Hash: SHA256

Powers of Tau Attestation

Round: 57
Date: 2018-02-13
Name: Sean Kelly
Location: Galway, Ireland

The BLAKE2b hash of `./response` is:
40db756c fdceae76 5472590b c0dd9ec1
7fa70475 f1cc9ef5 fdf99e0d 750cd6a2
ce010c95 b59130c6 d8c12eb2 c7fe5296
8858fca9 d6ba7bcb 67b391cf b1f5401d


Firstly, thank you for organising this and for the opportunity to participate.

In a similar way to Matt in round 4, I decided to leverage a cloud
provider's security (this time Microsofts) by running the computation
using Azure (https://docs.microsoft.com/en-us/azure/security/azure-security),
thus introducing an additional channel that would need to be
compromised by an attacker (now Microsofts cloud security will need to
have been compromised as well as Google's and all other participants).

>From Azure Managent Portal, I created a "Jumpbox" Compute Instance
(D2s v3) with public IP for downloading Rust, the Powers of Tau
utility and the challenge file. I created 2 additional "Calculation"
Compute Instances (E2s v3) without public IP's to perform the
computations, these VMs were located in different datacenters (1 in
Europe and 1 in the US). I used Ubuntu Server 16.04 as the OS for all

>From Azure Storage Manager, I created an Azure Files share that I
would use to transfer the files to the Calculation instances.

>From the Jumpbox, I downloaded Rust (v1.23.0), Powers of Tau (from
github.com/ebfull/powersoftau commit
d47a1d3d1f007063cbcc35f1ab902601a8b3bd91) and the Challenge File (from
S3). I transfered these files to the Calculation instances and ran the
computation from each instance simultaneously using random keyboard
inputs for additional entropy.

Once the responses were computed on both instance, I selected one of
the 2 response files by the flip of a coin. I copied the file to the
Jumpbox and deleted both Calculation instances. I then submitted its
hash to the mailing list (above) and uploaded the file to S3. I also
posted this hash on Twitter
(https://twitter.com/SeanKe11y/status/963592537310203905). Finally, I
deleted the Jumpbox compute instance and any other Azure resources
that were used to support the process.

Sidechannel Defenses

* I used my personal laptop (I'm reasonably confident that it's
secure) for connecting to Azure, it didn't leave my sight for the
duration of the process.
* I used a free Azure subscription I have that had never been used
before for any purpose.
* I connected to a VPN server in a country that I had never connected
to before prior to beginning the process.
* I downloded a browser I had never used before and used this for some
of the steps (I used PuTTY for everything else).
* The computations took place within Azure's datacenters leveraging
their security best practices.
* I ran the computation on multiple VMs simultaneously in two
different datacenters on different continents and randomly chose a
response to use.
* I deleted all VMs and associated Azure resources after the process
was completed.
* I didn't tell anyone I know that I was doing this, in case they are spies.

Sean Kelly
Version: Mailvelope v2.1.1
Comment: https://www.mailvelope.com


Reply via email to