Add the dual computer setup functionality (#49)

PatriceVignola · Feb 20, 2023 · 531dab4 · 531dab4
1 parent 32e3678
commit 531dab4
Show file tree

Hide file tree

Showing 13 changed files with 734 additions and 233 deletions.
diff --git a/README.md b/README.md
@@ -31,6 +31,7 @@ Multiple clients for the Go, Rust and Java languages already exist, but I haven'
 - Multiple layers of entropy for secret generation; in addition to the user's seed phrase, the secret generator will use the platform's CSPRNG (Cryptographically Secure PseudoRandom Number Generator) to improve entropy.
 - All generated secrets in a contribution are unique
 - Completely automated; while some clients need to the user to perform manual steps like opening their browser and copying some values back to the app, CKCC automatically opens the browser for each step and directs the user to the next step. The only manual step that the user needs to perform is to login through their GitHub or Ethereum account.
+- Dual computer option that allows the powers to be computed on an airgapped machine disconnected from the internet, which means that secrets cannot be leaked
 
 ## Usage
 
@@ -56,43 +57,84 @@ C++ KZG Ceremony Client
 Usage:
   ./build/bin/cpp-kzg-ceremony-client [OPTION...]
 
-  -s, --sequencer arg  URL of the sequencer to use (default:
-                       https://seq.ceremony.ethereum.org)
-  -a, --auth arg       Authentication provider to use. Choices: [ethereum,
-                       github] (default: ethereum)
-  -e, --entropy arg    Type of entropy to use for the first layer.
-                       Additional CSPRNG entropy will be applied on top of
-                       it. Choices: [stdin] (default: stdin)
-  -n, --no-signing     Disable the signing of the contribution. Although
-                       signing contributions is not mandatory, it is
-                       recommended to verify that the contributions listed
-                       in the transcript are actually generated by the
-                       addresses listed.
-  -h, --help           Print usage
+  -s, --sequencer arg           URL of the sequencer to use (default: 
+                                https://seq.ceremony.ethereum.org)
+  -a, --auth arg                Authentication provider to use. Choices: 
+                                [ethereum, github] (default: ethereum)
+  -m, --mode arg                Mode to use. `complete` mode goes through 
+                                the whole process on a single machine. 
+                                `internet` mode downloads the transcript 
+                                from and submits the contribution to the 
+                                sequencer, but doesn't generate any secrets 
+                                or sign anything. `airgapped` mode is meant 
+                                to be used on a computer without internet 
+                                connection and takes a `contribution.json` 
+                                file generated by a machine in `internet` 
+                                mode, computes the powers of tau and 
+                                updates the `contribution.json` file. 
+                                Choices: [complete, internet, airgapped] 
+                                (default: complete)
+  -c, --contribution-file-path arg
+                                Path to the contribution.json file used for 
+                                the `internet` and `airgapped` modes.
+  -e, --entropy arg             Type of entropy to use for the first layer. 
+                                Additional CSPRNG entropy will be applied 
+                                on top of it. Choices: [stdin] (default: 
+                                stdin)
+  -n, --no-signing              Disable the signing of the contribution. 
+                                Although signing contributions is not 
+                                mandatory, it is recommended to verify that 
+                                the contributions listed in the transcript 
+                                are actually generated by the addresses 
+                                listed.
+  -p, --port arg                Port to run the authentication server on. 
+                                If not provided, a random port will be 
+                                chosen.
+  -h, --help                    Print usage
 ```
 
+## Dual computer setup
+
+Even when all precautions have been taken to not leak the secrets, a machine connected to the internet will always be somewhat vulnerable to attacks. To be 100% sure that your secrets will not be leaked, you can follow the dual computer setup:
+
+1. On a computer connected to the internet, run the following command:
+
+    `./cpp-kzg-ceremony-client --mode=internet --contribution-file-path=path/to/contribution.json`
+
+2. When the program tells you to `move this file over to an airgapped machine`, copy the file to an USB drive.
+
+3. Connect the USB drive to an airgapped machine and run the following command:
+
+    `./cpp-kzg-ceremony-client --mode=airgapped --contribution-file-path=path/to/contribution.json`
+
+4. When instructed, enter your entropy and, if using the Ethereum authentication, sign your contribution.
+
+5. Finally, copy the file back to the internet-connected computer **at the same location that it was initially written to** and press `enter`. The program will now submit your contribution and your internet-connected computer will have no way to know what your secrets are!
+
+Note that the same authentication provider has to be used on both the internet-connected machine and the airgapped machine.
+
 ## Latest Releases
 
 | Platform          | Link                                                                                                                                                      |
 | ----------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------- |
-| Windows           | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.0/cpp-kzg-ceremony-client-v1.3.0-windows-amd64.zip)           |
-| MacOS             | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.0/cpp-kzg-ceremony-client-v1.3.0-darwin-amd64.tar.gz)         |
-| Ubuntu 23.04      | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.0/cpp-kzg-ceremony-client-v1.3.0-ubuntu-23.04-amd64.tar.gz)   |
-| Ubuntu 22.10      | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.0/cpp-kzg-ceremony-client-v1.3.0-ubuntu-22.10-amd64.tar.gz)   |
-| Ubuntu 22.04      | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.0/cpp-kzg-ceremony-client-v1.3.0-ubuntu-22.04-amd64.tar.gz)   |
-| Ubuntu 20.04      | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.0/cpp-kzg-ceremony-client-v1.3.0-ubuntu-20.04-amd64.tar.gz)   |
-| Ubuntu 18.04      | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.0/cpp-kzg-ceremony-client-v1.3.0-ubuntu-18.04-amd64.tar.gz)   |
-| Debian 11.6       | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.0/cpp-kzg-ceremony-client-v1.3.0-debian-11.6-amd64.tar.gz)    |
-| Debian 10.13      | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.0/cpp-kzg-ceremony-client-v1.3.0-debian-10.13-amd64.tar.gz)   |
-| Alpine Linux 3.17 | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.0/cpp-kzg-ceremony-client-v1.3.0-alpine-3.17.1-amd64.tar.gz)  |
-| Alpine Linux 3.16 | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.0/cpp-kzg-ceremony-client-v1.3.0-alpine-3.16.3-amd64.tar.gz)  |
-| Alpine Linux 3.15 | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.0/cpp-kzg-ceremony-client-v1.3.0-alpine-3.15.6-amd64.tar.gz)  |
-| Alpine Linux 3.14 | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.0/cpp-kzg-ceremony-client-v1.3.0-alpine-3.14.8-amd64.tar.gz)  |
-| Alpine Linux 3.13 | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.0/cpp-kzg-ceremony-client-v1.3.0-alpine-3.13.12-amd64.tar.gz) |
-| Alpine Linux 3.12 | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.0/cpp-kzg-ceremony-client-v1.3.0-alpine-3.12.10-amd64.tar.gz) |
-| Alpine Linux 3.11 | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.0/cpp-kzg-ceremony-client-v1.3.0-alpine-3.11.13-amd64.tar.gz) |
-| Alpine Linux 3.10 | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.0/cpp-kzg-ceremony-client-v1.3.0-alpine-3.10.9-amd64.tar.gz)  |
-| Alpine Linux 3.9  | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.0/cpp-kzg-ceremony-client-v1.3.0-alpine-3.9.6-amd64.tar.gz)   |
+| Windows           | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.1/cpp-kzg-ceremony-client-v1.3.1-windows-amd64.zip)           |
+| MacOS             | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.1/cpp-kzg-ceremony-client-v1.3.1-darwin-amd64.tar.gz)         |
+| Ubuntu 23.04      | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.1/cpp-kzg-ceremony-client-v1.3.1-ubuntu-23.04-amd64.tar.gz)   |
+| Ubuntu 22.10      | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.1/cpp-kzg-ceremony-client-v1.3.1-ubuntu-22.10-amd64.tar.gz)   |
+| Ubuntu 22.04      | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.1/cpp-kzg-ceremony-client-v1.3.1-ubuntu-22.04-amd64.tar.gz)   |
+| Ubuntu 20.04      | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.1/cpp-kzg-ceremony-client-v1.3.1-ubuntu-20.04-amd64.tar.gz)   |
+| Ubuntu 18.04      | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.1/cpp-kzg-ceremony-client-v1.3.1-ubuntu-18.04-amd64.tar.gz)   |
+| Debian 11.6       | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.1/cpp-kzg-ceremony-client-v1.3.1-debian-11.6-amd64.tar.gz)    |
+| Debian 10.13      | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.1/cpp-kzg-ceremony-client-v1.3.1-debian-10.13-amd64.tar.gz)   |
+| Alpine Linux 3.17 | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.1/cpp-kzg-ceremony-client-v1.3.1-alpine-3.17.1-amd64.tar.gz)  |
+| Alpine Linux 3.16 | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.1/cpp-kzg-ceremony-client-v1.3.1-alpine-3.16.3-amd64.tar.gz)  |
+| Alpine Linux 3.15 | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.1/cpp-kzg-ceremony-client-v1.3.1-alpine-3.15.6-amd64.tar.gz)  |
+| Alpine Linux 3.14 | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.1/cpp-kzg-ceremony-client-v1.3.1-alpine-3.14.8-amd64.tar.gz)  |
+| Alpine Linux 3.13 | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.1/cpp-kzg-ceremony-client-v1.3.1-alpine-3.13.12-amd64.tar.gz) |
+| Alpine Linux 3.12 | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.1/cpp-kzg-ceremony-client-v1.3.1-alpine-3.12.10-amd64.tar.gz) |
+| Alpine Linux 3.11 | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.1/cpp-kzg-ceremony-client-v1.3.1-alpine-3.11.13-amd64.tar.gz) |
+| Alpine Linux 3.10 | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.1/cpp-kzg-ceremony-client-v1.3.1-alpine-3.10.9-amd64.tar.gz)  |
+| Alpine Linux 3.9  | [Download](https://github.com/PatriceVignola/cpp-kzg-ceremony-client/releases/download/v1.3.1/cpp-kzg-ceremony-client-v1.3.1-alpine-3.9.6-amd64.tar.gz)   |
 
 ## Dependencies
 
@@ -124,3 +166,4 @@ apk --update add libstdc++
 - [tristanpenman/valijson](https://github.com/tristanpenman/valijson) for JSON schema validation
 - [supranational/blst](https://github.com/supranational/blst) for BLS signing and powers of tau functionality
 - [Duthomhas/CSPRNG](https://github.com/Duthomhas/CSPRNG) for easy cross-platform CSPRNG
+- [abseil/abseil-cpp](https://github.com/abseil/abseil-cpp) for helpers that allow C++14 programs to use modern C++ semantics and follow good practices
diff --git a/include/airgapped_flow.hpp b/include/airgapped_flow.hpp
@@ -0,0 +1,10 @@
+#ifndef AIRGAPPED_FLOW_HPP
+#define AIRGAPPED_FLOW_HPP
+
+class ArgParser;
+
+namespace airgapped_flow {
+void launch(const ArgParser& arg_parser);
+} // namespace airgapped_flow
+
+#endif // AIRGAPPED_FLOW_HPP
diff --git a/include/arg_parser.hpp b/include/arg_parser.hpp
@@ -17,6 +17,12 @@ enum class EntropyType {
   Https,
 };
 
+enum class ClientMode {
+  Complete,
+  Airgapped,
+  Internet,
+};
+
 class ArgParser {
 public:
   ArgParser(int argc, const char* const* argv);
@@ -27,15 +33,22 @@ class ArgParser {
   bool signing_disabled() const { return signing_disabled_; }
   std::vector<uint8_t> get_entropy() const;
   const absl::optional<uint16_t>& get_port() const { return port_; }
+  ClientMode get_client_mode() const { return client_mode_; }
+
+  const std::string& get_contribution_file_path() const {
+    return contribution_file_path_;
+  }
 
 private:
   AuthProvider auth_provider_;
   std::string sequencer_url_;
   std::string help_message_;
+  std::string contribution_file_path_;
   bool signing_disabled_;
   bool help_wanted_;
   EntropyType entropy_type_;
   absl::optional<uint16_t> port_;
+  ClientMode client_mode_;
 };
 
 #endif // ARG_PARSER_HPP
diff --git a/include/complete_flow.hpp b/include/complete_flow.hpp
@@ -0,0 +1,10 @@
+#ifndef COMPLETE_FLOW_HPP
+#define COMPLETE_FLOW_HPP
+
+class ArgParser;
+
+namespace complete_flow {
+void launch(const ArgParser& arg_parser);
+} // namespace complete_flow
+
+#endif // COMPLETE_FLOW_HPP
diff --git a/include/internet_flow.hpp b/include/internet_flow.hpp
@@ -0,0 +1,10 @@
+#ifndef INTERNET_FLOW_HPP
+#define INTERNET_FLOW_HPP
+
+class ArgParser;
+
+namespace internet_flow {
+void launch(const ArgParser& arg_parser);
+} // namespace internet_flow
+
+#endif // INTERNET_FLOW_HPP
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
@@ -1,19 +1,22 @@
 # Product static lib
 add_library(
   product_static STATIC
+  airgapped_flow.cpp
   arg_parser.cpp
   auth_browser.cpp
   auth_request_link.cpp
   batch_contribution.cpp
   batch_transcript.cpp
   bls_signature.cpp
   bls_signer.cpp
+  complete_flow.cpp
   contribution.cpp
   contribution_error.cpp
   contribution_receipt.cpp
   github_user.cpp
   hex_util.cpp
   identity_fetcher.cpp
+  internet_flow.cpp
   port_picker.cpp
   pot_pubkey_message.cpp
   power.cpp