How to use toxic waste to generate “toxic waste.”
On January 20, Ryan Pierce and Andrew Miller—a self-described “technology architect” and assistant professor of computer engineering at the University of Illinois, respectively—climbed into Pierce’s prop plane with a Geiger counter, some radioactive material from Chernobyl, and an air gapped laptop.
Before taking off, they made sure their phones were unable to record or transmit any information from inside the cockpit to ensure nobody could snoop on what they were about to do. The duo flew to 3,000 feet and used the Geiger counter to measure radioactive decay from the Chernobyl material—a piece of graphite moderator that was ejected from the core of the Chernobyl nuclear reactor during the 1986 meltdown—as the plane circled above southern Wisconsin. The pair then landed and used these measurements to help secure Zcash, a privacy-oriented cryptocurrency.
Pierce and Miller were participating in the Powers of Tau, an ongoing cryptographic “ceremony” wherein each participant samples some source of randomness and uses the resulting numbers to generate part of a cryptographic key that can be used by anyone on the Zcash network to keep their transaction private.
For this scheme to work, though, generating the key parts has to be done as securely as possible. Hence the plane.
“A plane isn’t a Faraday cage, but it doesn’t need to be,” Pierce told me an email. “By doing the computation in a small airplane, we could be entirely certain that nobody other than the two of us was on board, and it would be extremely difficult for an attacker to get near us in the air without us noticing.”
Going up in a plane may seem extreme, but it has been shown that dedicated attackers are able to steal data from an air gapped computer inside a Faraday cage (which is designed to block electromagnetic transmissions), so Pierce and Miller’s paranoia is understandable.
Zcash was launched as an experimental Bitcoin alternative in 2016, and it marked a radical departure from every other cryptocurrency that had come before it. Unlike Bitcoin, Ethereum, or other blockchain-based currencies, Zcash was designed to be more anonymous using new and experimental cryptography.
Most cryptocurrencies validate transactions on a public blockchain, which includes the wallet address of the sender and the recipient, as well as the amount sent. Zcash uses a blockchain too, but it’s also able to validate transactions while hiding potentially identifying information thanks to something called zero-knowledge proofs—or zk-SNARKs.
For zk-SNARKs to work, shared mathematical parameters for everyone on the network need to be set by generating random numbers. These random numbers are known as “toxic waste” since they must be disposed of after being used to generate the public parameters for security reasons. If the random numbers used to create the zk-SNARK parameters are ever discovered, they could be used to essentially reverse engineer the math that created the public parameters.
“In other words, that person could create Zcash out of thin air,” Pierce said.
To address these security issues, Zcash developers launched a “communal ceremony” last year called the Powers of Tau, a global event wherein each participant securely generates random numbers that constitute part of a Zcash parameter. Splitting up the ceremony up between dozens of people around the globe makes it drastically harder for an attacker to compromise Zcash’s security since they’d have to recover “toxic waste” from every participant.
Each Powers of Tau participant starts with a file that contains the partial parameters generated by previous participants. After sampling a source of randomness and applying it to the input file, a new, larger output file that represents the public parameters generated up to that point is created. That file is then compressed and passed on to the next participant in the ceremony. When the ceremony concludes, the resulting file is the public parameters that will secure the next version of the Zcash network, called Sapling, which is expected to be released sometime this year.
Enter Pierce and Miller, who took the “toxic waste” aspect of parameter generation literally. As the 41st participants in the current Powers of Tau ceremony, the pair sampled a graphite moderator that was ejected from the core of the Chernobyl nuclear reactor during the 1986 meltdown as their source of randomness.
“I used a radioactive source from Chernobyl because I believe in drawing attention to the catastrophe that occurred there,” Pierce, who declined to go on record about how he came into possession of this material, told me. “It is the world's worst industrial environmental disaster, but it has become a place of wildness and beauty. It is a reminder that we need to find a solution for disposal of actual radioactive toxic waste.”
Despite coming from one of the most radioactive sites in the world, Pierce and Miller’s sample contained radiation levels only slightly stronger than background levels. According to Pierce, it’s only about a quarter as radioactive as a typical household smoke detector.
The radioactive activity in the Chernobyl material used by Pierce and Miller is a result of the decay of Caesium-137 and Strontium-90, which results in the release of ionizing radiation in the form of beta particles (high energy electrons) and gamma rays. A Geiger counter measures ionizing radiation, which registers on the Geiger counter as a pulse of electricity and is used to measure radiation from a source.
Since the electrons in the gas are randomly “knocked loose” by the radiation, Pierce and Miller were able to use the time differences between consecutive electrical pulses registered by the Geiger counter as the random source for generating their partial parameter. Their setup was relatively simple and consisted of a $100 Geiger counter kit modified to act as a random number generator.
So if you ever use zk-SNARKs on the next ZCash release, rest easy knowing that at least part of the network’s security was generated on an airborne, air gapped computer and derived its entropy from the quantum mechanics of radioactive decay. Good luck hacking that.
Disclosure: The author of this article owns a small amount of Zcash.