Powers of Tau Operational Write-up ============================= Round: 12
Date: 2017-11-20 Name: Miguel Angel Marco Buzunariz Location: Spain Response: BLAKE2b 22fd2b37f794b19dab85cfbb3dd018c8ab7a07e44b34394449ab1b28ed7ef133e8ca0fc77a497670a622dfb1e74e8af57cda01cc9b8614ba65a29a0d64dadadf Procedure ================= * Followed the plan written in plancommit.txt (sha256hash 8829a8a45363c98ced7d6059e90b9095f875863c78ba8474ea9017e9e9820405), to which I commited in the mailing list. * Preparation: * Downloaded [Powers of Tau](https://github.com/ebfull/powersoftau) commit d47a1d3d1f007063cbcc35f1ab902601a8b3bd91, and compiled it in a gentoo linux box with rustc 1.21.0-dev (compiled in the same system). Obtained a `compute` binary with sha256hash 2603d31c9394ac624a0a3bceb5c9d227f73447dac29c4e2a598dd69590c92cd3 * Take the hard drive and wifi card out of an old core2duo laptop with 4GB RAM to be used as airgapped node * Download a Linux Mint 18.2 Kde .iso file from its website, and (sha256hash 9173901fbead7d2ece2454f8f51dbb375e1dfdfc74cfaef450342a3144955fe1) and burn it in six different usb drives. * Ceremony * Downloaded the `challenge` file from https://s3-us-west-2.amazonaws.com/ powersoftau/lOg9HOyt0u1cxR0djXfFX1gmwLnU0y56/index.html, checked its sha256hash f767da9aa257a15869ead2e2c7b9019f5cbb3ae9454bf9cff2456b0cf73dd36e * Copied the `challenge` file and the `compute` binary to six different usb drives. * Chose one of the 6 Linux Mint usb drives at random (rolling a dice) and boot the airgapped node with it. Keep the other five untouched. * Chose one of the 6 usb drives with the `challenge` and `compute` files at random (dice roll) and insert it in the airgapped machine. Keep the other five untouched. * Checked the hash of the `compute` and `challenge`files in the airgapped machine, and run `compute` * Inserted the source of entropy: a bunch of random keys, plus the result of 50 dice rolls. * Copied the sha256hash of the `response` file ( d7c3f0f75867bed812e056a7ddef6b7994d2d9b3c658c60cbdd18f1e6a06dacf ) * Burnt the `response` file to six different DVD-R * Chose one of the DVD-R at random with a dice, insert it in the network node, copied its content to the hard drive and verified the hash. The other five were kept untouched. * Uploaded the response file to the [Amazon S3 bucket](https://s3-us-west-2.amazonaws.com/powersoftau/lOg9HOyt0u1cxR0djXfFX1gmwLnU0y56/index.html) Side channel defenses ================= Entropy source: Many keys pressed at random, plus the result of 50 dice rolls. Computation took place on an airgapped machine, with no wifi card nor hard drive. The media that was used to move information between the compute mode was copied in 6 different devices, only one of each (chosen at random with a dice) was inserted in the other machine, the other five will be kept untouched for several months at least. The following material will be kept available for forensic audit in case someone is interested in doing it: * airgapped machine (will be kept turned off, with no battery and no power cable). * the six usb drives with the live linux system (the one actually used and the other five that didn't gt in touch with the airgapped machine) * the six usb drives with the `compute` binary, and the `challenge` file (again one was used, and the other five didn't get in contact with the airgapped machine) * the six DVD-R with the `response` file (again, one was actually inserted in the network node, and the other five never touched it) I plan to keep this material for several months. If someone is interested in auditing it, please get in touch with me. In case nobody shows interest, I might decide to reuse all or part of it at some point. Miguel Angel Marco Buzunariz Universidad de Zaragoza mma...@unizar.es
Description: This is a digitally signed message part.