Zerocoin Protocol Flaws - Reading Assignment

Privacy Coins - Ultimate Course
#82
  1. What are the stated advantages and disadvantages of Zerocash with respect to Zerocoin?

The lack of auditability of its total supply

Less testing in its underlying cryptography

The time to generate a private transaction

  1. In 2019, four of the eight major Zerocoin implementations switched from Zerocoin protocol to what?

Sigma

  1. What was the technical cause behind the 2017 “fake spend” incident?

A typo in its source-code

  1. Explain the different responses by Zcoin, PIVX and Veil to the 2019 attack on the Zerocoin core protocol.

Zcoin officially removed the Zerocoin protocol and replaced it by Sigma.

Introduced a feature to “ remint " zerocoins, i.e., transfer zerocoins to Sigma mints.

PIVX team had deactivated the privacy features from Zerocoin, through a spork. Since then, zerocoins have been used in a public mode i.e., in a similar fashion as normal UTXO transactions .

Specifically, zerocoin minting has been disabled while zerocoin spending remains enabled (with full links to the original basecoin). Furthermore, the team relies on Schnorr Signatures to ensure that zerocoins could be spent back to basecoins, without any exposure to the pre-existing vulnerability.

On January 5th 2020, PoS Time Protocol v2 was introduced with the 4.0 release

Veil team decided to deactivate the anonymizing feature from the Zerocoin protocol.

The zero-knowledge proof required to prevent a double spend was replaced by a single signature , leading to the removal of the anonymity feature but solved the exploit nonetheless.

Unfortunately, the attack “evolved", and the initial fix did not protect attackers from stealing funds from the accumulator. As an urgent solution, Veil’s team decided to:

Work with exchanges: withdrawals & deposits were suspended to prevent any transaction on the network, which could lead to substantial loss of funds.

Return to a “true” state by adding back stolen balances to the zerocoin pools and ban the remaining zerocoins that had not been shuffled with RingCT.

Furthermore, the team disabled zero-knowledge proof making zerocoins behaving in a similar fashion to other (normal) UTXO transactions. However, unlike PIVX, minting and issuing zerocoins were not disabled (as staking was only possible in zerocoin), but privacy features have been non-existent since then.

1 Like
#83

  1. Zerocash was intended to enhance privacy by creating smaller proof sizes and faster verification. Along with encrypting TX amounts and sender/receiver addresses
    The disadvantage was lack of auditing the total supply.

  2. To the Sigma protocol.

  3. Apparently due to a “typo” in the protocol

  4. They disable zerocoin mints and prevent any zerocoin spend to be conducted. They effectively froze the funds in the accumulator until the release of Sigma.
    Blacklisted minted coins during that time AND officially removed the Zerocoin protocol till the implementation of Sigma

1 Like
#84

1. What are the stated advantages and disadvantages of Zerocash with respect to Zerocoin?

Zerocash introduced efficiency improvements (i.e., smaller proof size and faster verification) and enhanced privacy (with added encryption of the amount and both sender & receiver addresses).

However, the disadvantages of Zerocash are:

  • Lack of auditability of its total supply

  • Less testing in its underlying cryptography

  • The time to generate a private transaction is locally high due to computationally intensive process

2. In 2019, four of the eight major Zerocoin implementations switched from Zerocoin protocol to what?

The protocol was deactivated and replaced by Sigma.

3. What was the technical cause behind the 2017 “fake spend” incident?

A typo in the ZCoin source code led to minting of 370,000 more ZCoins.

4. Explain the different responses by Zcoin, PIVX and Veil to the 2019 attack on the Zerocoin core protocol.

Zcoin - disabled zerocoin mints and prevented people from spending zerocoins. They froze funds in the accumulator until Sigma’s release. The team also officially removed the Zerocoin protocol and replaced it with Sigma.

PIVX - deactivated the privacy features from Zerocoin and disabled minting of tokens while spending is enabled. Additionally the team relies on Schnorr Signatures to ensure zerocoins can be spent back to basecoins without the pre-existing vulnerability.

Viel - deactivated the anonymizing feature from Zerocoin protocol. Zk-proof required to prevent a double spend had been replaced by a single signature which removed anonymity feature and solved the exploit regardless.

However, since the attack “evolved”, the initial fix did not prevent attackers from stealing funds from the accumulator. Therefore, the team decided to work with exchanges in order to get them to suspend withdrawals and deposits and return to a “true” state by added back stolen balances to the zerocoin pools. Also, ban the remaining zerocoins that had not been shuffled with RingCT.

1 Like
#85
  1. provided efficiency improvementes and enhanced privacy. Lack of auditability of its total supply, less testing in its underlying cryptography and more time for generating a gransaction.
  2. Sigma
  3. A typo in the source-code. mint 370,000 additional zcoins
  4. Zcoin: funds were frozen until sigma release was available
    PIVx: Minting was disabled
    Veil: Zcoin’s anonymising feature was disabled
1 Like
#86

1.Advantages of Zerocash are that it does not require fixed denominations, it hides the transfer amount, it hides a payment origin and destination.

  1. To Sigma

  2. A typo in the source code.

  3. Zcoin: Removed zerocoin protocol and moved to sigma.
    PIVX: Deactivated the privacy features from Zerocoin through spork.
    Veil: Diable anonymizing feature from Zercoin protocol.

1 Like
#87

Advantages are smaller proof size faster verification and enhanced privacy, but they do require denominations. Up till now I think they still require denominations :slight_smile:

#88

Thank you very much!

#89
  1. What are the stated advantages and disadvantages of Zerocash with respect to Zerocoin?

Advantages:

  • Zerocash introduced efficiency improvements (i.e., smaller proof size and faster verification) and enhanced privacy (with added encryption of the amount and both sender & receiver addresses).

Disadvantages:

  • The lack of auditability of its total supply: balances are hidden with the Zerocash protocol. On the other hand, the Zerocoin protocol does not hide them. However, as discussed in the next section, some attackers managed to create false proofs from the RSA accumulator without detection, i.e., spending other people’s coins.
  • Less testing in its underlying cryptography (the main implementation of zkSNARKs is ZCash) and the general complexity of the cryptographic underlying the protocol, making it complex to audit the system.
  • The time to generate a private transaction locally is high owing to its computationally intensive process.
  1. In 2019, four of the eight major Zerocoin implementations switched from Zerocoin protocol to what?

ZCoin, Noir, Gravity Coin and NIX removed the Zerocoin protocol and adopted Sigma in 2019.

  1. What was the technical cause behind the 2017 “fake spend” incident?

Exploitation of typo in zCoin’s source-code

  1. Explain the different responses by Zcoin, PIVX and Veil to the 2019 attack on the Zerocoin core protocol.

ZCoin moved away from the protocol and has successfully activated Sigma since August 2019.

PIVX deactivated privacy features from the Zerocoin protocol.

Veil managed to save the project through cooperation with trading venues and giving up a significant part of the founders’ allocation and its team decided that the Zerocoin protocol shall be fully replaced moving forward.

1 Like
#90
  1. What are the stated advantages and disadvantages of ZeroCash with respect to Zerocoin?

Zerocoin protocol extended the upgrade called Zerocash’ s and advantages v. Zerocoin

  • balances are hidden with the Zerocash protocol
  • Zerocash efficiency improvements (i.e., smaller proof size and faster verification) and enhanced privacy (with added encryption of the amount and both sender & receiver addresses)

ZeroCash disadvantages v. Zerocoin

  • Zerocoin protocol does not hide them
  • zkSNARKs was a One ‘trick pon’y w/ZCash plus hard to prove/audit
  • proofs took much longer time and
  • they could be hacked! i.e., spending other people’s coins
  1. In 2019, four of the eight major Zerocoin implementations switched from Zerocoin protocol to what?

Sigma

  1. What was the technical cause behind the 2017 “fake spend” incident?

a typo in its source-code

  1. Explain the different responses by Zcoin, PIVX and Veil to the 2019 attack on the Zerocoin core protocol.

ZCoin hardfork; PIVX shutdown and deactivated ZeroCoin protocol ; Veil looking to RingCT

1 Like
#91
  1. What are the stated advantages and disadvantages of Zerocash with respect to Zerocoin?
  • The lack of auditability of its total supply: balances are hidden with the Zerocash protocol. On the other hand, the Zerocoin protocol does not hide them. However, some attackers managed to create false proofs from the RSA accumulator without detection, i.e., spending other people’s coins.
  • Less testing in its underlying cryptography (the main implementation of zkSNARKs is ZCash) and the general complexity of the cryptographic underlying the protocol, making it complex to audit the system.
  • The time to generate a private transaction locally is high owing to its computationally intensive process.

  1. In 2019, four of the eight major Zerocoin implementations switched from Zerocoin protocol to what?
    switched from Zerocoin to Sigma.

  2. What was the technical cause behind the 2017 “fake spend” incident?
    a typo in its source code

  3. Explain the different responses by Zcoin, PIVX and Veil to the 2019 attack on the Zerocoin core protocol.

  4. a) Zcoin: As an urgent fix, the team decided to disable zerocoin mints and prevent any zerocoin spend to be conducted. Hence, they effectively froze the funds in the accumulator until the release of Sigma.

b) PIVX: As a response to the incident described in subsection 2.1.3, the PIVX team had deactivated the privacy features from Zerocoin, through a spork. Since then, zerocoins have been used in a public mode i.e., in a similar fashion as normal UTXO transactions.

c) Veil: Following the flaw discovery by ZCoin on April 17th 2019, the Veil team decided to deactivate the anonymizing feature from the Zerocoin protocol. It initially prevented the attack from being conducted on the Veil chain.

1 Like
#92

Zerocoin Protocol Flaws - Reading.

  1. The stated advantages and disadvantages of Zerocash with respect to Zerocoin are as follows:

Advantages:

  • efficiency improvement
  • enhanced privacy supply

Disadvantages:

  • lack of auditability of its total supply
  • less testing on its underlying cryptography
  • the time to generate a private transaction locally is very high

  1. In 2019, four of the eight major Zerocoin implementation switched from Zerocoin to RingCT - the use of stealth addresses, Super Sonic, and Sigma.

  2. The technical cause behind the 2017 “fake spend” incident is a typo in its Source Code - which allow someone to be capable of generating fake spend, hence inflating the supply of Zcoin.

  3. Different responses by Zcoin, PIVX and Veil to the 2019 attack are as follows:

Zcoin

  • disabled Zerocoin mint and prevent any zerocoin spend to be conducted
  • blacklist some mints - preventing attackers from converting to Sigma mints
  • removal of the Zerocoin protocol and replaced it by Sigma, also bypassing the needs for “trusted setup”

PIVX:

  • deactivate privacy feature to public mode - in a similar fashion as normal UTXO transactions
  • disabled Zerocoin minting
  • Schnorr Signature
  • Pos Time Protocol v2 introduced with 4.0 release.

Veil

  • deactivated the anonymizing feature from Zerocoin Protocol
  • staking reward can only be paid in Zerocoin (not in bascoin)
  • replaced the “zero knowledge proofs” required to a Single-signature
  • work with exchanges - withdrawals and deposits were suspended to prevent transaction on the network.
  • return to a “true” state by adding back stolen balances to the Zerocoin pools and ban remaining Zerocoin that had not been shuffled with RingCT.
1 Like
#93
  1. What are the stated advantages and disadvantages of Zerocash with respect to Zerocoin?
    -It introduced efficiency improvements and enhanced privacy.
  • Lack of auditability of its total supply. Less testing in its underlying cryptography. The time to generate a private transaction locally is high.
  1. In 2019, four of the eight major Zerocoin implementations switched from Zerocoin protocol to what?
    RingCT, the use of stealth addresses, Super Sonic, and Sigma
  2. What was the technical cause behind the 2017 “fake spend” incident?
    A typo :open_mouth:
  3. Explain the different responses by Zcoin, PIVX and Veil to the 2019 attack on the Zerocoin core protocol.
    Zcoin did a hardfork, Pivx deactivated ZeroCoin and Veil RingCT
1 Like
#94

  1. The advantages are smaller proof size and faster verification.
    Disadvantages are lack of audibility. It takes a long time to do a private transaction witch is also computationally intensive

  2. four of the eight major implementations of Zerocoin switch to sigma.

  3. A typo in the source code led to a exploit. This led to creating fake coins and fake spends.

  4. Zcoin disabled Zerocoin mints and Zerocoin spends. Freezing funds until moved over to sigma. Pivx disabled all privacy features. Viel deactivated the anonymity.

1 Like
#95
  1. Zerocash provided efficiency through smaller proofs and faster validation along with enhance privacy. The drawback however came from the chain not being able to track number of coins, slow local transactions and less battle testing of its cryptography.
  2. Sigma protocol which is also a zero knowledge proof.
    3.A typo was the cause which allowed a hacker to create fake spends.
  3. Zcoin was already working on replacing Zerocoin and has done so. PIVX has not yet replaced Zerocoin but has just removed its use so all UTXOs are public. Veil was able to initially thwart hack but was later successfully hacked, since they have removed Zerocoin and are working on a RingCT option.
1 Like
#96
  1. The advantages of zero cash is efficiency improvements such as smaller proof size and faster verification as well as enhanced privacy with added encryption for amount and addresses. The disadvantages are lack of auditability of its total supply, less testing of its underlying cryptography,and the tome to generate a private transaction is high.
  2. They switched to Sigma to remove trusted set up.
  3. A typo in the code allowed exploit to mint new coins.
  4. Z coin froze funds, PIVX disabled minting, Veil deactivated anonymity.
1 Like
#97
  1. What are the stated advantages and disadvantages of Zerocash with respect to Zerocoin?

Advantages:

Improved efficiency by utilising smaller proof sizes and quicker verification.

Disadvantages:
It is auditable because the supply is hidden
This type of cryptography has not been around long enough so its not tried and tested.
Takes longer to process transactions

  1. In 2019, four of the eight major Zerocoin implementations switched from Zerocoin protocol to what?

Sigma

  1. What was the technical cause behind the 2017 “fake spend” incident?

There was a typo in the code which meant the attacker would burn the the coin ahead of the honest user removing the history of the legit coin. They would essentially block the legitimate spend by intercepting and blocking the broadcast to the nodes allowing them to mint a coin with the same serial number and spent it ahead of the legitimate user.

  1. Explain the different responses by Zcoin, PIVX and Veil to the 2019 attack on the Zerocoin core protocol.

Zcoin: Stopped the minting of Zero Coins and the ability for them to be spent then moved them to Sigma.

Pivx: Stopped the minting of Zero Coins and the ability for them to be spent and now it works the same as any other UTXO based coin with no privacy.

Veil: Removed the anonymising feature and are now looking to implement Supersonic Proofs.

1 Like
#98

  1. Zerocash introduced efficiency improvements, enhanced privacy. But Zerocash still has disadvantages compared to Zerocoin: the lack of auditability of it’s total supply, less testing in it’s underlying protocol, time to generate a private transaction.

  2. Sigma.

  3. It was a typo in the source code.

Zcoin disabled zerocoin mints and prevented any zerocoin spent to be conducted.
PIVX deactivated the privacy features from Zerocoin.
Veli deactivated the anonymizing feature.

1 Like
#99

Zerocash advantages:

  • Smaller proof size & faster verification of transactions
  • Enhanced privacy (additional encryption)

Zerocash disadvantages:

  • Lack of audibility of its total supply: Because balances remain hidden, it is difficult to keep track of invalid amounts.
  • Less testing in its underlying cryptography: The ZCash protocol implements zkSNARKS for its cryptography which is highly complex to audit.
  • The time to generate a private transaction: Requires great computation power to create transactions locally.

  1. All four ZCoin, Noir, Gravity Coin, and NIX adopted the Sigma protocol.

  2. Due to a typo in the source-code of ZCoin, the attacker generated 18,171 coins by creating fake spends.

ZCoin: All funds in the accumulator were frozen until the release of the Sigma protocol. Meaning it disabled the minting and spending of Zerocoins. Additionally, the team blacklisted some zerocoins minted from wrong proofs to prevent attackers from converting zerocoins to Sigma mints.

PIVX: The PVIX team has disabled the privacy features of Zerocoin, allowing transactions to be conducted only in public mode (similar to normal UTXO transactions). The minting of zerocoins was also disabled however, spending remained enabled.

Veil: The anonymizing feature was disabled from the Zerocoin protocol which initially prevented attackers from creating one of the wrong proofs on the Veil blockchain. Later on, as the attack evolved, attackers were able to steal funds from the accumulator. As a result, Veil urgently decided to:

  • Work with exchanges
  • Return to a “true” state by adding back stolen balances to the zerocoin pools and ban the remaining zerocoins that had not been shuffled with RingCT.
1 Like
#100

  1. Advantages are smaller proof size and faster verification, enhanced privacy with added encryption of the amount and both sender & receiver addresses. Disadvantages are lack of auditability of its total supply, more experimental nature of the underlying cryptography, long time to generate a private transactions

  2. Sigma.

  3. The Zerocoin 2017 incident occurred due to a typo error in the Zcoin source code.

  4. The Zcoin team decided to disable Zerocoin mints and prevent any Zerocoin spend to be conducted. The PIVX team deactivated the privacy features from Zerocoin through a spork to become a public mode similar to normal UTXO transaction. The Veil team decided to deactivate the anonymizing feature from the Zerocoin protocol to prevent the attack from being conducted on the Veil chain.

1 Like
#101
  1. Pros of Zerocash over Zerocoin:

  • efficiency improvements (i.e., smaller proof size and faster verification)”

  • enhanced privacy (with added encryption of the amount and both sender & receiver addresses)”


    Cons of Zerocash over Zerocoin:

  • The lack of auditability of its total supply” - this ultimately led to attackers being able to spend other people’s coins

  • Less testing in its underlying cryptography” - this made it complicated to audit

  • " The time to generate a private transaction locally is high"

  1. In 2019, 4 of the 8 major Zerocoin implementations switched from the Zerocoin protocol to Sigma.

  2. In 2017, the “fake spend” incident was caused by a typo :confused:, allowing the attacker to mint additional coins

  3. In 2019 there was an attack on the Zerocoin protocol.

  • Zcoin’s response:

“As an urgent fix, the team decided to disable zerocoin mints and prevent any zerocoin spend to be conducted.”

“the team was also able to blacklist some mints

“In July 2019, the team officially removed the Zerocoin protocol and replaced it by Sigma

  • PIVX’s response:

“the PIVX team had deactivated the privacy features from Zerocoin, through a spork”

zerocoin minting has been disabled

“On January 5th 2020, PoS Time Protocol v2 was introduced with the 4.0 release (along with Cold Staking)”

  • Veil’s response:

“the Veil team decided to deactivate the anonymizing feature from the Zerocoin protocol”

“Unfortunately, the attack “evolved”… As an urgent solution, Veil’s team decided to:

Work with exchanges: withdrawals & deposits were suspended

Return to a “true” state by adding back stolen balances to the zerocoin pools

Adjustment of the emission schedule

Accelerating its departure from the Zerocoin protocol


All 3 responses involved the deprecation of the Zerocoin protocol.

1 Like