The company-developer of ZEC cryptocurrency, Zcash Company, on February 5, announced the elimination of a catastrophic cryptography error that allowed attackers to create an unlimited number of ZEC tokens.
On the evening of February 5, the official Zcash Company blog, developer of the ZEC architecture, published a message about eliminating cryptographic vulnerabilities. According to the report, almost a year ago (March 1, 2018), Ariel Gabizon, who is one of the leading cryptographic engineers at Zcash, discovered a significant error in the proof with the zk-SNARKS zero agreement.
Interesting in the section: Zcash: unique and opportunity
Error Zcash – detection and elimination
zk-SNARKS is a software proof with zero agreement. It is used in cryptography to encrypt the user's wallet balance and at the same time check the actual availability of coins during a transactionTransaction
– is a financial term that means a logically meaningful operation that can only be carried out completely. Details in orderOrder
– automatic application to buy or sell cryptocurrency. Orders are used during trading on the stock exchange to open and close a position. Details to avoid crypto-transfers involving "non-existent coins".
As it became known, an error was detected in the operation of the zk-SNARKS protocol, which Zcash Company implemented in the coin architecture, to encrypt user data and wallet balance.
Interesting in the section: BitPay Wallet for storing Bitcoin
"(...) On March 1, 2018, Ariel Gabizon, a cryptographer who worked at Cash at the time, found a subtle cryptographic flaw in the article [ISEM 14], which describes the zk-SNARK design used in the initial launch of Zcash." – z.cash/blog
The company's engineers did not disclose information about the error found, since, in order to take advantage of the vulnerability of the system, it is necessary to have uncommon knowledge in the field of cryptography. As a result, until the problem was fixed, no one could exploit the vulnerability in zk-SNARKS.
"Although we believe that there were no fakes, we are tracking total amounts and will act in accordance with our published counterfeit protection in order to preserve the money supply." – z.cash/blog
According to the message in "z.cash/blog", the error was discovered as early as March last year. The information was kept secret until the troubleshooting within the framework of the planned update of Sapling Zcash, which took place in October 2018.
"The successful repair of Sprout addresses was presented by Zcash in the Zcash Sapling update, which occurred on October 28, 2018." – z.cash/blog
The zk-SNARKS vulnerability was that because of cryptographic problems, hackers could reproduce non-existent ZEC tokens in unlimited quantities. Zcash Company said it eliminated cryptographic errors. As it became known, the development team also reported problems in the protocol to other companies that use "proof with zero agreement" zk-SNARKS.
Editor: Yulia Krasnaya