Pierluigi Paganini February 06, 2019

A critical counterfeiting vulnerability in Zcash cryptocurrency could have allowed coining an infinite number of Zcash (ZEC) cryptocurrency.

Reading some news, investors could believe that cryptocurrencies are not a good investment. A few days ago, QuadrigaCX Bitcoin exchange announced to have lost USD 145 million worth of cryptocurrency because the only person with access to its cold storage has died.

News of the day is that a critical vulnerability in Zcash cryptocurrency could have allowed coining an infinite number of Zcash (ZEC) cryptocurrency.

The Zcash development team have discovered and addressed the shocking critical flaw.

The Zcash cryptocurrency was presented i October 2016 and compared with the popular Bitcoin it ensures total anonymity because each participant in a transaction remains hidden.

With this premise, the Zcash has immediately attracted great interest from investors, miners and of course cybercriminals.

The Zerocoin Electric Coin Company who developed Zcash disclosed the
counterfeiting flaw that was discovered by its cryptographer Ariel Gabizon.
Gabizon discovered the flaw in its Zcash code on 1st March 2018 just before a talk at the Financial Cryptography conference.

Gabizon immediately reported the flaw to Sean Bowe, a Zcash Company’s cryptographer, the development team decided did not disclose the issue avoid abuses.

Zcash revealed that the flaw was known only by four Zcash employees before it addressed the issue with a patch implemented in the Zcash network on 28th October 2018.

“To exploit the counterfeiting vulnerability, an attacker would have needed to possess information found in the large MPC protocol transcript that was made available shortly after the launch of Zcash.” reads the post published by the company.

“This transcript had not been widely downloaded and was removed from public availability immediately upon discovery of the vulnerability to make it more difficult to exploit.”

Experts at ZCash explained that the exploitation of the vulnerability would have required a high level of technical and cryptographic sophistication, and only a few people have it. The company excluded that attackers have already exploited the counterfeiting flaw.

The counterfeiting vulnerability affected a variant of zk-SNARKs, the implementation of zero-knowledge cryptography Zcash used to encrypt and protect the transactions. zk-SNARKs was also implemented in other different projects.

Komodo blockchains and Horizen were affected by the same flaw and reportedly addressed it after being informed of the issue by Zcash experts in mid-November 2018.

The vulnerability was the result of a “parameter setup algorithm” that allowed “a cheating prover to circumvent a consistency check” and thereby transformed “the proof of one statement into a valid-looking proof of a different statement.”

Experts pointed out that an attacker with access to the multi-party computation (MPC) ceremony transcript (used to set up the privacy features for Zcash) would have been able to create false proofs that falsely convince the original Sprout zk-SNARK verifier of the correctness of a transaction.

The Zcash development team confirmed that the flaw had existed in the cryptocurrency scheme for years.

“The vulnerability had existed for years but was undiscovered by numerous expert cryptographers, scientists, third-party auditors, and third-party engineering teams who initiated new projects based upon the Zcash code.” reported the company.

“The Zcash Company has seen no evidence that counterfeiting has occurred as might be discovered by monitoring the the total amount of Zcash held in Sprout addresses (i.e., the Sprout shielded pool). As long as the value in the shielded pools are greater than zero, no counterfeiting has been detected.”

Pierluigi Paganini

(SecurityAffairs – ZCash counterfeiting vulnerability, hacking)

[adrotate banner=”5″] [adrotate banner=”13″]