Powers of Tau Operational Write-up
=============================

Round: 12

Date: 2017-11-20

Name: Miguel Angel Marco Buzunariz

Location: Spain

Response: BLAKE2b 
22fd2b37f794b19dab85cfbb3dd018c8ab7a07e44b34394449ab1b28ed7ef133e8ca0fc77a497670a622dfb1e74e8af57cda01cc9b8614ba65a29a0d64dadadf

Procedure
=================

* Followed the plan written in plancommit.txt (sha256hash 
8829a8a45363c98ced7d6059e90b9095f875863c78ba8474ea9017e9e9820405), to which I 
commited in the mailing list.

* Preparation:
    * Downloaded [Powers of Tau](https://github.com/ebfull/powersoftau) commit 
d47a1d3d1f007063cbcc35f1ab902601a8b3bd91, and compiled it in a gentoo linux 
box with rustc 1.21.0-dev (compiled in the same system). Obtained a `compute` 
binary with sha256hash 
2603d31c9394ac624a0a3bceb5c9d227f73447dac29c4e2a598dd69590c92cd3 
    * Take the hard drive and wifi card out of an old core2duo laptop with 4GB 
RAM to be used as airgapped node
    * Download a Linux Mint 18.2 Kde .iso file from its website, and 
(sha256hash 9173901fbead7d2ece2454f8f51dbb375e1dfdfc74cfaef450342a3144955fe1) 
and burn it in six different usb drives.
* Ceremony
    * Downloaded the `challenge` file from https://s3-us-west-2.amazonaws.com/
powersoftau/lOg9HOyt0u1cxR0djXfFX1gmwLnU0y56/index.html, checked its 
sha256hash f767da9aa257a15869ead2e2c7b9019f5cbb3ae9454bf9cff2456b0cf73dd36e
    * Copied the `challenge` file and the `compute` binary to six different usb 
drives.
    * Chose one of the 6 Linux Mint usb drives at random (rolling a dice) and 
boot the airgapped node with it. Keep the other five untouched.
    * Chose one of the 6 usb drives with the `challenge` and `compute` files at 
random (dice roll) and insert it in the airgapped machine. Keep the other five 
untouched.
    * Checked the hash of the `compute` and `challenge`files in the airgapped 
machine, and run `compute`
    * Inserted the source of entropy: a bunch of random keys, plus the result 
of 50 dice rolls.
    * Copied the sha256hash of the `response` file ( 
d7c3f0f75867bed812e056a7ddef6b7994d2d9b3c658c60cbdd18f1e6a06dacf )
    * Burnt the `response` file to six different DVD-R
    * Chose one of the DVD-R at random with a dice, insert it in the network 
node, copied its content to the hard drive and verified the hash. The other 
five 
were kept untouched.
    * Uploaded the response file to the [Amazon S3 
bucket](https://s3-us-west-2.amazonaws.com/powersoftau/lOg9HOyt0u1cxR0djXfFX1gmwLnU0y56/index.html)

Side channel defenses
=================

Entropy source: Many keys pressed at random, plus the result of 50 dice rolls.

Computation took place on an airgapped machine, with no wifi card nor hard 
drive. The media that was used to move information between the compute mode 
was copied in 6 different devices, only one of each (chosen at random with a 
dice) was inserted in the other machine, the other five will be kept untouched 
for several months at least.

The following material will be kept available for forensic audit in case 
someone is interested in doing it:

* airgapped machine (will be kept turned off, with no battery and no power 
cable).
* the six usb drives with the live linux system (the one actually used and the 
other five that didn't gt in touch with the airgapped machine)
* the six usb drives with the `compute` binary, and the `challenge` file (again 
one was used, and the other five didn't get in contact with the airgapped 
machine)
* the six DVD-R with the `response` file  (again, one was actually inserted in 
the network node, and the other five never touched it)

I plan to keep this material for several months. If someone is interested in 
auditing it, please get in touch with me. In case nobody shows interest, I 
might decide to reuse all or part of it at some point.



Miguel Angel Marco Buzunariz
Universidad de Zaragoza
mma...@unizar.es

Attachment: signature.asc
Description: This is a digitally signed message part.

Reply via email to