github.com/ZcashFoundation/powersoftau-attestations

You can get the software to run from this github repository:
https://github.com/ebfull/powersoftau/ though others have made mirrors and
dockerfiles etc you could use too.

On Tue, Jan 2, 2018 at 7:11 PM, Zx100 via zapps-wg <
zapps...@lists.z.cash.foundation> wrote:

> Excuse us? You asked "how do I start mining?" which is completely
> unrelated to the topic at hand. You are not entitled to a response,
> especially since it takes two minutes to Google for the official
> information.
>
> ---- Original Message 
> Subject: Re: [zapps-wg] Powers of Tau contribution
> Local Time: January 3, 2018 12:45 AM
> UTC Time: January 3, 2018 12:45 AM
> From: zapps...@lists.z.cash.foundation
> To: zapps...@lists.z.cash.foundation
>
>
> Not to hijack the thread, but I've asked how to contribute and was not
> given an answer.
>
>
>
> On 1/2/2018 3:12 PM, Tony Arcieri via zapps-wg wrote:
>
> I have finished running Powers of Tau. Here is the output:
>
> The BLAKE2b hash of `./response` is:
> d129d960 a645c735 ec52fc80 91f081d1
> a6e4ff78 90e4fa55 51faa85e 95e3878a
> 96bd0c07 8315c0d4 e8e3f1a3 26dbb607
> 1ea2b43b 844a0d1e 0a3bca5a 8e21c3a5
>
> I'm not a fan of GPG, but I can post a raw Ed25519 signature of
> ./response, with Base64 public key:
>
> a7aP6Okqx1YBtRubECVoiY2Z4reR34F9BPuPwTtxpQU
>
> I have also posted this same public key to Twitter: https://twitter.com/
> bascule/status/948285074872532992
>
> The Base64url signature on my response under the aforementioned key is:
>
> BkDDl831jxB21rPHX-6pC1REdZ2UoZs_sGuAfCTt8xAP_E-Cva6Qg72fjX8yuMG-
> ufn3sc4FoAuMKGMT_OGPBQ
>
> I have since destroyed the private key/scalar used to produce this
> signature.
>
> --
>
> Tony Arcieri
>
>
>
>
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon>
> Virus-free. www.avast.com
> <https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link>
>
>
>


-- 
Andrew Miller
University of Illinois at Urbana-Champaign

Re: [zapps-wg] Powers of Tau contribution

[Zx100 via zapps-wg]

Excuse us? You asked "how do I start mining?" which is completely unrelated to 
the topic at hand. You are not entitled to a response, especially since it 
takes two minutes to Google for the official information.

>  Original Message ----
> Subject: Re: [zapps-wg] Powers of Tau contribution
> Local Time: January 3, 2018 12:45 AM
> UTC Time: January 3, 2018 12:45 AM
> From: zapps...@lists.z.cash.foundation
> To: zapps...@lists.z.cash.foundation
>
> Not to hijack the thread, but I've asked how to contribute and was not given 
> an answer.
>
> On 1/2/2018 3:12 PM, Tony Arcieri via zapps-wg wrote:
>
>> I have finished running Powers of Tau. Here is the output:
>>
>> The BLAKE2b hash of `./response` is:
>> d129d960 a645c735 ec52fc80 91f081d1
>> a6e4ff78 90e4fa55 51faa85e 95e3878a
>> 96bd0c07 8315c0d4 e8e3f1a3 26dbb607
>> 1ea2b43b 844a0d1e 0a3bca5a 8e21c3a5
>>
>> I'm not a fan of GPG, but I can post a raw Ed25519 signature of ./response, 
>> with Base64 public key:
>>
>> a7aP6Okqx1YBtRubECVoiY2Z4reR34F9BPuPwTtxpQU
>>
>> I have also posted this same public key to Twitter: 
>> https://twitter.com/bascule/status/948285074872532992
>>
>> The Base64url signature on my response under the aforementioned key is:
>>
>> BkDDl831jxB21rPHX-6pC1REdZ2UoZs_sGuAfCTt8xAP_E-Cva6Qg72fjX8yuMG-ufn3sc4FoAuMKGMT_OGPBQ
>>
>> I have since destroyed the private key/scalar used to produce this signature.
>>
>> --
>>
>> Tony Arcieri
>
> https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=icon
> Virus-free. 
> [www.avast.com](https://www.avast.com/sig-email?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=emailclient&utm_term=link)

Re: [zapps-wg] Powers of Tau contribution

[Kevin via zapps-wg]

Not to hijack the thread, but I've asked how to contribute and was not 
given an answer.




On 1/2/2018 3:12 PM, Tony Arcieri via zapps-wg wrote:

I have finished running Powers of Tau. Here is the output:

The BLAKE2b hash of `./response` is:
d129d960 a645c735 ec52fc80 91f081d1
a6e4ff78 90e4fa55 51faa85e 95e3878a
96bd0c07 8315c0d4 e8e3f1a3 26dbb607
1ea2b43b 844a0d1e 0a3bca5a 8e21c3a5

I'm not a fan of GPG, but I can post a raw Ed25519 signature of 
./response, with Base64 public key:


a7aP6Okqx1YBtRubECVoiY2Z4reR34F9BPuPwTtxpQU

I have also posted this same public key to Twitter: 
https://twitter.com/bascule/status/948285074872532992


The Base64url signature on my response under the aforementioned key is:

BkDDl831jxB21rPHX-6pC1REdZ2UoZs_sGuAfCTt8xAP_E-Cva6Qg72fjX8yuMG-ufn3sc4FoAuMKGMT_OGPBQ

I have since destroyed the private key/scalar used to produce this 
signature.


--
Tony Arcieri




---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus

Re: [zapps-wg] Powers of Tau contribution

[Sean Bowe via zapps-wg]

Great! I've verified it and I'm entering it in the transcript now.

It is totally okay if you don't want to use GPG, and this is acceptable.

Thanks!

Sean

On Tue, Jan 2, 2018 at 1:12 PM, Tony Arcieri via zapps-wg
 wrote:
> I have finished running Powers of Tau. Here is the output:
>
> The BLAKE2b hash of `./response` is:
> d129d960 a645c735 ec52fc80 91f081d1
> a6e4ff78 90e4fa55 51faa85e 95e3878a
> 96bd0c07 8315c0d4 e8e3f1a3 26dbb607
> 1ea2b43b 844a0d1e 0a3bca5a 8e21c3a5
>
> I'm not a fan of GPG, but I can post a raw Ed25519 signature of ./response,
> with Base64 public key:
>
> a7aP6Okqx1YBtRubECVoiY2Z4reR34F9BPuPwTtxpQU
>
> I have also posted this same public key to Twitter:
> https://twitter.com/bascule/status/948285074872532992
>
> The Base64url signature on my response under the aforementioned key is:
>
> BkDDl831jxB21rPHX-6pC1REdZ2UoZs_sGuAfCTt8xAP_E-Cva6Qg72fjX8yuMG-ufn3sc4FoAuMKGMT_OGPBQ
>
> I have since destroyed the private key/scalar used to produce this
> signature.
>
> --
> Tony Arcieri

Re: [zapps-wg] Powers of Tau Attestation

[Sean Bowe via zapps-wg]

Thank you so much! I've added your attestation.

Sean

On Sun, Nov 26, 2017 at 9:43 AM, Adam Langley via zapps-wg
 wrote:
> Signed report attached. Contents reproduced below. Thanks for
> organising this and scheduling me!
>
>
>
> Date: 2017-11-26
> Name: Adam Langley
> Location: Los Angeles, USA
>
> $ git show-ref HEAD
> d47a1d3d1f007063cbcc35f1ab902601a8b3bd91 refs/remotes/origin/HEAD
>
> $ b2sum Cargo.toml challenge response $(find src -type f)
> 7d1ba4f585c79934e88ad79629d319a51423a1916ff2eb98bd54fed82ca7cfbd94456aea6e751f6d5c30ac774e36f9f7c8ca096c9a6c6bf8fca738a043412031
>  Cargo.toml
> 61f8357eacc470caa8c64dcf7411ae7e5ba00b462f961ae55cef878165f935c77f1709eabab4d1f1ecb221be8b500854253f17de39980ec6496055ff9da66601
>  challenge
> 659a0b526386877ab3f3d08a63bcdaa7b4a36130253842da7b57b48915a1e9d4cb67835af0d27eb19ec5f840cd3b779eaa08690278c0d45384d2aa6e4a2d8d60
>  response
> 6e1a061adb58602e5d5ce0b5fc4412ffe81c086e418bcdc5a60da7bbc165d8caaa51b2aa36bbecc37d9dce2740c5446d5586d25f9028e9903a9622341d198d8e
>  src/lib.rs
> ca92bbf9d1a7090da5a801348efb169bab677ab73ff5a80671950761785a4f579cd773d6a0a450d04f8791362d2b38e849b6a2b08aea68990da46d63549731ce
>  src/bin/new.rs
> 4c18b4e6ba35b0ca7980dd8b9a896b7c4620db4d7a2f6cc9bc0a0e25b4fb4b4c8d16a72cec9302a807b072a45b3df2b1b99d3a44ff2f8d11be0269c648a18abb
>  src/bin/verify_transform.rs
> 0bcef2313d41f1b022fde0c289a1ed451d4fbc44cb07cbfe3fb141960001878fc90e531d08271280985ea6ea351d102a8c09e43e214a2a01c62791875278
>  src/bin/compute.rs
>
> $ cargo --version
> cargo 0.22.0
>
> The machine is an older, Ivy-Bridge based Intel. No extra ordinary measures
> were taken. The rust compiler is the standard, Arch Linux package for amd64.
> Manually added entropy was generated by mashing the keyboard for a while in an
> attempt not to be predictable.
>
> After the computation was finished, the machine was powered down and
> disconnected for a couple of minutes to ensure that the contents of RAM were
> erased.
>
> Public key can be checked via https://keybase.io/agl.
>
>
> Cheers
>
> AGL
>
> --
> Adam Langley a...@imperialviolet.org https://www.imperialviolet.org

Re: [zapps-wg] Powers of Tau Attestation

[Sean Bowe via zapps-wg]

Wonderful! Thank you so much!

Sean

On Thu, Nov 23, 2017 at 7:10 PM, Gabor Losonci via zapps-wg
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Linux localhost.localdomain 3.10.0-693.el7.x86_64 #1 SMP Tue Aug 22 21:09:27
> UTC 2017 x86_64 x86_64 x86_64 GNU/Linux
>
> bba314624956961a2ea31dd460cd860a77911c1e0a56e4820a12b9c5dad363f5 SHA256
> CentOS-7-x86_64-Minimal-1708.iso
>
> cargo 0.22.0 (3423351a5 2017-10-06)
>
> powersoftau commit d47a1d3d1f007063cbcc35f1ab902601a8b3bd91
>
> 20cd28f12dba234b2f6d91ed9f3bff3c81af6c9d96aba91286170c62dfe53856  SHA 256
> challenge
> bfb1ea64bfcdd6c5c05f46a263920e21cb433a2a4548fd93b8a50ea434bcb775  SHA 256
> response
>
> 00705392 31f72a8d 1dd57042 a7df58ec
> 298df68c 2a5ac17c 03aaef37 39593626
> 4be83f3d b3277b58 31e9ffda ac73167d
> 82fb07c4 89f80cc8 f00bf255 abde3de3
>
> BLAKE2b resposne
>
> Removed Bluetooth,Modem,Wifi, and HDD from my Laptop for Compute node.
> Booted up via USB Centos minimal, used rustup and git clone. (git and gcc
> via yum)
> Set up separate laptop with SLAX liveCD, get challenge file over that (via
> ethernet, no Wifi).
> It would be cool to see the hash of it on AWS page.
>
> Because I tested several times, I figured out that I cannot make the compute
> inside a remote cave
> because of battery limitations, so I created entropy and first half of
> compute inside my basement,
> without any other electronic device present. Then I finished in the flat,
> copying the file to another usb.
> Also removed memory from compute node for 30 minutes. Uploading via another
> machine.
>
>
> -BEGIN PGP SIGNATURE-
> Version: GnuPG v2.0.22 (GNU/Linux)
>
> iQIcBAEBAgAGBQJaF39VAAoJEOA/rX3xGj1gILsP/jPzE1i8zY/2Pkp9sCnKEUv3
> CT0y5oCh/6QJ7HmZoGVMSkLefYZR+syufCNDsj77ZynijjyHQbI/Cyi82usuiJhn
> sKkesSK/2/6LNvjKvxxHeL61oTRMTfN2pFmJuutBmgKt1BhbMB3SqqJPIRN+RACW
> pSY+lHCHkdnn29xxFcvqD2PPsP7tv25tZfQ2lNBI9rfFHS6HH/gAdNsmYJVAwpQd
> ltVaYwrCwzOWxdHc0hJ8jU0qyRvu5JI5eCJP56Bru7vGkrK7jEFL+2Tpy8W+DQXT
> 2RUsBdgeHQFo2bDyoDGPqfIzTjBLXCN+l+GYOdzQV4asdX28w5Bkl41iPAzE2D39
> MiO2dGQ7A1SdvU11XKSNIyhAKplihU2ehPLj5baGDNEAczjWNNVMpjUDbzH+X9lT
> DAXsHBi6fKOJkiEKE8oINwTqogpwei5dZO1U/tFbhWdtHiPBTqjcUo2qxPtbiZRg
> yK7PM8eE8axzjt6eHv1EL93RQKnveTSjg4IAAhXDUVEj0w+YYsJnCM0SQEhYF8UV
> wKS8U0iDVbD1Wd/JHNJDbGyFD6nZQSSidGtd4ZVXkzHsAt0hZZuVqYsDoei2ttuG
> ctxBlE0l2TXFZ/lR+fIeO9EHyX9MB2GS4qbfhVL6SPKWzjWnn8notOCt5y/SC246
> knoxNZ36QyFYjXesql0R
> =klqA
> -END PGP SIGNATURE-
>

Re: [zapps-wg] Powers of Tau Attestation

[Sean Bowe via zapps-wg]

Thanks! Excellent job.

> In an effort to overwrite the RAM and run out the battery, I started two 
> instances of `cargo test`.

Clever. :)

Sean

On Thu, Nov 23, 2017 at 4:54 PM, Adam Nagel via zapps-wg
 wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA512
>
> Powers of Tau Participation Writeup
> ===
> Date: 2017-11-23
> Name: Adam Nagel
> Location: South Florida, USA
>
>
> Ceremony Software
> =
> powersoftau repository commit
> 9e1553c437183540392a7231d0788318a19b18a3
>
> cargo 0.24.0-nightly (abd137ad1 2017-11-12)
>
>
> BLAKE2b hashes
> ==
> Challenge file
> e15f7392ebe912c2f9419f4b4ed4242b6207bad916d22ffb10a0c9c08445ae6f0eebd35c7e52ecd5ff611bb8c8d6bedd9e711cd8485b88d6e2b0d276ee979bb7
>
> The BLAKE2b hash of `./response` is:
> cdb09d81 858da53b 5581c25d 805e442b
> 5a37bf75 ccb1e1b3 104d9886 742c2dae
> 220cc817 9902653e 1783ba13 f47d5367
> 8360ba3f 7f3d1557 e1472b07 1b796fc5
>
> /usr/local/bin/cargo
> a5adde35def05d778b9490ba8813f5085ec9a55e88f0fe7c42282508a43774625c2fd84f01383ff3478d345fe8dd1a455096380d37bcf51f4424924c2bf3c07d
>
> ./target/release/compute
> 88b2a3d5b8740ff699d6e9ba516d3dcebbcc36c5df64eeeb529ecda8f792de032fad915fbb23168bba8c65a02ff3695176fd1321413b1a6247082137f5f9334d
>
> ./target/release/compute (with --features=u128-support)
> dae100bbdbd9fd6c1280422906ae6fd0dc9c7115d75749c0df01ad8f106924ede534f5ffcdd61255e15d383dd0384d2efe90afc9f2fc27e745996714ec8b20b0
>
>
> Procedure
> =
> I prepared a 2013 Macbook Pro with cargo, powersoftau, and FileVault on
> November 15 at my home in Nashville, disabled the radios, and left it
> powered off until today.
>
> My turn came up while vacationing in Florida and traveling in a rented car.
> This morning, I sat down in the first coffee shop I encountered and used a
> second laptop to download the challenge file to a USB stick. Then I copied
> the challenge file to my compute machine.
>
> Entropy was generated with about 30 seconds of key-mashing. I allowed it to
> run while driving around Homestead and Florida City, leaving the Bluetooth
> and Wifi radios disabled. When the process completed, I made a copy of the
> response file.
>
> I then performed another computation from Long Pine Key Campground in
> Everglades National Park, with entropy generated using the same process.
>
> A coin flip determined which response file to use. The winner was
> transferred to USB stick and uploaded to S3 over Verizon 4G LTE from the
> campground.
>
> In an effort to overwrite the RAM and run out the battery, I started two
> instances of `cargo test`. Add in the South Florida heat, and the fans have
> never worked so hard. I intend to leave this computer off for several weeks,
> re-format its hard drive, and use it for other purposes in the future.
>
> Thanks to Sean for coordinating everything, and thanks to the community for
> the chance to participate.
> -BEGIN PGP SIGNATURE-
> Version: Keybase OpenPGP v2.0.76
> Comment: https://keybase.io/crypto
>
> wsBcBAABCgAGBQJaF197AAoJEH9HRRD/y1TBjDEIANpIrKw9QFDJM2vyvpPEGVui
> 0mhEStbFX6DZlLcOTzwhGvaitiBlZWFLus3F4aQocXvLwdAtKenVpd5jDKrMHre0
> rcsHewVrgVigvvUeHqTmNMMDx5yvJdKG8MbeNeJSxLge6omHMBydQWot6ytQNnRk
> L9+Nq8h436GCu4ypFiNxgiAKsJF/RFTAe+W2rHECjGqsVpMIuczWwOupeYyncSOS
> JTQ4dLi1VFIsgOzDJI7GeGU8OKlfb4gxtW1YpZlgoFD4KyUQTah0qXyDcTn/eqw0
> iwB1Tg6pJSl/4CBLGshK9gKcw4+2FwnYmW/S3c3+DPUcKSiaSSfbBEiTw3N23zs=
> =qUCa
> -END PGP SIGNATURE-
>

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[Eric L. Stromberg via zapps-wg]

-BEGIN PGP SIGNED MESSAGE-Hash: SHA512Powers of Tau Operational writeup=Round: 7Date: 2017-11-16Name: Eric L. StrombergLocation: San Francisco area, USChallenge: 2ae068fbe1a9d0e070844047f3032432e86b822f593da3fcd6fc0ee8bed2f30caac587a1d5e68ea6fcdcf1a40213de7d41ded05cf9be934e4c6d617e201caa1aResponse: 1ad851c65b4fcf3ca0bce6b366c40c48b65f611044731faf2b5fc90f987eda3f3240ea25c555e516ff73de2855369fd2da77a7055529b6f72ac3225b07fd8585 Preparation steps=UBUNTUBuild VM & compute node OS from: ubuntu-16.04.3-desktop-amd64.isoSHA256: 1384ac8f2c2a6479ba2a9cbe90a585618834560c477a699a4a7ebe7b5345ddc1  Build VM, create compute binary:Created new Ubuntu 16.04.3 VM from ISOFollowed instructions indicated in repository Readme to build “compute” binaryhttps://github.com/ebfull/powersoftau [commit 9e1553c437183540392a7231d0788318a19b18a3]Formatted fresh 8GB USB stick, copied compute binary to it.BLAKE2b-64 (./compute) = 7af5d31bbb215eab40753043523790483cdda67aef1d6e317f4269fb042dbc8608feaa0db8d17df82bef28f021509871635a56052de1370f4b90dc6322a8a962Setup minimal compute node (ASUS 1015E laptop, 2GB RAM, Celeron 847, 320GB HDD):Flash BIOS with latest (2013/05/23) from: http://dlcdnet.asus.com/pub/ASUS/nb/1015E/1015EAS304.zipSHA256: 9ee3256bbc7116388a6c5079773d8ac28471f0cfbb2db8784e403c36c3bbd9bb  Install ubuntu 16.04.3 from DVD: erase and reinstall, no network, no updates.Copy compute binary and challenge file from USB stick.MAC OSXBuild VM, create compute binary:Used “Install macOS Sierra 10.12.app” from Apple.Followed same steps as above to create “compute” binary.BLAKE2b-64 (./compute) = 88565a9e84c9ee69818e78909b7f6b05ef46a88780b8378d44a037be7e8fd50c7c601e8340455be2ed9e703095baf3f9104fded0086576c9c43c36fb6bf9Installed MacOS on external SSD drive with “Install macOS High Sierra 10.13.0.app” from Apple.To be used as boot image for MacBook Pro laptop, second compute node  (Internal disk is encrypted).Copied compute binary and challenge to SSD drive.Workspace preparation:An interior closet containing a heavy gauge steal gun safe was lined with multiple layers of foil shielding to allow access to the compute node keyboard with the safe door open and still limit EM leakage.  Compute node, USB stick and 8 hexadecimal dice in a dice box placed in safe, with a power cord routed through the safe door opening: https://www.dropbox.com/s/ysfmhre0cjkhe1g/tinfoilsafe.jpeg?dl=0Procedure=For each of 3 compute runs, door to closet closed to effectively create a faraday room with safe containing the compute node (laptop) inside.  Safe door open to allow access to keyboard and screen.  Ran ./compute and when prompted, provided 64 bytes of entropy with 4 rolls of 8 hexadecimal dice in a box used to both randomize them and to order them unambiguously.  Once compute process was underway, closed and locked safe until completion of the compute process.Sidechannel defensesThe ASUS compute node is a 4 year old device, ordered by me through Amazon with 2-day shipping, with Ubuntu 12.04 factory installed; reimaged with w/16.04.3 for this exercise.  Was previously turned on once to set it up / verify and not otherwise used or connected to any network.  Node has been air gapped at all times since purchase.  The MAC compute node is a personal device and well used.  The Mac OS image created on an external drive for this exercise was never network connected and erased immediately afterwards.  The internal drive is encrypted and was not accessible to the boot image used.  All 3 production compute runs were performed in a rural area with no other structures or public roads within 100 yards in any direction.  The compute nodes were operated in a heavy gun safe within an interior closet shielded with foil to control EM leakage even when the safe door was open for keyboard access.  The safe was kept closed and locked during computation.  One of 3 results was randomly selected for submission without attribution.Postprocessing==ASUS: copied hash and response file to USB stick.  Battery removed from compute node.  Copied hash and response to personal laptop then securely erased USB and overwrote with random data.  I did not destroy the node, but it will remain unpowered and locked in a safe for at least one month and will either never be used again (and be destroyed) or will be used only as an offline signing device, securely stored and never connected to any network. MAC: after each of the 2 compute runs, copied hash onto SSD drive.  Powered off Mac.  Copied hash and response files to personal laptop then securely erased SSD (boot drive) and overwrote with random data.  Will continue to use SSD and Mac for other purposes.  A roll of hexadecimal dice was used to select 1 of the 3 response files.  50% probability given to result generated on the ASUS node and 25% probability given to each result from the MAC node.  The randomly selected result was verified and submitted - 

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[Kobi Gurkan via zapps-wg]

Oh, I see!
I think it's a difference between how b2sum and compute print the hashes
(compute has groups while b2sum not?)
ᐧ

On Tue, Nov 14, 2017 at 6:23 PM, Sean Bowe  wrote:

> Kobi,
>
> Thanks! I've gotten a response file with the following hash:
>
> f01f2679613a75ef09f94f588cc3253962c49c9129b174d9145336011ada
> 960e29c8c91a21314705ebdbd081e526bd4d738447385b95e95d5043764786f01441
>
> However, in your attestation you wrote:
>
> f01f2679613a75ef9f94f588cc3253962c49c9129b174d914533611ada96
> e29c8c91a2131475ebdbd081e526bd4d738447385b95e95d5043764786f01441
>
> It's three minor transcription errors of the same kind (omission of a
> zero), so I think we can safely ignore it.
>
> I've verified the response file, and thus accepted it into the transcript.
> :)
>
> Sean
>
>
> On Tue, Nov 14, 2017 at 12:38 AM, Kobi Gurkan  wrote:
>
>> -BEGIN PGP SIGNED MESSAGE-
>> Hash: SHA256
>>
>> Powers of Tau Operational writeup
>> =
>> Round: 5
>> Date: 2017-11-13
>> Name: Kobi Gurkan
>> Location: Netanya, Israel
>>
>> Challenge (blake2b, sha256):
>> 658a6f81174a3ba72abc3a549483b4891d5be2351c6d1965c5a0bd20f91ea654c2e33c85109401cbd418d474a8762a41e1b62034251e118958d3ff9b8c74
>> 3f8938fdaa30ea4232939629d722ed0d1a40c5bd4268cbbf5bb6e34ac802
>>
>> Response (blake2b):
>> f01f2679613a75ef9f94f588cc3253962c49c9129b174d914533611ada96e29c8c91a2131475ebdbd081e526bd4d738447385b95e95d5043764786f01441
>>
>> Preparation steps
>> =
>> I built a docker image based on Andrew Miller's Dockerfile from: 
>> https://hub.docker.com/r/socrates1024/powersoftau/~/dockerfile/. The 
>> Dockerfile I used also verified that rustup.sh has a sha256 hash of value 
>> "22aa1f7f4c4b9be99a9d7e13ad45b2aec6714165a0578dd5ef81ca11f55ea24e". 
>> Nevertheless, building the image using the Dockerfile produced the "compute" 
>> binary based on Sean’s powersoftau rust repo, commit
>> 9e1553c437183540392a7231d0788318a19b18a3 with the same sha256 hash reported 
>> by Andrew and others - 
>> 922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a.
>>
>> I burned an Ubuntu 16.04.03 live cd to a blank DVD and the compute binary to 
>> another DVD.
>>
>> I then took an old Xtreamer Ultra HTPC that I disassembled, removed the hard 
>> disk and removed the RAM stick for about 2 minutes (Image: 
>> https://pbs.twimg.com/media/DOkcOtqWsAAylKI.jpg:large).
>> The relevant technical specification of the PC are:
>> - - Samsung 4GB DDR3 (SO-DIMM/204pin/DDR3-1333/PC3-10600)
>> - - Intel Atom D525 (dual-core, 1.8 GHz)
>>
>> I disconnected the electronic devices near the PC besides a Dell U2414H 
>> monitor connected by HDMI, a Microsoft Natural Ergonomic Keyboard 4000 and a 
>> Microsoft Comfort Mouse 3000, connected by USB.
>>
>> After booting the live cd, I verified its MD5 and found the same one that 
>> appear on the Ubuntu web-site (http://releases.ubuntu.com/16.04.3/MD5SUMS):
>> 0d9fe8e1ea408a5895cbbe3431989295 *ubuntu-16.04.3-desktop-amd64.iso (Image: 
>> https://pbs.twimg.com/media/DOkcWy_W0AUu8a1.jpg:large)
>>
>> I also re-verified the hash of the compute binary from the second DVD and 
>> copied both the challenge and the compute binary to RAM (Image: 
>> https://pbs.twimg.com/media/DOkcg2_X0AE0NVU.jpg:large).
>>
>> I prepared an external hard-drive I had for extraction of the report later 
>> on.
>>
>> Sidechannel defenses
>> 
>> The PC I used was bought a few years ago. I disconnected the hard disk and 
>> all peripherals besides monitor, keyboard and mouse. I disconnected 
>> electronic devices around the PC such that the room had only the devices 
>> mentioned connected. I was in the house the entire time (although asleep).
>>
>> Postprocessing
>> ==
>> After compute finished its operation, I took a photo of the blake2b and 
>> sha256 hashes of the resulting response  (Image: 
>> https://pbs.twimg.com/media/DOkcae4W4AAhBG7.jpg:large). Then, I copied the 
>> file to the USB external hard drive and then to my laptop.
>> I verified on my laptop that the sha256 hash is the same one calculated on 
>> the PC (laptop) and ran verify_transform.
>> I disconnected the PC from power and physically removed the RAM stick. I 
>> don't plan to use this computer in the coming weeks.
>>
>> My upload link expired before I could upload the response, so I uploaded it 
>> to google drive: 
>> https://drive.google.com/file/d/1K7c0zbt0quZmAAMNiMPVjoE0WPn13Zh3/view?usp=sharing
>> -BEGIN PGP SIGNATURE-
>> Version: Mailvelope v2.0.0
>> Comment: https://www.mailvelope.com
>>
>> wsFcBAEBCAAQBQJaCo55CRBEcm3jN1yF3gAAFVIQAKBR+Tj+KUsj4pZt/iRF
>> Ltgy5Yq1X3wNdDHkgad2mrUO2KGdD+1i1O+Wj+IaURhis5ZiGhB3G460/kVc
>> +3XijxDO3HIaZaBPwCr8b1vjbwIUGW0C7E66XzJ7EYkfZJ+i2FAd83gfVrDl
>> tLk2VAo/S8S4vpklkED2sNYT59QDO59cLxJ1TzxsxSbKzyDxtJt6Lc82Vus4
>> VbRM9SzUzb4URQ3fBHxQWM0oyr06KxUdS95QOw1uO5icdEzSPcnzljihDRY0
>> U5ogEhDOs+nKHPCsfyT2SSW+ty/jXEitWpy2R4w8WS/E2XHZKhEIpOtSLLBd
>> Txqa3qqqeyfrb1Q7sfUYzYEEjhA+5J0pRe76Uyu

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[Sean Bowe via zapps-wg]

Kobi,

Thanks! I've gotten a response file with the following hash:

f01f2679613a75ef09f94f588cc3253962c49c9129b174d9145336011ada960e29c8c91a21314705ebdbd081e526bd4d738447385b95e95d5043764786f01441

However, in your attestation you wrote:

f01f2679613a75ef9f94f588cc3253962c49c9129b174d914533611ada96e29c8c91a2131475ebdbd081e526bd4d738447385b95e95d5043764786f01441

It's three minor transcription errors of the same kind (omission of a
zero), so I think we can safely ignore it.

I've verified the response file, and thus accepted it into the transcript.
:)

Sean


On Tue, Nov 14, 2017 at 12:38 AM, Kobi Gurkan  wrote:

> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA256
>
> Powers of Tau Operational writeup
> =
> Round: 5
> Date: 2017-11-13
> Name: Kobi Gurkan
> Location: Netanya, Israel
>
> Challenge (blake2b, sha256):
> 658a6f81174a3ba72abc3a549483b4891d5be2351c6d1965c5a0bd20f91ea654c2e33c85109401cbd418d474a8762a41e1b62034251e118958d3ff9b8c74
> 3f8938fdaa30ea4232939629d722ed0d1a40c5bd4268cbbf5bb6e34ac802
>
> Response (blake2b):
> f01f2679613a75ef9f94f588cc3253962c49c9129b174d914533611ada96e29c8c91a2131475ebdbd081e526bd4d738447385b95e95d5043764786f01441
>
> Preparation steps
> =
> I built a docker image based on Andrew Miller's Dockerfile from: 
> https://hub.docker.com/r/socrates1024/powersoftau/~/dockerfile/. The 
> Dockerfile I used also verified that rustup.sh has a sha256 hash of value 
> "22aa1f7f4c4b9be99a9d7e13ad45b2aec6714165a0578dd5ef81ca11f55ea24e". 
> Nevertheless, building the image using the Dockerfile produced the "compute" 
> binary based on Sean’s powersoftau rust repo, commit
> 9e1553c437183540392a7231d0788318a19b18a3 with the same sha256 hash reported 
> by Andrew and others - 
> 922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a.
>
> I burned an Ubuntu 16.04.03 live cd to a blank DVD and the compute binary to 
> another DVD.
>
> I then took an old Xtreamer Ultra HTPC that I disassembled, removed the hard 
> disk and removed the RAM stick for about 2 minutes (Image: 
> https://pbs.twimg.com/media/DOkcOtqWsAAylKI.jpg:large).
> The relevant technical specification of the PC are:
> - - Samsung 4GB DDR3 (SO-DIMM/204pin/DDR3-1333/PC3-10600)
> - - Intel Atom D525 (dual-core, 1.8 GHz)
>
> I disconnected the electronic devices near the PC besides a Dell U2414H 
> monitor connected by HDMI, a Microsoft Natural Ergonomic Keyboard 4000 and a 
> Microsoft Comfort Mouse 3000, connected by USB.
>
> After booting the live cd, I verified its MD5 and found the same one that 
> appear on the Ubuntu web-site (http://releases.ubuntu.com/16.04.3/MD5SUMS):
> 0d9fe8e1ea408a5895cbbe3431989295 *ubuntu-16.04.3-desktop-amd64.iso (Image: 
> https://pbs.twimg.com/media/DOkcWy_W0AUu8a1.jpg:large)
>
> I also re-verified the hash of the compute binary from the second DVD and 
> copied both the challenge and the compute binary to RAM (Image: 
> https://pbs.twimg.com/media/DOkcg2_X0AE0NVU.jpg:large).
>
> I prepared an external hard-drive I had for extraction of the report later on.
>
> Sidechannel defenses
> 
> The PC I used was bought a few years ago. I disconnected the hard disk and 
> all peripherals besides monitor, keyboard and mouse. I disconnected 
> electronic devices around the PC such that the room had only the devices 
> mentioned connected. I was in the house the entire time (although asleep).
>
> Postprocessing
> ==
> After compute finished its operation, I took a photo of the blake2b and 
> sha256 hashes of the resulting response  (Image: 
> https://pbs.twimg.com/media/DOkcae4W4AAhBG7.jpg:large). Then, I copied the 
> file to the USB external hard drive and then to my laptop.
> I verified on my laptop that the sha256 hash is the same one calculated on 
> the PC (laptop) and ran verify_transform.
> I disconnected the PC from power and physically removed the RAM stick. I 
> don't plan to use this computer in the coming weeks.
>
> My upload link expired before I could upload the response, so I uploaded it 
> to google drive: 
> https://drive.google.com/file/d/1K7c0zbt0quZmAAMNiMPVjoE0WPn13Zh3/view?usp=sharing
> -BEGIN PGP SIGNATURE-
> Version: Mailvelope v2.0.0
> Comment: https://www.mailvelope.com
>
> wsFcBAEBCAAQBQJaCo55CRBEcm3jN1yF3gAAFVIQAKBR+Tj+KUsj4pZt/iRF
> Ltgy5Yq1X3wNdDHkgad2mrUO2KGdD+1i1O+Wj+IaURhis5ZiGhB3G460/kVc
> +3XijxDO3HIaZaBPwCr8b1vjbwIUGW0C7E66XzJ7EYkfZJ+i2FAd83gfVrDl
> tLk2VAo/S8S4vpklkED2sNYT59QDO59cLxJ1TzxsxSbKzyDxtJt6Lc82Vus4
> VbRM9SzUzb4URQ3fBHxQWM0oyr06KxUdS95QOw1uO5icdEzSPcnzljihDRY0
> U5ogEhDOs+nKHPCsfyT2SSW+ty/jXEitWpy2R4w8WS/E2XHZKhEIpOtSLLBd
> Txqa3qqqeyfrb1Q7sfUYzYEEjhA+5J0pRe76Uyu0qyNbkXfyw1oa7c7y+4cj
> VHGJtbDpksrul69g+XQ6yYT+dUVN9yS2dN80Z014bX10qnJjeGjX2NLPqTex
> hdEKm7UfalFVutAm2jKoerCm2YdKpVaSkpnpPu4ZKBr0UzNNHkGpR73deoKr
> F2Dh31+M721DTFY1nHszUFhohcS0dCmW5i2gx32oN6UZpdewHv9jmpAioYIX
> Da+Ybl8E3pWYAIOTcBOGThknKdrSqmXMsUJK+i2ZyyDS8COgmZ0XuCq7kNWI
> RsU4WZRnitHn6mnDU92w+7kh5Ayl+

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[Christian Reitwiessner via zapps-wg]

Hi everyone!

On Wed, Nov 8, 2017 at 10:04 PM, Sean Bowe via zapps-wg <
zapps...@lists.z.cash.foundation> wrote:

> Ariel Gabizon, Ian Miers and I have just published a new paper detailing a
> multi-party computation (MPC) protocol for constructing zk-SNARK public
> parameters.
>
> https://eprint.iacr.org/2017/1050
>
> The highlights are:
>
> * It allows for a single, gigantic ceremony to take place for all possible
> zk-SNARK circuits within a given size bound. The results of this ceremony
> are partial zk-SNARK parameters for the entire community. We call this
> communal ceremony the Powers of Tau.
> * If you want to use zk-SNARKs in your protocols, you still have to do an
> MPC for your circuit. But because of the Powers of Tau ceremony, your
> ceremony is much cheaper to perform and the costs per-participant scale
> linearly with respect to the circuit complexity.
> * The best part is that the Powers of Tau and these circuit-specific MPCs
> can scale to hundreds/thousands of participants. As the number of
> participants grows, it becomes unrealistic that all of them could be
> compromised.
>

If I understand that correctly, the randomness beacon is invoked only once
at the end of the Powers of Tau ceremony. A header hash of a recent block
in a blockchain of course comes to mind here, especially as the paper
claims that some limited control by an adversary is acceptable. What
exactly is planned to be used there?

Best,
Christian.

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[Kobi Gurkan via zapps-wg]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256

Powers of Tau Operational writeup
=
Round: 5
Date: 2017-11-13
Name: Kobi Gurkan
Location: Netanya, Israel

Challenge (blake2b, sha256):
658a6f81174a3ba72abc3a549483b4891d5be2351c6d1965c5a0bd20f91ea654c2e33c85109401cbd418d474a8762a41e1b62034251e118958d3ff9b8c74
3f8938fdaa30ea4232939629d722ed0d1a40c5bd4268cbbf5bb6e34ac802

Response (blake2b):
f01f2679613a75ef9f94f588cc3253962c49c9129b174d914533611ada96e29c8c91a2131475ebdbd081e526bd4d738447385b95e95d5043764786f01441

Preparation steps
=
I built a docker image based on Andrew Miller's Dockerfile from:
https://hub.docker.com/r/socrates1024/powersoftau/~/dockerfile/. The
Dockerfile I used also verified that rustup.sh has a sha256 hash of
value "22aa1f7f4c4b9be99a9d7e13ad45b2aec6714165a0578dd5ef81ca11f55ea24e".
Nevertheless, building the image using the Dockerfile produced the
"compute" binary based on Sean’s powersoftau rust repo, commit
9e1553c437183540392a7231d0788318a19b18a3 with the same sha256 hash
reported by Andrew and others -
922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a.

I burned an Ubuntu 16.04.03 live cd to a blank DVD and the compute
binary to another DVD.

I then took an old Xtreamer Ultra HTPC that I disassembled, removed
the hard disk and removed the RAM stick for about 2 minutes (Image:
https://pbs.twimg.com/media/DOkcOtqWsAAylKI.jpg:large).
The relevant technical specification of the PC are:
- - Samsung 4GB DDR3 (SO-DIMM/204pin/DDR3-1333/PC3-10600)
- - Intel Atom D525 (dual-core, 1.8 GHz)

I disconnected the electronic devices near the PC besides a Dell
U2414H monitor connected by HDMI, a Microsoft Natural Ergonomic
Keyboard 4000 and a Microsoft Comfort Mouse 3000, connected by USB.

After booting the live cd, I verified its MD5 and found the same one
that appear on the Ubuntu web-site
(http://releases.ubuntu.com/16.04.3/MD5SUMS):
0d9fe8e1ea408a5895cbbe3431989295 *ubuntu-16.04.3-desktop-amd64.iso
(Image: https://pbs.twimg.com/media/DOkcWy_W0AUu8a1.jpg:large)

I also re-verified the hash of the compute binary from the second DVD
and copied both the challenge and the compute binary to RAM (Image:
https://pbs.twimg.com/media/DOkcg2_X0AE0NVU.jpg:large).

I prepared an external hard-drive I had for extraction of the report later on.

Sidechannel defenses

The PC I used was bought a few years ago. I disconnected the hard disk
and all peripherals besides monitor, keyboard and mouse. I
disconnected electronic devices around the PC such that the room had
only the devices mentioned connected. I was in the house the entire
time (although asleep).

Postprocessing
==
After compute finished its operation, I took a photo of the blake2b
and sha256 hashes of the resulting response  (Image:
https://pbs.twimg.com/media/DOkcae4W4AAhBG7.jpg:large). Then, I copied
the file to the USB external hard drive and then to my laptop.
I verified on my laptop that the sha256 hash is the same one
calculated on the PC (laptop) and ran verify_transform.
I disconnected the PC from power and physically removed the RAM stick.
I don't plan to use this computer in the coming weeks.

My upload link expired before I could upload the response, so I
uploaded it to google drive:
https://drive.google.com/file/d/1K7c0zbt0quZmAAMNiMPVjoE0WPn13Zh3/view?usp=sharing
-BEGIN PGP SIGNATURE-
Version: Mailvelope v2.0.0
Comment: https://www.mailvelope.com

wsFcBAEBCAAQBQJaCo55CRBEcm3jN1yF3gAAFVIQAKBR+Tj+KUsj4pZt/iRF
Ltgy5Yq1X3wNdDHkgad2mrUO2KGdD+1i1O+Wj+IaURhis5ZiGhB3G460/kVc
+3XijxDO3HIaZaBPwCr8b1vjbwIUGW0C7E66XzJ7EYkfZJ+i2FAd83gfVrDl
tLk2VAo/S8S4vpklkED2sNYT59QDO59cLxJ1TzxsxSbKzyDxtJt6Lc82Vus4
VbRM9SzUzb4URQ3fBHxQWM0oyr06KxUdS95QOw1uO5icdEzSPcnzljihDRY0
U5ogEhDOs+nKHPCsfyT2SSW+ty/jXEitWpy2R4w8WS/E2XHZKhEIpOtSLLBd
Txqa3qqqeyfrb1Q7sfUYzYEEjhA+5J0pRe76Uyu0qyNbkXfyw1oa7c7y+4cj
VHGJtbDpksrul69g+XQ6yYT+dUVN9yS2dN80Z014bX10qnJjeGjX2NLPqTex
hdEKm7UfalFVutAm2jKoerCm2YdKpVaSkpnpPu4ZKBr0UzNNHkGpR73deoKr
F2Dh31+M721DTFY1nHszUFhohcS0dCmW5i2gx32oN6UZpdewHv9jmpAioYIX
Da+Ybl8E3pWYAIOTcBOGThknKdrSqmXMsUJK+i2ZyyDS8COgmZ0XuCq7kNWI
RsU4WZRnitHn6mnDU92w+7kh5Ayl+pSgns1mFe9Kp2LqmAePf5+cvJtL8nlR
LHES
=r6L2
-END PGP SIGNATURE-


ᐧ

On Mon, Nov 13, 2017 at 6:53 AM, Sean Bowe via zapps-wg <
zapps...@lists.z.cash.foundation> wrote:

> Thanks Matt, that's really cool. I've verified your contribution and
> it's now in the transcript.
>
> I've put some minimal information here about your contribution:
>
> https://github.com/ZcashFoundation/powersoftau-
> attestations/tree/master/0004
>
> Would you mind submitting a PR (along with a signed attestation if you
> can)?
>
> Kobi wished to go next but won't be available for a little while. Then
> someone else (who hasn't posted "i'm going next" on the mailing list
> yet) indicated they would like to go.
>
> Sean
>
> On Sun, Nov 12, 2017 at 7:05 PM, Matt Drollette via zapps-wg
>  wrote:
> > Powers of Tau Operational wri

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[Sean Bowe via zapps-wg]

Thanks Matt, that's really cool. I've verified your contribution and
it's now in the transcript.

I've put some minimal information here about your contribution:

https://github.com/ZcashFoundation/powersoftau-attestations/tree/master/0004

Would you mind submitting a PR (along with a signed attestation if you can)?

Kobi wished to go next but won't be available for a little while. Then
someone else (who hasn't posted "i'm going next" on the mailing list
yet) indicated they would like to go.

Sean

On Sun, Nov 12, 2017 at 7:05 PM, Matt Drollette via zapps-wg
 wrote:
> Powers of Tau Operational writeup
> =
>
> Round: 4
> Date: 2017-11-12
> Name: Matt Drollette
> Location: Dallas, Texas
>
> Challenge:
> 9b80a6140d42bd234fbe43eea542296df8bcb4c834ea5d0a16a194964b72fd11a6ee9efae9364eb74f99bb4471e7fb4ac9cb2bb3aa8e03fe22c6279a104f367b
>
> Response:
> 53b6dc5a91d04c337cbc4f6f4bc9e9daf9448a41f997746b156c643a84f481c49bf7dadce388b3c9e8c147f94c12c5dacb5350a54e112ee45f57ffd8f34c
>
>
> Preparation steps
> =
>
> I noticed most participants were taking on a significant responsibility in
> securing their own hardware and infrastructure in order to participate in
> this
> process. I took a different approach in that I wanted to leverage the
> security
> work done by people much more qualified than myself. I therefore used Google
> Cloud Platform to generate my response (https://cloud.google.com/security/).
>
> First, I created a new GCP project under a gmail account not belonging to
> any
> other organizations and configured with Advanced Protection
> (https://landing.google.com/advancedprotection/).
>
> Next, I created a Compute Instance with an external IP to serve as the
> bastion
> for external network access and collecting the responses.
>
> I then created three compute instances in three different regions having
> three
> different instance types. Each instance was running Google's
> Container-Optimized
> OS (https://cloud.google.com/container-optimized-os/docs/concepts/security)
> and
> did not have an external IP address.
>
> Next, on the bastion I built a Docker image containing the compute binary
> built
> from https://github.com/ebfull/powersoftau at commit
> 9e1553c437183540392a7231d0788318a19b18a3
>
> I downloaded the challenge file to the bastion host and then transferred it
> to
> each compute instance along with the compute Docker image via scp over the
> internal network. I verified the sha256 hash of each challenge and compute
> binary on each instance and then began the computation using different
> random
> inputs for each process.
>
> ```
> bastion
> 480c27457c467362a1d3dd3d972844e1230abde236f4d153d80938ab7ec19f7d  challenge
> 4952c8b4e8d3e75ded8fafa28bffb4082e26732f17ec8176c7cd26591adaf93e
> powersoftau.docker
> 922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a
> /powersoftau/target/x86_64-unknown-linux-musl/release/compute
>
> instance-1
> 480c27457c467362a1d3dd3d972844e1230abde236f4d153d80938ab7ec19f7d  challenge
> 4952c8b4e8d3e75ded8fafa28bffb4082e26732f17ec8176c7cd26591adaf93e
> powersoftau.docker
> 922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a
> /powersoftau/target/x86_64-unknown-linux-musl/release/compute
>
> instance-2
> 480c27457c467362a1d3dd3d972844e1230abde236f4d153d80938ab7ec19f7d  challenge
> 4952c8b4e8d3e75ded8fafa28bffb4082e26732f17ec8176c7cd26591adaf93e
> powersoftau.docker
> 922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a
> /powersoftau/target/x86_64-unknown-linux-musl/release/compute
>
> instance-3
> 480c27457c467362a1d3dd3d972844e1230abde236f4d153d80938ab7ec19f7d  challenge
> 4952c8b4e8d3e75ded8fafa28bffb4082e26732f17ec8176c7cd26591adaf93e
> powersoftau.docker
> 922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a
> /powersoftau/target/x86_64-unknown-linux-musl/release/compute
> ```
>
>
> Sidechannel defenses
> 
>
> The scale of GCP and sheer number of compute instances makes a targeted
> sidechannel attack practically impossible. Also, Google takes great care in
> preventing known attack methods
> (https://cloudplatform.googleblog.com/2017/01/7-ways-we-harden-our-KVM-hypervisor-at-Google-Cloud-security-in-plaintext.html).
>
> In addition to Google's security practices, I also ran multiple compute
> instances in multiple regions computing responses on the same challenge file
> at
> the same time. I then selected only one of these responses at random to
> submit
> and destroyed the others. I do not know which node computed the response
> that I
> submitted.
>
>
> Postprocessing
> ==
>
> Once the responses were computed on each instance, I recorded the hashes of
> each
> response file and transferred all 3 files back to the bastion host and
> deleted
> the 3 compute instances. I did not record which instance computed which
> response. I then selected one of the 3 response files by dice roll and
> submitted
> its hash to the mailing list and u

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[Matt Drollette via zapps-wg]

Powers of Tau Operational writeup
=

Round: 4
Date: 2017-11-12
Name: Matt Drollette
Location: Dallas, Texas

Challenge:
9b80a6140d42bd234fbe43eea542296df8bcb4c834ea5d0a16a194964b72
fd11a6ee9efae9364eb74f99bb4471e7fb4ac9cb2bb3aa8e03fe22c6279a104f367b

Response:
53b6dc5a91d04c337cbc4f6f4bc9e9daf9448a41f997746b156c643a
84f481c49bf7dadce388b3c9e8c147f94c12c5dacb5350a54e112ee45f57ffd8f34c


Preparation steps
=

I noticed most participants were taking on a significant responsibility in
securing their own hardware and infrastructure in order to participate in
this
process. I took a different approach in that I wanted to leverage the
security
work done by people much more qualified than myself. I therefore used Google
Cloud Platform to generate my response (https://cloud.google.com/security/).

First, I created a new GCP project under a gmail account not belonging to
any
other organizations and configured with Advanced Protection
(https://landing.google.com/advancedprotection/).

Next, I created a Compute Instance with an external IP to serve as the
bastion
for external network access and collecting the responses.

I then created three compute instances in three different regions having
three
different instance types. Each instance was running Google's
Container-Optimized
OS (https://cloud.google.com/container-optimized-os/docs/concepts/security)
and
did not have an external IP address.

Next, on the bastion I built a Docker image containing the compute binary
built
from https://github.com/ebfull/powersoftau at commit
9e1553c437183540392a7231d0788318a19b18a3

I downloaded the challenge file to the bastion host and then transferred it
to
each compute instance along with the compute Docker image via scp over the
internal network. I verified the sha256 hash of each challenge and compute
binary on each instance and then began the computation using different
random
inputs for each process.

```
bastion
480c27457c467362a1d3dd3d972844e1230abde236f4d153d80938ab7ec19f7d  challenge
4952c8b4e8d3e75ded8fafa28bffb4082e26732f17ec8176c7cd26591adaf93e
powersoftau.docker
922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a
/powersoftau/target/x86_64-unknown-linux-musl/release/compute

instance-1
480c27457c467362a1d3dd3d972844e1230abde236f4d153d80938ab7ec19f7d  challenge
4952c8b4e8d3e75ded8fafa28bffb4082e26732f17ec8176c7cd26591adaf93e
powersoftau.docker
922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a
/powersoftau/target/x86_64-unknown-linux-musl/release/compute

instance-2
480c27457c467362a1d3dd3d972844e1230abde236f4d153d80938ab7ec19f7d  challenge
4952c8b4e8d3e75ded8fafa28bffb4082e26732f17ec8176c7cd26591adaf93e
powersoftau.docker
922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a
/powersoftau/target/x86_64-unknown-linux-musl/release/compute

instance-3
480c27457c467362a1d3dd3d972844e1230abde236f4d153d80938ab7ec19f7d  challenge
4952c8b4e8d3e75ded8fafa28bffb4082e26732f17ec8176c7cd26591adaf93e
powersoftau.docker
922b2e0a59841ecdaba7b4953d8c67e62b74b8f52f968624cff664dc086da93a
/powersoftau/target/x86_64-unknown-linux-musl/release/compute
```


Sidechannel defenses


The scale of GCP and sheer number of compute instances makes a targeted
sidechannel attack practically impossible. Also, Google takes great care in
preventing known attack methods
(https://cloudplatform.googleblog.com/2017/01/7-ways-
we-harden-our-KVM-hypervisor-at-Google-Cloud-security-in-plaintext.html).

In addition to Google's security practices, I also ran multiple compute
instances in multiple regions computing responses on the same challenge
file at
the same time. I then selected only one of these responses at random to
submit
and destroyed the others. I do not know which node computed the response
that I
submitted.


Postprocessing
==

Once the responses were computed on each instance, I recorded the hashes of
each
response file and transferred all 3 files back to the bastion host and
deleted
the 3 compute instances. I did not record which instance computed which
response. I then selected one of the 3 response files by dice roll and
submitted
its hash to the mailing list and uploaded the file to S3. I then deleted the
bastion compute instance and deleted the entire GCP project.


---
*Matt Drollette*

On Sun, Nov 12, 2017 at 4:45 PM, Sean Bowe  wrote:

> Unfortunately, Cody had some problems and needs to reschedule. Also,
> Kobi doesn't have time right now, so it's Matt's turn!
>
> Sean
>
> On Sun, Nov 12, 2017 at 12:40 PM, Sean Bowe  wrote:
> > Cody is going but I haven't heard back in a while. In let's say about
> > five hours if we still don't hear back we'll move on to Kobi and
> > reschedule with Cody later. Matt can go after that! :)
> >
> > Sean
> >
> > On Sat, Nov 11, 2017 at 8:24 PM, Matt Drollette via zapps-wg
> >  wrote:
> >> I'd like to be added to the queue. Happy to go after Cody unless there
> are
> >> others already lined up.

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[Sean Bowe via zapps-wg]

Unfortunately, Cody had some problems and needs to reschedule. Also,
Kobi doesn't have time right now, so it's Matt's turn!

Sean

On Sun, Nov 12, 2017 at 12:40 PM, Sean Bowe  wrote:
> Cody is going but I haven't heard back in a while. In let's say about
> five hours if we still don't hear back we'll move on to Kobi and
> reschedule with Cody later. Matt can go after that! :)
>
> Sean
>
> On Sat, Nov 11, 2017 at 8:24 PM, Matt Drollette via zapps-wg
>  wrote:
>> I'd like to be added to the queue. Happy to go after Cody unless there are
>> others already lined up.
>>
>>
>> ---
>> Matt Drollette
>>
>> On Sat, Nov 11, 2017 at 4:31 PM, Sean Bowe via zapps-wg
>>  wrote:
>>>
>>> Thanks Jared! Awesome! I've verified the contribution and put your
>>> response file up on the transcript repository.
>>>
>>> Can you submit a PR here to fill in more information (including a
>>> signed attestation):
>>>
>>> https://github.com/ZcashFoundation/powersoftau-attestations/tree/master/0003
>>>
>>> Cody Burns is going next.
>>>
>>> Sean
>>>
>>> On Sat, Nov 11, 2017 at 1:35 PM, Jared Tobin  wrote:
>>> >
>>> > Hi all, here's my report:
>>> >
>>> > Powers of Tau Operational Writeup
>>> > =
>>> >
>>> > Round: 3
>>> > Date: 2017-11-12
>>> > Name: Jared Tobin
>>> > Location: Auckland, NZ
>>> >
>>> > Challenge:
>>> >
>>> > e712fa22f1d027a0b4ce3ef698f26d5cab07c3380e4c24a479a914c85617fd1a2960b386cceb5c94718979010a1b7ed8b6145da872f0744e06503bd664fe7283
>>> > Response:
>>> >
>>> > cb48afb82ab4c476ae741633c3eb6643e7700dc7b2b4701af91e3cc932270b96c375e5f3a5c20c96fac6c9b40a5bba6c956d66f223f090c545c277aa05427757
>>> >
>>> > Preparation Steps
>>> > =
>>> >
>>> > Being somewhat pressed for time and hardware, I recruited several
>>> > geographically-distributed volunteers that I know well and trust
>>> > completely to help me out.  In the end, the following volunteers were
>>> > able to get back to me in time:
>>> >
>>> > * Shawn Tobin (RSA Canada)
>>> > * Fredrik Harryson (Parity Technologies)
>>> > * Jason Forbes (Kraken Sonar Systems)
>>> >
>>> > I set up a private Keybase team with the above volunteers, distributed
>>> > the challenge to them over KBFS, and gave them instructions over the
>>> > team chat on how to proceed.  Each was to add entropy and compute the
>>> > response locally using whatever mechanisms they preferred (report not
>>> > required), then return their response/hash pairs to me over KBFS.  Each
>>> > member was to use the code in Sean's powersoftau repository as of commit
>>> > 9e1553c437183540392a7231d0788318a19b18a3 to perform the computation.
>>> >
>>> > Procedure
>>> > =
>>> >
>>> > I computed a response locally in rather mundane fashion using rustc
>>> > 1.21.0 on an early-2015 model Macbook Air running Sierra.  Eventually
>>> > the volunteers managed to upload their response/hash pairs to KBFS, and
>>> > I randomly selected one of the resulting four responses to submit for my
>>> > piece of the MPC.
>>> >
>>> > I uploaded the resulting response via the handy app Sean provided me
>>> > with.
>>> >
>>> > Side channel defences
>>> > =
>>> >
>>> > I used broad geographical distribution and randomness to mitigate the
>>> > possibility of successful side channel attacks.  Shawn was located in
>>> > Vancouver, Canada, Fredrik was located in Malmö, Sweden, and Jason was
>>> > located in St. John's, Canada.
>>> >
>>> > I selected the response to upload by pre-determining a correspondence
>>> > between names and numbers, and then walking outside and asking the first
>>> > stranger I saw to pick a number between one and four.
>>> >
>>> > - jared
>>> >
>>> >
>>> > On Sat, Nov 11, 2017 at 12:25:33AM +, Jason Davies via zapps-wg
>>> > wrote:
>>> >> Hi all,
>>> >>
>>> >> Here is my report:
>>> >>
>>> >> Powers of Tau Operational Writeup
>>> >> =
>>> >>
>>> >> Round: 2
>>> >> Date: 2017-11-10
>>> >> Name: Jason Davies
>>> >> Location: London, UK
>>> >>
>>> >> Challenge:
>>> >> 467bc84f6eb98ff956eaf12a1b7ef4dc0aff1093c7a0d5c1dfbdb85bbfffb20a43965d0daefee3fec6c1a47af69100e117b44b74371824ac8af1e33b6f91add5
>>> >> Response:
>>> >> 2f728af894524f55bda7a3e2c2e2db6a57a992811e90ed57456d62aead5106cdc5c97c86532d14b5185cc74d169f1b0c2c0ef1e582231ffa7936da55047c0cb2
>>> >>
>>> >> Preparation Steps
>>> >> =
>>> >>
>>> >> Git repository: https://github.com/ebfull/powersoftau
>>> >> Commit hash: 9e1553c437183540392a7231d0788318a19b18a3
>>> >> Compiler: rustc 1.23.0-nightly (d6b06c63a 2017-11-09)
>>> >> Build: cargo build --release --features=u128-support
>>> >> b2sum(./target/release/compute):
>>> >> be42f68b07c5c857bb6561a9ac2967d671ef412a71c87c2fb31776a6ab38c756736de66e554553021e129ecab45d922092873df8b71bd9a775ec05f189485198
>>> >>
>>> >> I used a brand new 16GB USB stick and loaded
>>> >> ubuntu-17.04-desktop-amd64.iso; b2sum:
>>> >> 6a1c975b25b4e7f2dbf4fda84fe8b5de3ed6f4532b8c4f17e533ed11a0a8b5b9ad9fb83e8e4b89447c3a427b

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[Sean Bowe via zapps-wg]

Cody is going but I haven't heard back in a while. In let's say about
five hours if we still don't hear back we'll move on to Kobi and
reschedule with Cody later. Matt can go after that! :)

Sean

On Sat, Nov 11, 2017 at 8:24 PM, Matt Drollette via zapps-wg
 wrote:
> I'd like to be added to the queue. Happy to go after Cody unless there are
> others already lined up.
>
>
> ---
> Matt Drollette
>
> On Sat, Nov 11, 2017 at 4:31 PM, Sean Bowe via zapps-wg
>  wrote:
>>
>> Thanks Jared! Awesome! I've verified the contribution and put your
>> response file up on the transcript repository.
>>
>> Can you submit a PR here to fill in more information (including a
>> signed attestation):
>>
>> https://github.com/ZcashFoundation/powersoftau-attestations/tree/master/0003
>>
>> Cody Burns is going next.
>>
>> Sean
>>
>> On Sat, Nov 11, 2017 at 1:35 PM, Jared Tobin  wrote:
>> >
>> > Hi all, here's my report:
>> >
>> > Powers of Tau Operational Writeup
>> > =
>> >
>> > Round: 3
>> > Date: 2017-11-12
>> > Name: Jared Tobin
>> > Location: Auckland, NZ
>> >
>> > Challenge:
>> >
>> > e712fa22f1d027a0b4ce3ef698f26d5cab07c3380e4c24a479a914c85617fd1a2960b386cceb5c94718979010a1b7ed8b6145da872f0744e06503bd664fe7283
>> > Response:
>> >
>> > cb48afb82ab4c476ae741633c3eb6643e7700dc7b2b4701af91e3cc932270b96c375e5f3a5c20c96fac6c9b40a5bba6c956d66f223f090c545c277aa05427757
>> >
>> > Preparation Steps
>> > =
>> >
>> > Being somewhat pressed for time and hardware, I recruited several
>> > geographically-distributed volunteers that I know well and trust
>> > completely to help me out.  In the end, the following volunteers were
>> > able to get back to me in time:
>> >
>> > * Shawn Tobin (RSA Canada)
>> > * Fredrik Harryson (Parity Technologies)
>> > * Jason Forbes (Kraken Sonar Systems)
>> >
>> > I set up a private Keybase team with the above volunteers, distributed
>> > the challenge to them over KBFS, and gave them instructions over the
>> > team chat on how to proceed.  Each was to add entropy and compute the
>> > response locally using whatever mechanisms they preferred (report not
>> > required), then return their response/hash pairs to me over KBFS.  Each
>> > member was to use the code in Sean's powersoftau repository as of commit
>> > 9e1553c437183540392a7231d0788318a19b18a3 to perform the computation.
>> >
>> > Procedure
>> > =
>> >
>> > I computed a response locally in rather mundane fashion using rustc
>> > 1.21.0 on an early-2015 model Macbook Air running Sierra.  Eventually
>> > the volunteers managed to upload their response/hash pairs to KBFS, and
>> > I randomly selected one of the resulting four responses to submit for my
>> > piece of the MPC.
>> >
>> > I uploaded the resulting response via the handy app Sean provided me
>> > with.
>> >
>> > Side channel defences
>> > =
>> >
>> > I used broad geographical distribution and randomness to mitigate the
>> > possibility of successful side channel attacks.  Shawn was located in
>> > Vancouver, Canada, Fredrik was located in Malmö, Sweden, and Jason was
>> > located in St. John's, Canada.
>> >
>> > I selected the response to upload by pre-determining a correspondence
>> > between names and numbers, and then walking outside and asking the first
>> > stranger I saw to pick a number between one and four.
>> >
>> > - jared
>> >
>> >
>> > On Sat, Nov 11, 2017 at 12:25:33AM +, Jason Davies via zapps-wg
>> > wrote:
>> >> Hi all,
>> >>
>> >> Here is my report:
>> >>
>> >> Powers of Tau Operational Writeup
>> >> =
>> >>
>> >> Round: 2
>> >> Date: 2017-11-10
>> >> Name: Jason Davies
>> >> Location: London, UK
>> >>
>> >> Challenge:
>> >> 467bc84f6eb98ff956eaf12a1b7ef4dc0aff1093c7a0d5c1dfbdb85bbfffb20a43965d0daefee3fec6c1a47af69100e117b44b74371824ac8af1e33b6f91add5
>> >> Response:
>> >> 2f728af894524f55bda7a3e2c2e2db6a57a992811e90ed57456d62aead5106cdc5c97c86532d14b5185cc74d169f1b0c2c0ef1e582231ffa7936da55047c0cb2
>> >>
>> >> Preparation Steps
>> >> =
>> >>
>> >> Git repository: https://github.com/ebfull/powersoftau
>> >> Commit hash: 9e1553c437183540392a7231d0788318a19b18a3
>> >> Compiler: rustc 1.23.0-nightly (d6b06c63a 2017-11-09)
>> >> Build: cargo build --release --features=u128-support
>> >> b2sum(./target/release/compute):
>> >> be42f68b07c5c857bb6561a9ac2967d671ef412a71c87c2fb31776a6ab38c756736de66e554553021e129ecab45d922092873df8b71bd9a775ec05f189485198
>> >>
>> >> I used a brand new 16GB USB stick and loaded
>> >> ubuntu-17.04-desktop-amd64.iso; b2sum:
>> >> 6a1c975b25b4e7f2dbf4fda84fe8b5de3ed6f4532b8c4f17e533ed11a0a8b5b9ad9fb83e8e4b89447c3a427be73f77a5f7c71b7f733fcc4bebf346e9c5c0de43.
>> >>
>> >> I reformatted a second brand new 16GB USB stick to ext4, then copied
>> >> the
>> >> `challenge` file and the `target/release/compute` binary.
>> >>
>> >> Sidechannel Defences
>> >> 
>> >>
>> >> First of all, I lined a large cardboard box with

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[Matt Drollette via zapps-wg]

I'd like to be added to the queue. Happy to go after Cody unless there are
others already lined up.


---
*Matt Drollette*

On Sat, Nov 11, 2017 at 4:31 PM, Sean Bowe via zapps-wg <
zapps...@lists.z.cash.foundation> wrote:

> Thanks Jared! Awesome! I've verified the contribution and put your
> response file up on the transcript repository.
>
> Can you submit a PR here to fill in more information (including a
> signed attestation):
> https://github.com/ZcashFoundation/powersoftau-
> attestations/tree/master/0003
>
> Cody Burns is going next.
>
> Sean
>
> On Sat, Nov 11, 2017 at 1:35 PM, Jared Tobin  wrote:
> >
> > Hi all, here's my report:
> >
> > Powers of Tau Operational Writeup
> > =
> >
> > Round: 3
> > Date: 2017-11-12
> > Name: Jared Tobin
> > Location: Auckland, NZ
> >
> > Challenge:
> > e712fa22f1d027a0b4ce3ef698f26d5cab07c3380e4c24a479a914c85617
> fd1a2960b386cceb5c94718979010a1b7ed8b6145da872f0744e06503bd664fe7283
> > Response:
> > cb48afb82ab4c476ae741633c3eb6643e7700dc7b2b4701af91e3cc93227
> 0b96c375e5f3a5c20c96fac6c9b40a5bba6c956d66f223f090c545c277aa05427757
> >
> > Preparation Steps
> > =
> >
> > Being somewhat pressed for time and hardware, I recruited several
> > geographically-distributed volunteers that I know well and trust
> > completely to help me out.  In the end, the following volunteers were
> > able to get back to me in time:
> >
> > * Shawn Tobin (RSA Canada)
> > * Fredrik Harryson (Parity Technologies)
> > * Jason Forbes (Kraken Sonar Systems)
> >
> > I set up a private Keybase team with the above volunteers, distributed
> > the challenge to them over KBFS, and gave them instructions over the
> > team chat on how to proceed.  Each was to add entropy and compute the
> > response locally using whatever mechanisms they preferred (report not
> > required), then return their response/hash pairs to me over KBFS.  Each
> > member was to use the code in Sean's powersoftau repository as of commit
> > 9e1553c437183540392a7231d0788318a19b18a3 to perform the computation.
> >
> > Procedure
> > =
> >
> > I computed a response locally in rather mundane fashion using rustc
> > 1.21.0 on an early-2015 model Macbook Air running Sierra.  Eventually
> > the volunteers managed to upload their response/hash pairs to KBFS, and
> > I randomly selected one of the resulting four responses to submit for my
> > piece of the MPC.
> >
> > I uploaded the resulting response via the handy app Sean provided me
> with.
> >
> > Side channel defences
> > =
> >
> > I used broad geographical distribution and randomness to mitigate the
> > possibility of successful side channel attacks.  Shawn was located in
> > Vancouver, Canada, Fredrik was located in Malmö, Sweden, and Jason was
> > located in St. John's, Canada.
> >
> > I selected the response to upload by pre-determining a correspondence
> > between names and numbers, and then walking outside and asking the first
> > stranger I saw to pick a number between one and four.
> >
> > - jared
> >
> >
> > On Sat, Nov 11, 2017 at 12:25:33AM +, Jason Davies via zapps-wg
> wrote:
> >> Hi all,
> >>
> >> Here is my report:
> >>
> >> Powers of Tau Operational Writeup
> >> =
> >>
> >> Round: 2
> >> Date: 2017-11-10
> >> Name: Jason Davies
> >> Location: London, UK
> >>
> >> Challenge: 467bc84f6eb98ff956eaf12a1b7ef4dc0aff1093c7a0d5c1dfbdb85bbfff
> b20a43965d0daefee3fec6c1a47af69100e117b44b74371824ac8af1e33b6f91add5
> >> Response: 2f728af894524f55bda7a3e2c2e2db6a57a992811e90ed57456d62aead51
> 06cdc5c97c86532d14b5185cc74d169f1b0c2c0ef1e582231ffa7936da55047c0cb2
> >>
> >> Preparation Steps
> >> =
> >>
> >> Git repository: https://github.com/ebfull/powersoftau
> >> Commit hash: 9e1553c437183540392a7231d0788318a19b18a3
> >> Compiler: rustc 1.23.0-nightly (d6b06c63a 2017-11-09)
> >> Build: cargo build --release --features=u128-support
> >> b2sum(./target/release/compute): be42f68b07c5c857bb6561a9ac2967
> d671ef412a71c87c2fb31776a6ab38c756736de66e554553021e129ecab4
> 5d922092873df8b71bd9a775ec05f189485198
> >>
> >> I used a brand new 16GB USB stick and loaded 
> >> ubuntu-17.04-desktop-amd64.iso;
> b2sum: 6a1c975b25b4e7f2dbf4fda84fe8b5de3ed6f4532b8c4f17e533ed11a0a8
> b5b9ad9fb83e8e4b89447c3a427be73f77a5f7c71b7f733fcc4bebf346e9c5c0de43.
> >>
> >> I reformatted a second brand new 16GB USB stick to ext4, then copied the
> >> `challenge` file and the `target/release/compute` binary.
> >>
> >> Sidechannel Defences
> >> 
> >>
> >> First of all, I lined a large cardboard box with aluminium foil in
> order to
> >> make a rudimentary faraday cage.  Then, I assembled an airgap compute
> node
> >> using some relatively cheap parts, putting them all inside the box:
> >>
> >> * Motherboard: Asus H81 Pro BTC (no radio, bluetooth or speakers AFAIK)
> >> * CPU: Intel G1840
> >> * Ram: 2x cheap 1GB sticks
> >> * PSU: EVGA SuperNOVA 1300 G2
> >> * Monitor: old

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[Sean Bowe via zapps-wg]

Thanks Jared! Awesome! I've verified the contribution and put your
response file up on the transcript repository.

Can you submit a PR here to fill in more information (including a
signed attestation):
https://github.com/ZcashFoundation/powersoftau-attestations/tree/master/0003

Cody Burns is going next.

Sean

On Sat, Nov 11, 2017 at 1:35 PM, Jared Tobin  wrote:
>
> Hi all, here's my report:
>
> Powers of Tau Operational Writeup
> =
>
> Round: 3
> Date: 2017-11-12
> Name: Jared Tobin
> Location: Auckland, NZ
>
> Challenge:
> e712fa22f1d027a0b4ce3ef698f26d5cab07c3380e4c24a479a914c85617fd1a2960b386cceb5c94718979010a1b7ed8b6145da872f0744e06503bd664fe7283
> Response:
> cb48afb82ab4c476ae741633c3eb6643e7700dc7b2b4701af91e3cc932270b96c375e5f3a5c20c96fac6c9b40a5bba6c956d66f223f090c545c277aa05427757
>
> Preparation Steps
> =
>
> Being somewhat pressed for time and hardware, I recruited several
> geographically-distributed volunteers that I know well and trust
> completely to help me out.  In the end, the following volunteers were
> able to get back to me in time:
>
> * Shawn Tobin (RSA Canada)
> * Fredrik Harryson (Parity Technologies)
> * Jason Forbes (Kraken Sonar Systems)
>
> I set up a private Keybase team with the above volunteers, distributed
> the challenge to them over KBFS, and gave them instructions over the
> team chat on how to proceed.  Each was to add entropy and compute the
> response locally using whatever mechanisms they preferred (report not
> required), then return their response/hash pairs to me over KBFS.  Each
> member was to use the code in Sean's powersoftau repository as of commit
> 9e1553c437183540392a7231d0788318a19b18a3 to perform the computation.
>
> Procedure
> =
>
> I computed a response locally in rather mundane fashion using rustc
> 1.21.0 on an early-2015 model Macbook Air running Sierra.  Eventually
> the volunteers managed to upload their response/hash pairs to KBFS, and
> I randomly selected one of the resulting four responses to submit for my
> piece of the MPC.
>
> I uploaded the resulting response via the handy app Sean provided me with.
>
> Side channel defences
> =
>
> I used broad geographical distribution and randomness to mitigate the
> possibility of successful side channel attacks.  Shawn was located in
> Vancouver, Canada, Fredrik was located in Malmö, Sweden, and Jason was
> located in St. John's, Canada.
>
> I selected the response to upload by pre-determining a correspondence
> between names and numbers, and then walking outside and asking the first
> stranger I saw to pick a number between one and four.
>
> - jared
>
>
> On Sat, Nov 11, 2017 at 12:25:33AM +, Jason Davies via zapps-wg wrote:
>> Hi all,
>>
>> Here is my report:
>>
>> Powers of Tau Operational Writeup
>> =
>>
>> Round: 2
>> Date: 2017-11-10
>> Name: Jason Davies
>> Location: London, UK
>>
>> Challenge: 
>> 467bc84f6eb98ff956eaf12a1b7ef4dc0aff1093c7a0d5c1dfbdb85bbfffb20a43965d0daefee3fec6c1a47af69100e117b44b74371824ac8af1e33b6f91add5
>> Response: 
>> 2f728af894524f55bda7a3e2c2e2db6a57a992811e90ed57456d62aead5106cdc5c97c86532d14b5185cc74d169f1b0c2c0ef1e582231ffa7936da55047c0cb2
>>
>> Preparation Steps
>> =
>>
>> Git repository: https://github.com/ebfull/powersoftau
>> Commit hash: 9e1553c437183540392a7231d0788318a19b18a3
>> Compiler: rustc 1.23.0-nightly (d6b06c63a 2017-11-09)
>> Build: cargo build --release --features=u128-support
>> b2sum(./target/release/compute): 
>> be42f68b07c5c857bb6561a9ac2967d671ef412a71c87c2fb31776a6ab38c756736de66e554553021e129ecab45d922092873df8b71bd9a775ec05f189485198
>>
>> I used a brand new 16GB USB stick and loaded ubuntu-17.04-desktop-amd64.iso; 
>> b2sum: 
>> 6a1c975b25b4e7f2dbf4fda84fe8b5de3ed6f4532b8c4f17e533ed11a0a8b5b9ad9fb83e8e4b89447c3a427be73f77a5f7c71b7f733fcc4bebf346e9c5c0de43.
>>
>> I reformatted a second brand new 16GB USB stick to ext4, then copied the
>> `challenge` file and the `target/release/compute` binary.
>>
>> Sidechannel Defences
>> 
>>
>> First of all, I lined a large cardboard box with aluminium foil in order to
>> make a rudimentary faraday cage.  Then, I assembled an airgap compute node
>> using some relatively cheap parts, putting them all inside the box:
>>
>> * Motherboard: Asus H81 Pro BTC (no radio, bluetooth or speakers AFAIK)
>> * CPU: Intel G1840
>> * Ram: 2x cheap 1GB sticks
>> * PSU: EVGA SuperNOVA 1300 G2
>> * Monitor: old Dell TFT display
>> * Keyboard: generic USB keyboard
>>
>> No other peripherals or cables were connected.  I placed the compute node in 
>> my
>> cellar (~6ft below ground level) and I remained with the node during the 
>> entire
>> time it was computing, without using any other devices in the vicinity (no
>> mobile phone etc.)  The only cables coming out of the box were the two power
>> cables, one for the PSU and one for the monitor.
>>
>> Image: https://pbs.twimg.

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[Jared Tobin via zapps-wg]

Hi all, here's my report:

Powers of Tau Operational Writeup
=

Round: 3
Date: 2017-11-12
Name: Jared Tobin
Location: Auckland, NZ

Challenge:
e712fa22f1d027a0b4ce3ef698f26d5cab07c3380e4c24a479a914c85617fd1a2960b386cceb5c94718979010a1b7ed8b6145da872f0744e06503bd664fe7283
Response:
cb48afb82ab4c476ae741633c3eb6643e7700dc7b2b4701af91e3cc932270b96c375e5f3a5c20c96fac6c9b40a5bba6c956d66f223f090c545c277aa05427757

Preparation Steps
=

Being somewhat pressed for time and hardware, I recruited several
geographically-distributed volunteers that I know well and trust
completely to help me out.  In the end, the following volunteers were
able to get back to me in time:

* Shawn Tobin (RSA Canada)
* Fredrik Harryson (Parity Technologies)
* Jason Forbes (Kraken Sonar Systems)

I set up a private Keybase team with the above volunteers, distributed
the challenge to them over KBFS, and gave them instructions over the
team chat on how to proceed.  Each was to add entropy and compute the
response locally using whatever mechanisms they preferred (report not
required), then return their response/hash pairs to me over KBFS.  Each
member was to use the code in Sean's powersoftau repository as of commit
9e1553c437183540392a7231d0788318a19b18a3 to perform the computation.

Procedure
=

I computed a response locally in rather mundane fashion using rustc
1.21.0 on an early-2015 model Macbook Air running Sierra.  Eventually
the volunteers managed to upload their response/hash pairs to KBFS, and
I randomly selected one of the resulting four responses to submit for my
piece of the MPC.

I uploaded the resulting response via the handy app Sean provided me with.

Side channel defences
=

I used broad geographical distribution and randomness to mitigate the
possibility of successful side channel attacks.  Shawn was located in
Vancouver, Canada, Fredrik was located in Malmö, Sweden, and Jason was
located in St. John's, Canada.

I selected the response to upload by pre-determining a correspondence
between names and numbers, and then walking outside and asking the first
stranger I saw to pick a number between one and four.

- jared


On Sat, Nov 11, 2017 at 12:25:33AM +, Jason Davies via zapps-wg wrote:
> Hi all,
>
> Here is my report:
>
> Powers of Tau Operational Writeup
> =
>
> Round: 2
> Date: 2017-11-10
> Name: Jason Davies
> Location: London, UK
>
> Challenge: 
> 467bc84f6eb98ff956eaf12a1b7ef4dc0aff1093c7a0d5c1dfbdb85bbfffb20a43965d0daefee3fec6c1a47af69100e117b44b74371824ac8af1e33b6f91add5
> Response: 
> 2f728af894524f55bda7a3e2c2e2db6a57a992811e90ed57456d62aead5106cdc5c97c86532d14b5185cc74d169f1b0c2c0ef1e582231ffa7936da55047c0cb2
>
> Preparation Steps
> =
>
> Git repository: https://github.com/ebfull/powersoftau
> Commit hash: 9e1553c437183540392a7231d0788318a19b18a3
> Compiler: rustc 1.23.0-nightly (d6b06c63a 2017-11-09)
> Build: cargo build --release --features=u128-support
> b2sum(./target/release/compute): 
> be42f68b07c5c857bb6561a9ac2967d671ef412a71c87c2fb31776a6ab38c756736de66e554553021e129ecab45d922092873df8b71bd9a775ec05f189485198
>
> I used a brand new 16GB USB stick and loaded ubuntu-17.04-desktop-amd64.iso; 
> b2sum: 
> 6a1c975b25b4e7f2dbf4fda84fe8b5de3ed6f4532b8c4f17e533ed11a0a8b5b9ad9fb83e8e4b89447c3a427be73f77a5f7c71b7f733fcc4bebf346e9c5c0de43.
>
> I reformatted a second brand new 16GB USB stick to ext4, then copied the
> `challenge` file and the `target/release/compute` binary.
>
> Sidechannel Defences
> 
>
> First of all, I lined a large cardboard box with aluminium foil in order to
> make a rudimentary faraday cage.  Then, I assembled an airgap compute node
> using some relatively cheap parts, putting them all inside the box:
>
> * Motherboard: Asus H81 Pro BTC (no radio, bluetooth or speakers AFAIK)
> * CPU: Intel G1840
> * Ram: 2x cheap 1GB sticks
> * PSU: EVGA SuperNOVA 1300 G2
> * Monitor: old Dell TFT display
> * Keyboard: generic USB keyboard
>
> No other peripherals or cables were connected.  I placed the compute node in 
> my
> cellar (~6ft below ground level) and I remained with the node during the 
> entire
> time it was computing, without using any other devices in the vicinity (no
> mobile phone etc.)  The only cables coming out of the box were the two power
> cables, one for the PSU and one for the monitor.
>
> Image: https://pbs.twimg.com/media/DOT55KUXUAEV44-.jpg:large
>
> Procedure
> =
>
> I booted the node, with "Try Ubuntu" (Live CD mode).  Then, I inserted the
> challenge USB stick and ran `./compute` in the USB media directory, entering
> some additional entropy as requested by typing randomly on the keyboard.  The
> box lid was only partially opened to allow use of the keyboard and to view the
> monitor at this point.  After 60 minutes had passed, I looked inside the lid
> and saw that the computation had completed, so I wrote down the BLAKE2

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[Sean Bowe via zapps-wg]

Kobi Gurkan (from QED-it) wishes to go after cody. I'll double-check later.

On Sat, Nov 11, 2017 at 4:12 AM, cody burns  wrote:
> I will go after the unnamed party.
>
>
> On Sat, Nov 11, 2017 at 3:21 AM Sean Bowe via zapps-wg
>  wrote:
>>
>> All is verified and mirrored so far! Thanks!
>>
>> I've invited someone else to be next, but I'm not sure if they wanted
>> me to identify them publicly before they were finished.
>>
>> Sean
>>
>> On Fri, Nov 10, 2017 at 5:25 PM, Jason Davies 
>> wrote:
>> > Hi all,
>> >
>> > Here is my report:
>> >
>> > Powers of Tau Operational Writeup
>> > =
>> >
>> > Round: 2
>> > Date: 2017-11-10
>> > Name: Jason Davies
>> > Location: London, UK
>> >
>> > Challenge:
>> > 467bc84f6eb98ff956eaf12a1b7ef4dc0aff1093c7a0d5c1dfbdb85bbfffb20a43965d0daefee3fec6c1a47af69100e117b44b74371824ac8af1e33b6f91add5
>> > Response:
>> > 2f728af894524f55bda7a3e2c2e2db6a57a992811e90ed57456d62aead5106cdc5c97c86532d14b5185cc74d169f1b0c2c0ef1e582231ffa7936da55047c0cb2
>> >
>> > Preparation Steps
>> > =
>> >
>> > Git repository: https://github.com/ebfull/powersoftau
>> > Commit hash: 9e1553c437183540392a7231d0788318a19b18a3
>> > Compiler: rustc 1.23.0-nightly (d6b06c63a 2017-11-09)
>> > Build: cargo build --release --features=u128-support
>> > b2sum(./target/release/compute):
>> > be42f68b07c5c857bb6561a9ac2967d671ef412a71c87c2fb31776a6ab38c756736de66e554553021e129ecab45d922092873df8b71bd9a775ec05f189485198
>> >
>> > I used a brand new 16GB USB stick and loaded
>> > ubuntu-17.04-desktop-amd64.iso; b2sum:
>> > 6a1c975b25b4e7f2dbf4fda84fe8b5de3ed6f4532b8c4f17e533ed11a0a8b5b9ad9fb83e8e4b89447c3a427be73f77a5f7c71b7f733fcc4bebf346e9c5c0de43.
>> >
>> > I reformatted a second brand new 16GB USB stick to ext4, then copied the
>> > `challenge` file and the `target/release/compute` binary.
>> >
>> > Sidechannel Defences
>> > 
>> >
>> > First of all, I lined a large cardboard box with aluminium foil in order
>> > to
>> > make a rudimentary faraday cage.  Then, I assembled an airgap compute
>> > node
>> > using some relatively cheap parts, putting them all inside the box:
>> >
>> > * Motherboard: Asus H81 Pro BTC (no radio, bluetooth or speakers AFAIK)
>> > * CPU: Intel G1840
>> > * Ram: 2x cheap 1GB sticks
>> > * PSU: EVGA SuperNOVA 1300 G2
>> > * Monitor: old Dell TFT display
>> > * Keyboard: generic USB keyboard
>> >
>> > No other peripherals or cables were connected.  I placed the compute
>> > node in my
>> > cellar (~6ft below ground level) and I remained with the node during the
>> > entire
>> > time it was computing, without using any other devices in the vicinity
>> > (no
>> > mobile phone etc.)  The only cables coming out of the box were the two
>> > power
>> > cables, one for the PSU and one for the monitor.
>> >
>> > Image: https://pbs.twimg.com/media/DOT55KUXUAEV44-.jpg:large
>> >
>> > Procedure
>> > =
>> >
>> > I booted the node, with "Try Ubuntu" (Live CD mode).  Then, I inserted
>> > the
>> > challenge USB stick and ran `./compute` in the USB media directory,
>> > entering
>> > some additional entropy as requested by typing randomly on the keyboard.
>> > The
>> > box lid was only partially opened to allow use of the keyboard and to
>> > view the
>> > monitor at this point.  After 60 minutes had passed, I looked inside the
>> > lid
>> > and saw that the computation had completed, so I wrote down the BLAKE2b
>> > hash,
>> > and unmounted and removed the USB stick, and then powered the node down.
>> >
>> > Postprocessing
>> > ==
>> >
>> > I took the USB stick and transferred the response file to my laptop, and
>> > then
>> > uploaded it using the laptop to S3 via Sean Bowe's transcript site.
>> >
>> > I did not destroy the compute node but I'm unlikely to use it or plug it
>> > in for
>> > some time.
>> > --
>> > Jason Davies, https://www.jasondavies.com
>> >
>> >
>> >
>> >
>> >> On 10 Nov 2017, at 22:11, Sean Bowe via zapps-wg
>> >>  wrote:
>> >>
>> >> Thanks Andrew! That's a great start.
>> >>
>> >> Now it's Jason Davies' turn.
>> >>
>> >> The entire transcript will appear here throughout the process:
>> >>
>> >> https://powersoftau-transcript.s3-us-west-2.amazonaws.com/index.html
>> >>
>> >> We can make a more formal announcement once we're in the groove and
>> >> everything looks good. We're getting a repo up with attestations soon
>> >> also.
>> >>
>> >> Sean
>> >>
>> >> On Fri, Nov 10, 2017 at 12:53 PM, Andrew Miller 
>> >> wrote:
>> >>> OK, I'll go first. Below is my report:
>> >>>
>> >>> Powers of Tau Operational writeup
>> >>> =
>> >>> Round: 1
>> >>> Date: 2011-11-10
>> >>> Name: Andrew Miller
>> >>> Location: Champaign, Illinois
>> >>>
>> >>> Challenge: (genesis)
>> >>>
>> >>> ce00f2100dd876fdff8dd824f55307bcb72d724f29ff20b9e0760f3a65e5588a65eaed57cbc61697111ae1f4cc7da2e62a85311c2ae683a041fb872b891c68dc
>> >>> Response:
>> >>>
>> >>> 15729e0edc4201dc5ee6241437d926f614cb4214ff1

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[cody burns via zapps-wg]

I will go after the unnamed party.


On Sat, Nov 11, 2017 at 3:21 AM Sean Bowe via zapps-wg
 wrote:

> All is verified and mirrored so far! Thanks!
>
> I've invited someone else to be next, but I'm not sure if they wanted
> me to identify them publicly before they were finished.
>
> Sean
>
> On Fri, Nov 10, 2017 at 5:25 PM, Jason Davies 
> wrote:
> > Hi all,
> >
> > Here is my report:
> >
> > Powers of Tau Operational Writeup
> > =
> >
> > Round: 2
> > Date: 2017-11-10
> > Name: Jason Davies
> > Location: London, UK
> >
> > Challenge:
> 467bc84f6eb98ff956eaf12a1b7ef4dc0aff1093c7a0d5c1dfbdb85bbfffb20a43965d0daefee3fec6c1a47af69100e117b44b74371824ac8af1e33b6f91add5
> > Response:
> 2f728af894524f55bda7a3e2c2e2db6a57a992811e90ed57456d62aead5106cdc5c97c86532d14b5185cc74d169f1b0c2c0ef1e582231ffa7936da55047c0cb2
> >
> > Preparation Steps
> > =
> >
> > Git repository: https://github.com/ebfull/powersoftau
> > Commit hash: 9e1553c437183540392a7231d0788318a19b18a3
> > Compiler: rustc 1.23.0-nightly (d6b06c63a 2017-11-09)
> > Build: cargo build --release --features=u128-support
> > b2sum(./target/release/compute):
> be42f68b07c5c857bb6561a9ac2967d671ef412a71c87c2fb31776a6ab38c756736de66e554553021e129ecab45d922092873df8b71bd9a775ec05f189485198
> >
> > I used a brand new 16GB USB stick and loaded
> ubuntu-17.04-desktop-amd64.iso; b2sum:
> 6a1c975b25b4e7f2dbf4fda84fe8b5de3ed6f4532b8c4f17e533ed11a0a8b5b9ad9fb83e8e4b89447c3a427be73f77a5f7c71b7f733fcc4bebf346e9c5c0de43.
> >
> > I reformatted a second brand new 16GB USB stick to ext4, then copied the
> > `challenge` file and the `target/release/compute` binary.
> >
> > Sidechannel Defences
> > 
> >
> > First of all, I lined a large cardboard box with aluminium foil in order
> to
> > make a rudimentary faraday cage.  Then, I assembled an airgap compute
> node
> > using some relatively cheap parts, putting them all inside the box:
> >
> > * Motherboard: Asus H81 Pro BTC (no radio, bluetooth or speakers AFAIK)
> > * CPU: Intel G1840
> > * Ram: 2x cheap 1GB sticks
> > * PSU: EVGA SuperNOVA 1300 G2
> > * Monitor: old Dell TFT display
> > * Keyboard: generic USB keyboard
> >
> > No other peripherals or cables were connected.  I placed the compute
> node in my
> > cellar (~6ft below ground level) and I remained with the node during the
> entire
> > time it was computing, without using any other devices in the vicinity
> (no
> > mobile phone etc.)  The only cables coming out of the box were the two
> power
> > cables, one for the PSU and one for the monitor.
> >
> > Image: https://pbs.twimg.com/media/DOT55KUXUAEV44-.jpg:large
> >
> > Procedure
> > =
> >
> > I booted the node, with "Try Ubuntu" (Live CD mode).  Then, I inserted
> the
> > challenge USB stick and ran `./compute` in the USB media directory,
> entering
> > some additional entropy as requested by typing randomly on the
> keyboard.  The
> > box lid was only partially opened to allow use of the keyboard and to
> view the
> > monitor at this point.  After 60 minutes had passed, I looked inside the
> lid
> > and saw that the computation had completed, so I wrote down the BLAKE2b
> hash,
> > and unmounted and removed the USB stick, and then powered the node down.
> >
> > Postprocessing
> > ==
> >
> > I took the USB stick and transferred the response file to my laptop, and
> then
> > uploaded it using the laptop to S3 via Sean Bowe's transcript site.
> >
> > I did not destroy the compute node but I'm unlikely to use it or plug it
> in for
> > some time.
> > --
> > Jason Davies, https://www.jasondavies.com
> >
> >
> >
> >
> >> On 10 Nov 2017, at 22:11, Sean Bowe via zapps-wg
>  wrote:
> >>
> >> Thanks Andrew! That's a great start.
> >>
> >> Now it's Jason Davies' turn.
> >>
> >> The entire transcript will appear here throughout the process:
> >>
> >> https://powersoftau-transcript.s3-us-west-2.amazonaws.com/index.html
> >>
> >> We can make a more formal announcement once we're in the groove and
> >> everything looks good. We're getting a repo up with attestations soon
> >> also.
> >>
> >> Sean
> >>
> >> On Fri, Nov 10, 2017 at 12:53 PM, Andrew Miller 
> wrote:
> >>> OK, I'll go first. Below is my report:
> >>>
> >>> Powers of Tau Operational writeup
> >>> =
> >>> Round: 1
> >>> Date: 2011-11-10
> >>> Name: Andrew Miller
> >>> Location: Champaign, Illinois
> >>>
> >>> Challenge: (genesis)
> >>>
> ce00f2100dd876fdff8dd824f55307bcb72d724f29ff20b9e0760f3a65e5588a65eaed57cbc61697111ae1f4cc7da2e62a85311c2ae683a041fb872b891c68dc
> >>> Response:
> >>>
> 15729e0edc4201dc5ee6241437d926f614cb4214ff1b9c6fbd73daf401639f7a4238cf04bc94edac9f2ad037003daab9a4408ba7c62a4413dc2a0ddd683bd719
> >>> ./response-2017-11-10-amiller
> >>>
> >>> Preparation steps
> >>> =
> >>> I used Sean’s powersoftau rust repo, commit
> >>> 9e1553c437183540392a7231d0788318a19b18a3
> >>>
> >>> I followed instructions online for building

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[Sean Bowe via zapps-wg]

All is verified and mirrored so far! Thanks!

I've invited someone else to be next, but I'm not sure if they wanted
me to identify them publicly before they were finished.

Sean

On Fri, Nov 10, 2017 at 5:25 PM, Jason Davies  wrote:
> Hi all,
>
> Here is my report:
>
> Powers of Tau Operational Writeup
> =
>
> Round: 2
> Date: 2017-11-10
> Name: Jason Davies
> Location: London, UK
>
> Challenge: 
> 467bc84f6eb98ff956eaf12a1b7ef4dc0aff1093c7a0d5c1dfbdb85bbfffb20a43965d0daefee3fec6c1a47af69100e117b44b74371824ac8af1e33b6f91add5
> Response: 
> 2f728af894524f55bda7a3e2c2e2db6a57a992811e90ed57456d62aead5106cdc5c97c86532d14b5185cc74d169f1b0c2c0ef1e582231ffa7936da55047c0cb2
>
> Preparation Steps
> =
>
> Git repository: https://github.com/ebfull/powersoftau
> Commit hash: 9e1553c437183540392a7231d0788318a19b18a3
> Compiler: rustc 1.23.0-nightly (d6b06c63a 2017-11-09)
> Build: cargo build --release --features=u128-support
> b2sum(./target/release/compute): 
> be42f68b07c5c857bb6561a9ac2967d671ef412a71c87c2fb31776a6ab38c756736de66e554553021e129ecab45d922092873df8b71bd9a775ec05f189485198
>
> I used a brand new 16GB USB stick and loaded ubuntu-17.04-desktop-amd64.iso; 
> b2sum: 
> 6a1c975b25b4e7f2dbf4fda84fe8b5de3ed6f4532b8c4f17e533ed11a0a8b5b9ad9fb83e8e4b89447c3a427be73f77a5f7c71b7f733fcc4bebf346e9c5c0de43.
>
> I reformatted a second brand new 16GB USB stick to ext4, then copied the
> `challenge` file and the `target/release/compute` binary.
>
> Sidechannel Defences
> 
>
> First of all, I lined a large cardboard box with aluminium foil in order to
> make a rudimentary faraday cage.  Then, I assembled an airgap compute node
> using some relatively cheap parts, putting them all inside the box:
>
> * Motherboard: Asus H81 Pro BTC (no radio, bluetooth or speakers AFAIK)
> * CPU: Intel G1840
> * Ram: 2x cheap 1GB sticks
> * PSU: EVGA SuperNOVA 1300 G2
> * Monitor: old Dell TFT display
> * Keyboard: generic USB keyboard
>
> No other peripherals or cables were connected.  I placed the compute node in 
> my
> cellar (~6ft below ground level) and I remained with the node during the 
> entire
> time it was computing, without using any other devices in the vicinity (no
> mobile phone etc.)  The only cables coming out of the box were the two power
> cables, one for the PSU and one for the monitor.
>
> Image: https://pbs.twimg.com/media/DOT55KUXUAEV44-.jpg:large
>
> Procedure
> =
>
> I booted the node, with "Try Ubuntu" (Live CD mode).  Then, I inserted the
> challenge USB stick and ran `./compute` in the USB media directory, entering
> some additional entropy as requested by typing randomly on the keyboard.  The
> box lid was only partially opened to allow use of the keyboard and to view the
> monitor at this point.  After 60 minutes had passed, I looked inside the lid
> and saw that the computation had completed, so I wrote down the BLAKE2b hash,
> and unmounted and removed the USB stick, and then powered the node down.
>
> Postprocessing
> ==
>
> I took the USB stick and transferred the response file to my laptop, and then
> uploaded it using the laptop to S3 via Sean Bowe's transcript site.
>
> I did not destroy the compute node but I'm unlikely to use it or plug it in 
> for
> some time.
> --
> Jason Davies, https://www.jasondavies.com
>
>
>
>
>> On 10 Nov 2017, at 22:11, Sean Bowe via zapps-wg 
>>  wrote:
>>
>> Thanks Andrew! That's a great start.
>>
>> Now it's Jason Davies' turn.
>>
>> The entire transcript will appear here throughout the process:
>>
>> https://powersoftau-transcript.s3-us-west-2.amazonaws.com/index.html
>>
>> We can make a more formal announcement once we're in the groove and
>> everything looks good. We're getting a repo up with attestations soon
>> also.
>>
>> Sean
>>
>> On Fri, Nov 10, 2017 at 12:53 PM, Andrew Miller  wrote:
>>> OK, I'll go first. Below is my report:
>>>
>>> Powers of Tau Operational writeup
>>> =
>>> Round: 1
>>> Date: 2011-11-10
>>> Name: Andrew Miller
>>> Location: Champaign, Illinois
>>>
>>> Challenge: (genesis)
>>> ce00f2100dd876fdff8dd824f55307bcb72d724f29ff20b9e0760f3a65e5588a65eaed57cbc61697111ae1f4cc7da2e62a85311c2ae683a041fb872b891c68dc
>>> Response:
>>> 15729e0edc4201dc5ee6241437d926f614cb4214ff1b9c6fbd73daf401639f7a4238cf04bc94edac9f2ad037003daab9a4408ba7c62a4413dc2a0ddd683bd719
>>> ./response-2017-11-10-amiller
>>>
>>> Preparation steps
>>> =
>>> I used Sean’s powersoftau rust repo, commit
>>> 9e1553c437183540392a7231d0788318a19b18a3
>>>
>>> I followed instructions online for building portable rust binaries,
>>> and so I ran
>>> ```
>>> cargo build --target=x86_64-unknown-linux-musl --release
>>> --features=u128-support --bin=compute
>>> ```
>>>
>>> Compiler: rustc 1.23.0-nightly (02004ef78 2017-11-08)
>>>
>>> I copied the resulting binary to a freshly formatted USB stick I had.
>>>
>>> b2sum:
>>> 9059a0a64f5021c36df630ca48ac40674862b2fea1

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[Jason Davies via zapps-wg]

Hi all,

Here is my report:

Powers of Tau Operational Writeup
=

Round: 2
Date: 2017-11-10
Name: Jason Davies
Location: London, UK

Challenge: 
467bc84f6eb98ff956eaf12a1b7ef4dc0aff1093c7a0d5c1dfbdb85bbfffb20a43965d0daefee3fec6c1a47af69100e117b44b74371824ac8af1e33b6f91add5
Response: 
2f728af894524f55bda7a3e2c2e2db6a57a992811e90ed57456d62aead5106cdc5c97c86532d14b5185cc74d169f1b0c2c0ef1e582231ffa7936da55047c0cb2

Preparation Steps
=

Git repository: https://github.com/ebfull/powersoftau
Commit hash: 9e1553c437183540392a7231d0788318a19b18a3
Compiler: rustc 1.23.0-nightly (d6b06c63a 2017-11-09)
Build: cargo build --release --features=u128-support
b2sum(./target/release/compute): 
be42f68b07c5c857bb6561a9ac2967d671ef412a71c87c2fb31776a6ab38c756736de66e554553021e129ecab45d922092873df8b71bd9a775ec05f189485198

I used a brand new 16GB USB stick and loaded ubuntu-17.04-desktop-amd64.iso; 
b2sum: 
6a1c975b25b4e7f2dbf4fda84fe8b5de3ed6f4532b8c4f17e533ed11a0a8b5b9ad9fb83e8e4b89447c3a427be73f77a5f7c71b7f733fcc4bebf346e9c5c0de43.

I reformatted a second brand new 16GB USB stick to ext4, then copied the
`challenge` file and the `target/release/compute` binary.

Sidechannel Defences


First of all, I lined a large cardboard box with aluminium foil in order to
make a rudimentary faraday cage.  Then, I assembled an airgap compute node
using some relatively cheap parts, putting them all inside the box:

* Motherboard: Asus H81 Pro BTC (no radio, bluetooth or speakers AFAIK)
* CPU: Intel G1840
* Ram: 2x cheap 1GB sticks
* PSU: EVGA SuperNOVA 1300 G2
* Monitor: old Dell TFT display
* Keyboard: generic USB keyboard

No other peripherals or cables were connected.  I placed the compute node in my
cellar (~6ft below ground level) and I remained with the node during the entire
time it was computing, without using any other devices in the vicinity (no
mobile phone etc.)  The only cables coming out of the box were the two power
cables, one for the PSU and one for the monitor.

Image: https://pbs.twimg.com/media/DOT55KUXUAEV44-.jpg:large

Procedure
=

I booted the node, with "Try Ubuntu" (Live CD mode).  Then, I inserted the
challenge USB stick and ran `./compute` in the USB media directory, entering
some additional entropy as requested by typing randomly on the keyboard.  The
box lid was only partially opened to allow use of the keyboard and to view the
monitor at this point.  After 60 minutes had passed, I looked inside the lid
and saw that the computation had completed, so I wrote down the BLAKE2b hash,
and unmounted and removed the USB stick, and then powered the node down.

Postprocessing
==

I took the USB stick and transferred the response file to my laptop, and then
uploaded it using the laptop to S3 via Sean Bowe's transcript site.

I did not destroy the compute node but I'm unlikely to use it or plug it in for
some time.
--
Jason Davies, https://www.jasondavies.com



report.asc
Description: Binary data


> On 10 Nov 2017, at 22:11, Sean Bowe via zapps-wg 
>  wrote:
> 
> Thanks Andrew! That's a great start.
> 
> Now it's Jason Davies' turn.
> 
> The entire transcript will appear here throughout the process:
> 
> https://powersoftau-transcript.s3-us-west-2.amazonaws.com/index.html
> 
> We can make a more formal announcement once we're in the groove and
> everything looks good. We're getting a repo up with attestations soon
> also.
> 
> Sean
> 
> On Fri, Nov 10, 2017 at 12:53 PM, Andrew Miller  wrote:
>> OK, I'll go first. Below is my report:
>> 
>> Powers of Tau Operational writeup
>> =
>> Round: 1
>> Date: 2011-11-10
>> Name: Andrew Miller
>> Location: Champaign, Illinois
>> 
>> Challenge: (genesis)
>> ce00f2100dd876fdff8dd824f55307bcb72d724f29ff20b9e0760f3a65e5588a65eaed57cbc61697111ae1f4cc7da2e62a85311c2ae683a041fb872b891c68dc
>> Response:
>> 15729e0edc4201dc5ee6241437d926f614cb4214ff1b9c6fbd73daf401639f7a4238cf04bc94edac9f2ad037003daab9a4408ba7c62a4413dc2a0ddd683bd719
>> ./response-2017-11-10-amiller
>> 
>> Preparation steps
>> =
>> I used Sean’s powersoftau rust repo, commit
>> 9e1553c437183540392a7231d0788318a19b18a3
>> 
>> I followed instructions online for building portable rust binaries,
>> and so I ran
>> ```
>> cargo build --target=x86_64-unknown-linux-musl --release
>> --features=u128-support --bin=compute
>> ```
>> 
>> Compiler: rustc 1.23.0-nightly (02004ef78 2017-11-08)
>> 
>> I copied the resulting binary to a freshly formatted USB stick I had.
>> 
>> b2sum:
>> 9059a0a64f5021c36df630ca48ac40674862b2fea14f4843ff2150256b95162ac4d6d1621d2dd3f5d0d1c604ad8e581c0ff449d2449140380eab075a9b83c960
>> ./target/x86_64-unknown-linux-musl/release/compute
>> 
>> I also rummaged through my shelf of several USB sticks, and found one
>> that happened to be a Linux Mint 18 USB bootable disk, so I used that
>> for my operating system.
>> 
>> Sidechannel defenses
>> 
>> I used a

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[Sean Bowe via zapps-wg]

Thanks Andrew! That's a great start.

Now it's Jason Davies' turn.

The entire transcript will appear here throughout the process:

https://powersoftau-transcript.s3-us-west-2.amazonaws.com/index.html

We can make a more formal announcement once we're in the groove and
everything looks good. We're getting a repo up with attestations soon
also.

Sean

On Fri, Nov 10, 2017 at 12:53 PM, Andrew Miller  wrote:
> OK, I'll go first. Below is my report:
>
> Powers of Tau Operational writeup
> =
> Round: 1
> Date: 2011-11-10
> Name: Andrew Miller
> Location: Champaign, Illinois
>
> Challenge: (genesis)
> ce00f2100dd876fdff8dd824f55307bcb72d724f29ff20b9e0760f3a65e5588a65eaed57cbc61697111ae1f4cc7da2e62a85311c2ae683a041fb872b891c68dc
> Response:
> 15729e0edc4201dc5ee6241437d926f614cb4214ff1b9c6fbd73daf401639f7a4238cf04bc94edac9f2ad037003daab9a4408ba7c62a4413dc2a0ddd683bd719
> ./response-2017-11-10-amiller
>
> Preparation steps
> =
> I used Sean’s powersoftau rust repo, commit
> 9e1553c437183540392a7231d0788318a19b18a3
>
> I followed instructions online for building portable rust binaries,
> and so I ran
> ```
> cargo build --target=x86_64-unknown-linux-musl --release
> --features=u128-support --bin=compute
> ```
>
> Compiler: rustc 1.23.0-nightly (02004ef78 2017-11-08)
>
> I copied the resulting binary to a freshly formatted USB stick I had.
>
> b2sum:
> 9059a0a64f5021c36df630ca48ac40674862b2fea14f4843ff2150256b95162ac4d6d1621d2dd3f5d0d1c604ad8e581c0ff449d2449140380eab075a9b83c960
> ./target/x86_64-unknown-linux-musl/release/compute
>
> I also rummaged through my shelf of several USB sticks, and found one
> that happened to be a Linux Mint 18 USB bootable disk, so I used that
> for my operating system.
>
> Sidechannel defenses
> 
> I used an airgap compute node, a Dell Inspiron that I’ve had for about
> a year now (Actually this is a computer I bought last year for
> dress-rehearsals in the Zcash Sprout param generation ceremony).
>
> I unplugged all the computer’s hard drives, and detached its
> wifi/bluetooth radios. I booted the computer from the Linux Mint
> livecd usb stick, and then also copied the binaries into RAM. The
> compute node was located in my bedroom, and I attended it for the ~1hr
> duration of the compute process.
>
> Image: https://pbs.twimg.com/media/DOSZz4FXkAEKC7N.jpg:large
>
> Postprocessing
> ==
> After compute was finished, I took a cell phone picture of the blake2b
> hash of the response. I then copied the response file to the USB stick
> containing the binaries, and then I unplugged the compute node. Using
> my personal laptop, I posted the blake2b hash to the #mpc chat and
> uploaded the response file to s3.
>
> The repsonse file is hosted here for now, though I expect we'll
> mirror it elsewhere later:
> https://s3.amazonaws.com/socrates1024_a/response-2017-11-10-amiller
>
> I did not destroy the compute node and do plan to use it again,
> although I'm going to leave it unplugged for several days.
>
> On Wed, Nov 8, 2017 at 10:19 PM, Sean Bowe  wrote:
>> Note that the `response` file contains a hash of the `challenge` file
>> that was used as input for the compute tool. As a result, only the
>> hashes of the `response` files need to be published; a hash chain is
>> formed through all participants. The initial challenge file is
>> deterministic. (You can use the `new` tool on the repository to
>> construct it.)
>>
>> The initial challenge file has BLAKE2b hash:
>>
>> ce00f2100dd876fdff8dd824f55307bcb72d724f29ff20b9e0760f3a65e5588a65eaed57cbc61697111ae1f4cc7da2e62a85311c2ae683a041fb872b891c68dc
>>
>> It doesn't hurt to post hashes of everything though. Hash all the things.
>>
>> Sean
>>
>> On Wed, Nov 8, 2017 at 4:51 PM, Andrew Miller  wrote:
>>> Thanks Sean!
>>>
>>> My idea is to use an ad hoc and publicly visible process. "Get in
>>> contact with [sean]" could be as simple as posting in public to this
>>> thread. Unless we're overrun by trolls, a public mailing list can be
>>> an informal way to agree on who goes next. Whoever posts and says "Me,
>>> me! I'd like to go next", should, by convention, go next. Any
>>> aberrations (parties taking too long or dropping out, posting invalid
>>> data, etc., can be dealt with as needed).
>>>
>>> I believe it's also the case that
>>> a) The "response" file from each person is roughly the same as the
>>> "challenge" file for the next participant, and
>>> b) The response/challenge files are safe to be published at any time,
>>> not private at all.
>>> So, by convention, we should post the hashes of those files here right
>>> away, and make a best effort to mirror them publicly (each one is like
>>> a gigabyte, I think).
>>>
>>> What does the initial challenge file consist of? Could you post the
>>> hash of it here?
>>>
>>> Cheers,
>>>
>>> On Wed, Nov 8, 2017 at 3:04 PM, Sean Bowe via zapps-wg
>>>  wrote:
 Ariel Gabizon, Ian Miers and I have just published a new paper 

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[Andrew Miller via zapps-wg]

OK, I'll go first. Below is my report:

Powers of Tau Operational writeup
=
Round: 1
Date: 2011-11-10
Name: Andrew Miller
Location: Champaign, Illinois

Challenge: (genesis)
ce00f2100dd876fdff8dd824f55307bcb72d724f29ff20b9e0760f3a65e5588a65eaed57cbc61697111ae1f4cc7da2e62a85311c2ae683a041fb872b891c68dc
Response:
15729e0edc4201dc5ee6241437d926f614cb4214ff1b9c6fbd73daf401639f7a4238cf04bc94edac9f2ad037003daab9a4408ba7c62a4413dc2a0ddd683bd719
./response-2017-11-10-amiller

Preparation steps
=
I used Sean’s powersoftau rust repo, commit
9e1553c437183540392a7231d0788318a19b18a3

I followed instructions online for building portable rust binaries,
and so I ran
```
cargo build --target=x86_64-unknown-linux-musl --release
--features=u128-support --bin=compute
```

Compiler: rustc 1.23.0-nightly (02004ef78 2017-11-08)

I copied the resulting binary to a freshly formatted USB stick I had.

b2sum:
9059a0a64f5021c36df630ca48ac40674862b2fea14f4843ff2150256b95162ac4d6d1621d2dd3f5d0d1c604ad8e581c0ff449d2449140380eab075a9b83c960
./target/x86_64-unknown-linux-musl/release/compute

I also rummaged through my shelf of several USB sticks, and found one
that happened to be a Linux Mint 18 USB bootable disk, so I used that
for my operating system.

Sidechannel defenses

I used an airgap compute node, a Dell Inspiron that I’ve had for about
a year now (Actually this is a computer I bought last year for
dress-rehearsals in the Zcash Sprout param generation ceremony).

I unplugged all the computer’s hard drives, and detached its
wifi/bluetooth radios. I booted the computer from the Linux Mint
livecd usb stick, and then also copied the binaries into RAM. The
compute node was located in my bedroom, and I attended it for the ~1hr
duration of the compute process.

Image: https://pbs.twimg.com/media/DOSZz4FXkAEKC7N.jpg:large

Postprocessing
==
After compute was finished, I took a cell phone picture of the blake2b
hash of the response. I then copied the response file to the USB stick
containing the binaries, and then I unplugged the compute node. Using
my personal laptop, I posted the blake2b hash to the #mpc chat and
uploaded the response file to s3.

The repsonse file is hosted here for now, though I expect we'll
mirror it elsewhere later:
https://s3.amazonaws.com/socrates1024_a/response-2017-11-10-amiller

I did not destroy the compute node and do plan to use it again,
although I'm going to leave it unplugged for several days.

On Wed, Nov 8, 2017 at 10:19 PM, Sean Bowe  wrote:
> Note that the `response` file contains a hash of the `challenge` file
> that was used as input for the compute tool. As a result, only the
> hashes of the `response` files need to be published; a hash chain is
> formed through all participants. The initial challenge file is
> deterministic. (You can use the `new` tool on the repository to
> construct it.)
>
> The initial challenge file has BLAKE2b hash:
>
> ce00f2100dd876fdff8dd824f55307bcb72d724f29ff20b9e0760f3a65e5588a65eaed57cbc61697111ae1f4cc7da2e62a85311c2ae683a041fb872b891c68dc
>
> It doesn't hurt to post hashes of everything though. Hash all the things.
>
> Sean
>
> On Wed, Nov 8, 2017 at 4:51 PM, Andrew Miller  wrote:
>> Thanks Sean!
>>
>> My idea is to use an ad hoc and publicly visible process. "Get in
>> contact with [sean]" could be as simple as posting in public to this
>> thread. Unless we're overrun by trolls, a public mailing list can be
>> an informal way to agree on who goes next. Whoever posts and says "Me,
>> me! I'd like to go next", should, by convention, go next. Any
>> aberrations (parties taking too long or dropping out, posting invalid
>> data, etc., can be dealt with as needed).
>>
>> I believe it's also the case that
>> a) The "response" file from each person is roughly the same as the
>> "challenge" file for the next participant, and
>> b) The response/challenge files are safe to be published at any time,
>> not private at all.
>> So, by convention, we should post the hashes of those files here right
>> away, and make a best effort to mirror them publicly (each one is like
>> a gigabyte, I think).
>>
>> What does the initial challenge file consist of? Could you post the
>> hash of it here?
>>
>> Cheers,
>>
>> On Wed, Nov 8, 2017 at 3:04 PM, Sean Bowe via zapps-wg
>>  wrote:
>>> Ariel Gabizon, Ian Miers and I have just published a new paper detailing a
>>> multi-party computation (MPC) protocol for constructing zk-SNARK public
>>> parameters.
>>>
>>> https://eprint.iacr.org/2017/1050
>>>
>>> The highlights are:
>>>
>>> * It allows for a single, gigantic ceremony to take place for all possible
>>> zk-SNARK circuits within a given size bound. The results of this ceremony
>>> are partial zk-SNARK parameters for the entire community. We call this
>>> communal ceremony the Powers of Tau.
>>> * If you want to use zk-SNARKs in your protocols, you still have to do an
>>> MPC for your circuit. But because of the P

Re: [zapps-wg] Powers of Tau Ceremony Proposal

[Sean Bowe via zapps-wg]

Note that the `response` file contains a hash of the `challenge` file
that was used as input for the compute tool. As a result, only the
hashes of the `response` files need to be published; a hash chain is
formed through all participants. The initial challenge file is
deterministic. (You can use the `new` tool on the repository to
construct it.)

The initial challenge file has BLAKE2b hash:

ce00f2100dd876fdff8dd824f55307bcb72d724f29ff20b9e0760f3a65e5588a65eaed57cbc61697111ae1f4cc7da2e62a85311c2ae683a041fb872b891c68dc

It doesn't hurt to post hashes of everything though. Hash all the things.

Sean

On Wed, Nov 8, 2017 at 4:51 PM, Andrew Miller  wrote:
> Thanks Sean!
>
> My idea is to use an ad hoc and publicly visible process. "Get in
> contact with [sean]" could be as simple as posting in public to this
> thread. Unless we're overrun by trolls, a public mailing list can be
> an informal way to agree on who goes next. Whoever posts and says "Me,
> me! I'd like to go next", should, by convention, go next. Any
> aberrations (parties taking too long or dropping out, posting invalid
> data, etc., can be dealt with as needed).
>
> I believe it's also the case that
> a) The "response" file from each person is roughly the same as the
> "challenge" file for the next participant, and
> b) The response/challenge files are safe to be published at any time,
> not private at all.
> So, by convention, we should post the hashes of those files here right
> away, and make a best effort to mirror them publicly (each one is like
> a gigabyte, I think).
>
> What does the initial challenge file consist of? Could you post the
> hash of it here?
>
> Cheers,
>
> On Wed, Nov 8, 2017 at 3:04 PM, Sean Bowe via zapps-wg
>  wrote:
>> Ariel Gabizon, Ian Miers and I have just published a new paper detailing a
>> multi-party computation (MPC) protocol for constructing zk-SNARK public
>> parameters.
>>
>> https://eprint.iacr.org/2017/1050
>>
>> The highlights are:
>>
>> * It allows for a single, gigantic ceremony to take place for all possible
>> zk-SNARK circuits within a given size bound. The results of this ceremony
>> are partial zk-SNARK parameters for the entire community. We call this
>> communal ceremony the Powers of Tau.
>> * If you want to use zk-SNARKs in your protocols, you still have to do an
>> MPC for your circuit. But because of the Powers of Tau ceremony, your
>> ceremony is much cheaper to perform and the costs per-participant scale
>> linearly with respect to the circuit complexity.
>> * The best part is that the Powers of Tau and these circuit-specific MPCs
>> can scale to hundreds/thousands of participants. As the number of
>> participants grows, it becomes unrealistic that all of them could be
>> compromised.
>>
>> So, let's do the Powers of Tau ceremony! The Zcash Foundation is excited to
>> participate in the process. The Zcash Company is particularly excited in
>> starting soon because we want to leverage it for our next MPC for the
>> Sapling upgrade of Zcash.
>>
>> The MPC protocol for this ceremony only requires that one participant
>> successfully destroy the secret randomness they sample during their part. We
>> intend to give participants total flexibility in deciding how to
>> participate; we don't mind what software, hardware or OS you use.
>>
>> I have written some Rust software for participants to run:
>>
>> https://github.com/ebfull/powersoftau
>>
>> In order to simplify auditing, I won't be making any more changes to the
>> code unless absolutely necessary. You don't have to use this software, but
>> there are no alternative implementations at this time. I think it should be
>> feasible to write a C version of the code using the RELIC toolkit, which has
>> implemented BLS12-381. I am very confident in the Rust code, though, and I
>> believe in its stability/correctness.
>>
>> I have some opinions about the ceremony:
>>
>> 1. I disagree with processes that don't improve security of the ceremony.
>> Having a small surface area of code and process increases the chance that
>> bugs will be discovered by auditors because there are fewer things that can
>> go wrong. Remember that there is already quite a bit for the public to
>> check: the transcript correctness, the code correctness, the randomness
>> beacon, the cryptographic proof, code dependencies, etc.
>> 2. It needs to start soon so that it can be useful for the Sapling MPC.
>> 3. It needs to have lots of reputable participants by the time we start the
>> Sapling MPC.
>>
>> Given the above, I would like to suggest that we start the ceremony now
>> using my existing code, which supports circuits up to 2^21 gates. This means
>> people would just get in contact with me if they want to participate and
>> I'll schedule them in. I'll try to prioritize reputable people, but I'll
>> allow pretty much anyone I have time to. Everything that I do is publicly
>> verifiable (there is a transcript at the end of the ceremony which people
>> can check).
>>
>> Andrew