A Cryptographic Flaw in Zerocoin Exposes Vulnerabilities in Many Projects
A research report entitled “A Cryptographic Flaw in Zerocoin (and Two Critical Coding Issues)” was published on April 12th, describing how the coin’s protocol — which serves as a foundation for several altcoins — could be used to “mine malicious zerocoin.” Now, several groups are scrambling to respond as the Zcoin team firmly contests the seriousness of the exploit.
‘A Cryptographic Flaw’
The researchers behind the recent study outlined how malicious agents could theoretically commandeer honest users’ networks.
The vulnerability potentially exposed several projects that have been built atop the protocol:
“[A] minted zerocoin is represented by a public bitstring, which is a commitment to the serial number but hides the serial number at the time of minting. Users are supposed to choose a random serial number to ensure that it is unique (with very high probability). However, an attacker can, instead of taking a new random serial number, freely choose the serial number when he mints a zerocoin.
This leads to the following attack: An honest user tries to spend her (honestly generated) zerocoin and sends the spend transaction (including the serial number) to the network. An attacker, which is assumed to have control over the victim’s network, now blocks that message such that it never reaches the nodes of the cryptocurrency. Then the attacker mints a new malicious zerocoin with the exact same serial number. The attacker can now spend this maliciously zerocoin, revealing the serial number.”
To clarify, the researchers declared:
“In this article, we present a cryptographic flaw in the Zerocoin cryptographic scheme (not Zerocash), which allows an attacker to burn coins of honest users. On the way, we identified two more critical coding issues in a software library implementing Zerocoin, allowing an attacker to create money out of thin air and stealing coins from honest users. Zerocoin is used by multiple cryptocurrencies (Zcoin, PIVX, SmartCash, Zoin, and Hexxcoin), and some of them are still vulnerable to specific attacks.”
Most notable, then, is the last assertion: that some — but not all — of the associated crypto projects are “still vulnerable” to the exploit.
For their part, the PIVX Support team declared their users had nothing to worry about:
“[…] none of these issues affect PIVX any longer. One was never a problem in PIVX, another was fixed in November, and the last is fixed in v3.1 and zPIV is disabled until then.”
Detractors Sound Off
Many didn’t take the news of Zerocoin’s potential vulnerability lightly.
While I'm pleased that they seem to be making sane advancements with the technology, it's a hard pill to swallow knowing that these vulnerabilities were present until disabled and that top researchers and authors of ZeroCoin STRONGLY discourage its use.
— Justin Ehrenhofer (@JEhrenhofer) April 12, 2018
Some, for example, said the coin has been “poor” when it comes to its recent track record.
The track record for Zcoin has certainly been poor. 388450 counterfeit Zcoins a year ago due to a single typo https://t.co/NvUC5GnsE3 kinda wonder why anyone would use it when the original project team abandoned it and designed ZeroCash instead.
— Howard Chu (@hyc_symas) April 12, 2018
And, accordingly, others projected that hacks are forthcoming.
Again, wonderful. Now lets hope more unknown bugs ever pop up, this is what worries me. Not that current ones are being used to hack peoples money from them all over again. The 4/5/6/7th hack on zerocoin wont be as easy to mitigate as the first 1-3 were… hence the issue w/ it
— Decentralizd (@Decentralizd) April 12, 2018
If you’re working within the coin’s ecosystem, it couldn’t hurt to be vigilant for now.
ZCoin Team Pushes Back
As news of the exploit gained traction, the ZCoin team issued a formal response in which they contested the practicality and feasibility of the vulnerability. On Twitter, the team declared that their counter-argument was “a more accurate reflection of the ‘attack’ which is difficult to do in practice and often causes loss to the attacker.”
In their response, they explained:
“A paper titled ‘‘Burning Zerocoins for fun and profit’ was published that discussed several vulnerabilities of the original Zerocoin library. There was a bug that allowed inflation, which was patched and in force and another bug that resulted in improperly signed transactions. These issues are resolved and also mentioned here. There are also additional security fixes that were patched.
The attack allows someone to make someone’s Zerocoin mints unspendable. Meaning you can mint the coin, but you cannot redeem it because it has been vandalized. However news reports and social media coverage have vastly blown up the issue out of proportion.
[…] Although we do acknowledge the flaw, the actual economic benefit derived from it is quite low and is quite difficult to do in practice which is also acknowledged by the authors.”
Accordingly, Zcoin is saying the entire episode is much ado about nothing.
What’s your take? Is this vulnerability serious or trivial? Sound off in the comments below.
Images via Pixabay, Friedrich-Alexander-Universität Erlangen-Nürnberg