Share this article

Fundamental flaws with zk-SNARKs, the privacy algorithm used in Zcash (ZEC), may allow malicious agents to strike additional tokens, according to the COO of a rival privacy coin.

Reuben Yap, COO at Zcoin (XZC), says unproven crypto assumptions and possible bugs with zk-SNARK place blockchains using the algorithm – like Zcash – at a security risk. Believe that it is a “A very real threat” hackers may be able to exploit this weakness, allowing them to double spending on the network, Yap argues.

“The main drawback of zk-SNARKs… is the fact that they [sic] are based on relatively new cryptographic security assumptions ”, Yap said, in an email exchange with Crypto briefing. “A flaw in cryptography … will allow an attacker to create coins out of thin air without being detected.”


What are zk-SNARKs?

zk-SNARK, abbreviation of succinct and non-interactive knowledge arguments with zero knowledge, is an algorithm that makes it possible to verify the validity of a transaction while preserving the confidentiality of personal or confidential information, also called zero knowledge.

Zcash was the first coin to use zk-SNARK, but other cryptocurrencies have shown interest. The TRON Platform Network (TRX) announced its intention to integrate the algorithm in early December.


What are the vulnerabilities?

The zk-SNARKs algorithm is based on a hypothesis known as the first exponent knowledge hypothesis – KEA1. Formulated over a decade ago, it simply states that transactions must be correct if they have a certain outcome. This is what makes unconscious confidentiality possible.

KEA1 is the backbone of zk-SNARKS and the foundation of any blockchain that uses the algorithm. KEA2, a later cryptographic hypothesis, was conclusively falsified in an academic article published in 2004.

Yap admits that no one has managed to break KEA1 yet, but that doesn’t mean it’s completely waterproof. Now that billion-dollar networks are using zero-knowledge technology, and more people are looking to adopt it, there are clear incentives for malicious agents to break it.

Someone able to crack KEA1 would have unlimited ability to print tokens and double spend at will, without anyone knowing. “If the hypothesis breaks, then the crypto breaks. If the cryptography breaks, it would be possible to forge evidence and potentially more ”, Yap wrote.


Are Confidence Configurations… “Trustworthy”?

Other personalities have expressed their concern about zk-SNARKs, mainly around the need for a “configuration of trust”. A trust setup is an event where cryptographers create a public key, needed to generate and verify evidence, and destroy the associated private key to prevent malicious actors from subverting the protocol.

Cryptographers from all over the world participate, each with a small portion of a private key. A public key is assembled from the ciphers, while fragments of the private key – called “toxic waste” – are destroyed.

Anyone with access to the private key could have hit tokens at will. Therefore, there is a significant incentive for someone to create a backdoor.

Zcash went to great lengths – even destroying the computers involved in the original 2016 ceremony – to ensure that all parts of the private key were destroyed. However, oversights – such as the fact that part of the software was not verified and was only released a day before the ceremony – could put the network in danger.

Developer Peter Todd, who attended the 2016 ceremony, said a compromise in the trust setup would also compromise privacy. He thinks that the network parameters can be constructed in such a way that “Can absolutely ruin privacy:”


This could call into question the workings of a currency which is distinguished mainly by enhanced anonymity. “What is at stake here is that if the parameters have not been destroyed correctly, someone can create parts from nothing without being detected”, Yap wrote. “If the ceremony has been compromised, overall confidentiality can be broken, revealing the details of the transaction and the user.”


“Above my salary level”

Zcash is known as a privacy protocol, but few transactions used zk-SNARKs until recently. Before the Sapling update, the algorithm took a lot of computing power, making transactions prohibitive.

Sapling, which went live at the end of October, dramatically reduces the amount of computing power required, even allowing zk-SNARKs compatible transactions to be sent from mobile devices.

Zcash has also been added to some of the more exclusive cryptocurrency exchanges. Coinbase only listed the privacy coin at the end of November. Gemini’s ZEC-USD trading pair is popular, with a trading volume worth $ 250,000 in the past 24 hours, according to CryptoCompare.

Cryptography briefing reached out to other developers to ask for their feedback on zk-SNARKs. One of the few to answer us was Vitalik Buterin. He said earlier this month that zk-SNARKs have the potential to scale Ethereum (ETH) up to 500 transactions per second.

When Cryptography briefing asked him if the KEA1 hypothesis represented a potential vulnerability, he replied that it was beyond his area of ​​expertise. “[A]assess the security of the cryptographic assumptions of the elliptical curve is above my compensation level ”, wrote the co-founder of Ethereum.

With more people involved in cryptocurrency than ever before, the chances of someone spotting a backdoor are getting a bit higher.

This leaves us wondering: could the industry become a sleepwalker in a significant security risk?


The author is invested in digital assets, including ETH which is mentioned in this article.

Share this article

About The Author

Related Posts