ETHERLive
ETHERLive delivers real-time price and volume data across 16+ exchanges to users in a clear and easy-to-understand package. Users can get up-to-the-second updates for each exchange/currency pair, as well as aggregated market averages for each exchange, currency, and the market as a whole. It also provides a global converted average of all the currency pairs monitored by ETHNews, converted to USD.

---

24hr ---
--%
Tuesday Feb 19th 2019
RESOURCES

The Basics

Learn the basics of Ethereum and various cryptocurrency technologies

Learn More

What is Ethereum?

Understand the underlying principles of the Ethereum Platform

Learn More

The Blockchain

Discover the revolutionizing technology known as the blockchain

Learn More
SUBMIT

Press Release

Submit a press release for consideration on ETHNews

Submit Press

Story / Dapp

Submit a story or DAPP to be considered for publication on ETHNews.

Submit Story

Explanation

Submit "Ethereum Explainer" content for consideration to be featured on ETHNews

Submit Topic
ETHNews Logo
---
--%
Home
News
Etherlive
Ether Price Analysis
Resources
Contact Us

Infinite Token Printing Bug Fixed By Zcash Team … About 4 Months Ago

By

Nicholas

Ruggieri

WriterETHNews.com

The counterfeiting vulnerability was initially discovered 11 months ago at the 2018 Financial Cryptography Conference.

An official blog post written by Zcash marketing director Josh Swihart, director of product security Benjamin Winston, and engineer Sean Bowe details a counterfeiting vulnerability that would have allowed an attacker to create unlimited fake Zcash tokens without being detected. The vulnerability, however, was snuffed out in October 2018 during the company's network hard fork known as Sapling.

On March 1, 2018, Ariel Gabizon, a cryptographer for Zcash, found the bug in the zk-SNARK proofs' construction used in the original 2016 launch of Zcash. zk-SNARK is the cryptography used by the privacy-heavy coin to shield Zcash transactions that are encrypted on the blockchain while still allowing for verification under the network's consensus rules.

According to the blog post, if the vulnerability had been found by a malicious actor, the attacker could have created "counterfeit shielded value" in any system that was using zk-SNARK parameters. An attacker would have needed information found in Zcash's multi-party computation (MPC) protocol transcript, which was made available after the coin's launch. Zcash removed the transcript from public availability under the cover story that the transcript was missing due to "accidental deletion."

Ultimately, is was decided that the the vulnerability would be taken care of in the October 2018 Sapling network upgrade, which also saw shielded transactions become less computationally heavy, making the currency easier to use. In November 2018, Zcash contacted Horizen and Komodo, which were both using zk-SNARK parameters. While Zcash did not disclose the specifics related to the bug, it recommended the two companies upgrade their systems.

The problem and its solution were not reported by Zcash until yesterday, February 5, in order to "protect against it being exploited prior to its remediation, and to provide information and remediated code to other projects that were also vulnerable." Though the vulnerability had existed for years, Swihart, Winston, and Bowe believe that no counterfeiting occurred because discovering the bug required "a high level of technical and cryptographic sophistication that very few people possess."

While that might sound like Zcash just negged the crypto community by describing why it believes the zk-SNARK bug was never used, let alone found, Zcash's handling of the situation was viewed in a positive light by many. Most notably, NSA whistleblower Edward Snowden took to Twitter to praise the team for finding the bug before any money was lost.


In June 2018, Vitalik Buterin tweeted about a hypothetical instance in which a hack of the zk-SNARK scheme occurred and counterfeit coins were made. Specifically, Buterin wondered in his thread how that sort of catastrophe should be handled. Zcash was able to find the bug before any hack, but now we know how to handle this kind of situation: Just don't say anything until you're really sure you've fixed it.

Nicholas Ruggieri

Nicholas Ruggieri studied English with an emphasis in creative writing at the University of Nevada, Reno. When he’s not quoting Vines at anyone who’s willing to listen, you’ll find him listening to too many podcasts, reading too many books, and crocheting too many sweaters for his dogs, RT and Peterman.

ETHNews is committed to its Editorial Policy

Like what you read? Follow us on Twitter @ETHNews_ to receive the latest Zcash, Ariel Gabizon or other Ethereum cryptocurrencies and tokens news.