Zerocoin Vulnerabilities Disclosed: “Forged Coins Created, but Not Exceeding 1% of Circulating Supply”

On Tuesday, April 9th, 2019, the Zcoin team supposedly discovered irregularities in relation to the number of Zerocoin spends.

To ensure further problems do not arise, the team decided it would be best to reach out to pools to inactivate Zerocoin spends – leading to a vigorous investigation. Said inactivation simply implies that created coins cannot be spent until notified.

Zcoin Team’s efforts did not simply stop on April 9, as they continued to dig into the matters to see what might have gone wrong. A group including, Veil, PIVX, Navcoin and NIX, was created in an attempt to find the root of the cause.

It was not until Friday, April 19th, 2019, that evidence of the cause was found. In particular, it was shared that:

“Core Developer, Peter Shugalev found the root cause […] and confirmed it was a failure in the Cryptography of the Zerocoin protocol and that it affected all Zerocoin implementations. We have disclosed the part of the Zerocoin proof that was flawed in to above-mentioned teams and how the forgery worked on a high level.”

The most recent update comes in, just days ago (April 24), and the team released an “emergency update 13.7.9,” which is deemed a mandatory security update. This will disable Zerocoin until Sigma has been implemented.

Given this current issue, the team has also shared some of the vulnerabilities with the community. Here’s what the list includes.

  • Creation of forged coins, equivalent to less than 1% of circulating supply
  • Main issue: cryptographic flaw in Zerocoin’s protocol proof
  • While issue can be resolved, team believes it best to move away from Zerocoin and focus on Sigma – which was part of their roadmap

Overview of Sigma

The team involved is introducing Sigma, which will be replacing Zerocoin, in an attempt to better three areas of the latter. In particular, said areas include the removal of trusted set up, reducing proof size from 25kB to 1.5kB and enhancing security.

Problem #1: Trusted Setup

As explained by the Zcoin team:

“In a trusted setup, some secret (public) parameters are generated based on a ‘master private key.’ These network parameters are needed to create the so called, ‘zero-knowledge proofs”, which is the anonymizing technology that we use. The ‘master private key’ […] needs to be destroyed. If this is not destroyed, someone who has access to this key is able to generate infinite amounts of anonymous coins.”

Sigma, which was derived from an academic paper dubbed, “One-Out-of-Many Proofs: Or How to Leak a Secret and Spend a Coin,” by Jens Groth and Markulf Kohlweiss, supposedly entails the use of Pedersen commitments and others that carry a cryptographic construction without a trusted setup.

Problem #2: Too large of a Proof Size

The team reasoned that reducing proof size will allow for an inexpensive mean to store data on blockchain, while being able to house more private send transactions in a block.

As for how this will be implemented in Sigma, the team retorted to another paper, “Short Accountable Ring Signatures Based on DDH,” which they claim has since been effective in helping to reduce proof size.

Problem #3: Need for Security

Finally, when it comes to the security aspects, Sigma will be using 256-bit ECC curves, which is said to be equivalent to roughly 3072-bit RSA. This, again, is an improvement from Zerocoin’s current security level of 2048-bit RSA.

Get Free Email Updates!

*Action Required* Enter Your Email for Trending Crypto News & Market Updates

I will never give away, trade or sell your email address. You can unsubscribe at any time.

[Author Alert] The author’s opinions above are solely based on their own self-conducted research. Assume any and all authors are using, holding, trading and/or buying cryptoassets mentioned as a portion of his or her financial portfolio. Use information at your own risk, do you own research, never invest more than you are willing to lose.

[Domain Disclosure] The crypto-community content sourced, created and published on BitcoinExchangeGuide should never be used or taken as financial investment advice. Under no circumstances does any article represent our recommendation or reflect our direct outlook. We b-e-g of you to do more independent due diligence, take full responsibility for your own decisions and understand trading cryptocurrencies is a very high-risk activity with extremely volatile market changes which can result in significant losses. Editorial Policy \\ Investment Disclaimer

Coin Market Cap Price Change 24 Hour Volume
BTC $202.35B $11,380.9323 3.39% $9.01B
ETH $33.23B $311.5779 0.42% $2.99B
XRP $19.74B $0.4638 -0.25% $623.69M
BCH $8.47B $474.1997 0.36% $414.61M
LTC $8.3B $133.0295 -2.02% $1.12B
EOS $6.5B $7.0634 -1.91% $988.37M
BNB $5.11B $36.2282 -3.75% $200.6M
BSV $4.22B $236.4574 0.89% $168.25M
USDT $3.52B $0.9953 -0.44% $7.63B
TRX $2.56B $0.0383 -1.68% $334.81M

Get 3 Free Bitcoin eBooks for Limited Time Only

Receive three exclusive user guides detailing a) What is Bitcoin b) How Cryptocurrency Works and c) Top Crypto Exchanges today plus a bonus report on Blockchain distributed ledger technology plus top news insights.


Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.