Details of the Zerocoin Vulnerability discovered by Zcoin
By Jofor a.k.a. Cyberczar - 2019-04-28
A recent blog post
by the Zcoin team gave details of the bug discovered in Zerocoin protocol. According to the team an irregular pattern was observed on the spend pattern of the 100 XZC denomination.
This prompted the team to contact mining pools and exchanges advising that zerocoin spend be disabled pending the discovery of the source of the bug. They did the same with platforms that use XZC such as PIVX, Veil and Gravity coin.
On April 16, exactly one week after the irregularity was discovered, the team announced that
Zerocoin had been disabled. Navcoin which was developing a variant of the XZC called ZeroCT was contacted on April 17. A work group was set up on Slack comprising developers from Veil, PIVX, Navcoin and NIX with a mandate to finding the source of the bug.
This source of irregularity was discovered on April 19 by the Zcoin core developer Peter Shugalev who explained how the bug affected the Zerocoin protocol and how the forgery worked on a high level affecting all Zerocoin implementations.
On April 24, the team released an update that made sure that all the attack vectors were neutralized. The remedial process was thorough by elaborating on how the attacks were carried out, how potential recurrence could be stalled which was agreed on by the Slack work group before implementation.
Some of what the teams know about the attacks was that forged coins did not exceed 1% of the circulating supply. The platform would release the exact number of coins in due course according to the update.
The fault was not a coding error but a cryptographic found in one of the proofs in the Zerocoin protocol which has been in use since the onset. Interestingly although the team believes that this could be fixed given sufficient time, there are no plans to continue working on it since the roadmap is to transition to Sigma which has a simpler construction and higher performance benefit.
The team would in subsequent update show users how to recover pending Zerocoin mints that were unspent and describe the full cryptographic flaw responsible.
The team believes that with the work done on Sigma since 2018, the testnet could be launched in a couple of months enabling full transition from Zerocoin.