Zerocoin Vulnerabilities Disclosed: “Forged Coins Created, but Not Exceeding 1% of Circulating Supply”

On Tuesday, April 9th, 2019, the Zcoin team supposedly discovered irregularities in relation to the number of Zerocoin spends.

To ensure further problems do not arise, the team decided it would be best to reach out to pools to inactivate Zerocoin spends – leading to a vigorous investigation. Said inactivation simply implies that created coins cannot be spent until notified.

Zcoin Team’s efforts did not simply stop on April 9, as they continued to dig into the matters to see what might have gone wrong. A group including, Veil, PIVX, Navcoin and NIX, was created in an attempt to find the root of the cause.

It was not until Friday, April 19th, 2019, that evidence of the cause was found. In particular, it was shared that:

“Core Developer, Peter Shugalev found the root cause […] and confirmed it was a failure in the Cryptography of the Zerocoin protocol and that it affected all Zerocoin implementations. We have disclosed the part of the Zerocoin proof that was flawed in to above-mentioned teams and how the forgery worked on a high level.”

The most recent update comes in, just days ago (April 24), and the team released an “emergency update 13.7.9,” which is deemed a mandatory security update. This will disable Zerocoin until Sigma has been implemented.

Given this current issue, the team has also shared some of the vulnerabilities with the community. Here’s what the list includes.

  • Creation of forged coins, equivalent to less than 1% of circulating supply
  • Main issue: cryptographic flaw in Zerocoin’s protocol proof
  • While issue can be resolved, team believes it best to move away from Zerocoin and focus on Sigma – which was part of their roadmap

Overview of Sigma

The team involved is introducing Sigma, which will be replacing Zerocoin, in an attempt to better three areas of the latter. In particular, said areas include the removal of trusted set up, reducing proof size from 25kB to 1.5kB and enhancing security.

Problem #1: Trusted Setup

As explained by the Zcoin team:

“In a trusted setup, some secret (public) parameters are generated based on a ‘master private key.’ These network parameters are needed to create the so called, ‘zero-knowledge proofs”, which is the anonymizing technology that we use. The ‘master private key’ […] needs to be destroyed. If this is not destroyed, someone who has access to this key is able to generate infinite amounts of anonymous coins.”

Sigma, which was derived from an academic paper dubbed, “One-Out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin,” by Jens Groth and Markulf Kohlweiss, supposedly entails the use of Pedersen commitments and others that carry a cryptographic construction without a trusted setup.

Problem #2: Too large of a Proof Size

The team reasoned that reducing proof size will allow for an inexpensive mean to store data on blockchain, while being able to house more private send transactions in a block.

As for how this will be implemented in Sigma, the team retorted to another paper, “Short Accountable Ring Signatures Based on DDH,” which they claim has since been effective in helping to reduce proof size.

Problem #3: Need for Security

Finally, when it comes to the security aspects, Sigma will be using 256-bit ECC curves, which is said to be equivalent to roughly 3072-bit RSA. This, again, is an improvement from Zerocoin’s current security level of 2048-bit RSA.

Get Free Email Updates!

*Action* Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

I will never give away, trade or sell your email address. You can unsubscribe at any time.

Nirmala Velupillai
Nirmala Velupillai
Nirmala is a blogger who has been fascinated by the world of technology and its contributions to societal development. While a novice, her eager to learn about the crypto world has led her to write a number of pieces on its positive and negative aspects. On her spare time, she indulges in understanding and building statistical models and enhancing her painting skills.

[Alert] Use the author's self-conducted information at your own risk, do you own research, never invest more than you are willing to lose.

[Disclosure] The published news and content on BitcoinExchangeGuide should never be used or taken as financial investment advice. Understand trading cryptocurrencies is a very high-risk activity which can result in significant losses. Editorial Policy \\ Investment Disclaimer


Please enter your comment!
Please enter your name here


Live Bitcoin Price & Latest BTC Charts

Today's Latest Crypto News

DeFi Growth & Stablecoin Surge Most Bullish Crypto Development: DCG State of Crypto 2020 Survey

39% of the respondents that involve 150 portfolio companies see DeFi as the most bullish crypto development of 2020, as per the DCG Founders...

Non-Custodial Bitcoin Exchange, Hodl Hodl, Launches Lending Service Without KYC

Hodl Hodl, a non-custodial Bitcoin exchange, is launching a KYC-free lending product for its customers. The exchange claims that its lending product would be...

Total Value Locked in Harvest Finance Surpasses $1 Billion, Up 366,200% Since September

Decentralized platform Harvest Finance that provides users a way to farm assets for the highest yields now has more than a billion dollars in...

Strong Institutional Demand for Bitcoin, CME Becomes Second Largest BTC Futures Market

Bitcoin's price made a big shift this week as the bulls gained control of the market and pushed it past $13,000. A similar shift has...

PoolTogether's ‘No Loss' Gambling Platform Utilizes Chainlink’s VRF on Ethereum to Select Winners

Chainlink announces its verifiable random function on the Ethereum mainnet, bringing a host of benefits to the decentralized platform. PoolTogether, a gamified savings platform...

BitcoinExchangeGuide is a hyper-active daily crypto news portal with care in cultivating the cryptocurrency culture with community contributors who help rewrite the bold future of blockchain finance. Subscribe on Google News, see the mission, authors, editorial links policy, investment disclaimer, privacy policy. Got News? Contact us, we are human too. Note: nothing here is financial advice, do your own research thoroughly.

Start Using Crypto Today