Reading some news, investors could believe that cryptocurrencies are not a good investment. A few days ago,
News of the day is that a critical vulnerability in Zcash
The Zcash development team have discovered and addressed the shocking critical flaw.
With this premise, the
The Zerocoin Electric Coin Company who developed Zcash disclosed the
counterfeiting flaw that was discovered by its cryptographer Ariel Gabizon.
Gabizon discovered the flaw in its Zcash code on 1st March 2018 just before a talk at the Financial Cryptography conference.
Gabizon immediately reported the flaw to Sean Bowe, a Zcash Company’s cryptographer, the development team decided did not disclose the issue avoid abuses.
Zcash revealed that the flaw was known only by four Zcash employees before it addressed the issue with a patch implemented in the Zcash network on 28th October 2018.
“To exploit the counterfeiting vulnerability, an attacker would
“This transcript had not been widely downloaded and was removed from public availability immediately upon discovery of the vulnerability to make it more difficult to exploit.”
Experts at ZCash explained that the exploitation of the vulnerability would have required a high level of technical and cryptographic sophistication, and only a few people have it. The company excluded that attackers have already exploited the counterfeiting flaw.
The counterfeiting vulnerability affected a variant of
Komodo blockchains and
The vulnerability was the result of a “parameter setup algorithm” that allowed “a cheating prover to circumvent a consistency check” and thereby transformed “the proof of one statement into a valid-looking proof of a different statement.”
Experts pointed out that an attacker with access to the multi-party computation (MPC) ceremony transcript (used to set up the privacy features for Zcash) would have been able to create false
The Zcash development team confirmed that the flaw had existed in the cryptocurrency scheme for years.
“The vulnerability had existed for years but was undiscovered by numerous expert cryptographers, scientists, third-party auditors, and third-party engineering teams who initiated new projects based upon the Zcash code.” reported the company.
“The Zcash Company has seen no evidence