In March 2018 a cryptographer working for Zcash discovered a serious counterfeiting vulnerability affecting the popular cryptocurrency.
This could have potentially allowed the creation of fabricated Zcash token without being uncovered.
The gravity of the situation forced the team at Zcash to work tirelessly for a solution in order to protect their users successfully.
The upgrade of the Sapling network fixed the counterfeiting vulnerability in October 2018, according to a blog post published by the Zcash team earlier this month.
As for today, the problem no longer exists and Zcash users are protected.
Timeline of Events
The story behind the counterfeit bug first appeared in March last year.
Zcash cryptographer Ariel Gabizon first detected the flaw while attending the Financial Cryptography 2018 conference together with Zcash CEO Zooko Wilcox, as well as another Zcash cryptographer named Sean Bowe.
The night prior to Gabizon’s presentation, he discovered the major vulnerability and immediately contacted Bowe to validate.
As soon as the two verified the problem, they urgently reached out to Wilcox.
Zooko Wilcox then contacted the CTO of Zcash, Nathan Wilcox. This is when the transcript was deleted to prevent any further damage.
After the transcript was erased, both Bowe and Zooko decided to also destroy the backup completely.
Two alleviation approaches were suggested, one of which was Gabizon’s idea, and the other was Bowe’s idea.
According to Gabizon, the best way of mitigation included an emergent hardfork.
In this scenario, the Zcash users would have been required to switch to other parameters that did not endure the vulnerability.
The zk-SNARK parameters would work perfectly by replacing or re-randomizing the already-existing parameters in a consecutive function.
On the other hand, Bowe’s proposal for mitigation included using the Sapling network upgrade.
He believed it would be most efficient if the system was switched to the proving system Groth16.
Following this, the parameters would be built in the forthcoming function of the Sapling network.
Soon after the two strategies were projected, the team adopted Bowe’s approach to solving the issue.
In October 2018, thanks to the successful activation of the Sapling network upgrade on the Zcash mainnet, the counterfeiting vulnerability was removed.
Preparing packages of disclosure for other afflicted projects was at the center of attention for the team and Benjamin Winston, Zcash’s director of product security.
On November 18, 2018, due to the collected DVDs from the original ceremony parties, Bowe was able to recreate the transcript. Bowe, then, posted the recreated transcript himself.
The public was informed about the counterfeit vulnerability being taken care of earlier this month in a blog post from the Zcash team.
What Was Affected and What Was Not
The bug in the system would have allowed third-parties to break in to the proving system without being detected and create fake proofs of the Zcash coins.
The affected areas included all the projects that implement BCTV14.
Opposite than this, the system Zcash mainnet was using, known as Sprout-on-Groth16, was not affected by the vulnerability.
The counterfeiting vulnerability is also not detected in other algorithms such as BCGTV13 and BCTV14. The problem was not present in zk-SNARKs structures either. Among the unaffected structures were BG18 and GM17.
The vulnerability was discovered and eliminated from the system. As such, the blog post further says that Zcash users do not need to take any action.