The first zero-knowledge protocol breaks, again
It was cool while it lasted.
If you've gotten into cryptocurrencies based on the ZeroCoin protocol, you're going to be left with Zero coins. Multiple flaws just published https://t.co/gdw2OYzdqf— Howard Chu (@hyc_symas) April 12, 2018
A group of cryptography researchers just published this paper illustrating ways to exploit the security loopholes in the Zerocoin protocol. Proposed as an extension to Bitcoin in 2013, Zerocoin was ahead of its time as the first project to address the pseudo-anonymity issue in Bitcoin using zero-knowledge proofs. Basically, Zerocoin achieves unlinkability through a two-part process: first is the "mint" that generates a token with unique serial number, and second is the "spend" process that checks the validity of the serial number. In the attack model described below, the researchers were able to steal serial numbers from other users in order to "mint" and "spend" coins.
"As soon as this spend transaction performed by the attacker is confirmed, the nodes in the cryptocurrency network record this serial number as used. As a result, the honest user cannot spend her zerocoin anymore. Whenever she tries, her spend transaction will be rejected as a double-spend, because the serial number has already been recorded as used. This effectively burns the zerocoin of the honest user!"
This is not the first time Zerocoin protocol has been exploited. Zcoin, the first software implementation of the Zerocoin protocol, was hacked in 2017. The hacker created 370,000 tokens out of thin air.
It is worth noting that the Zercoin code repository is no longer maintained, and the original team has moved on to work on Zcash. And yet--new forks still pop up:
I looked at the library today for the first time in years. Saw the PR and decided the only safe thing was to upgrade our “DON’T USE THIS YOU IDIOTS” warning to “WE HAVE ARCHIVED THIS LIBRARY SERIOUSLY CUT THIS OUT”.— Matthew Green (@matthew_d_green) April 12, 2018
The researchers contacted the developers of these forks to fix the issues. The projects affected are: Zcoin, PIVX, SmartCash, and Hexx.
We found an attack on Zerocoin leading to vulnerabilities in the cryptocurrencies @zcoinofficial, @zoinofficial, @_pivx , @scashofficial, and @hxxcoin (NOT Zcash); first two are still affected. Joint work with @aravind2112, Viktoria Ronge and @doschroeder.https://t.co/r3EYLxroNG— Tim Ruffing (@real_or_random) April 12, 2018
Other discussions that took place today
It's going to be deeply hilarious watching all of these SV funds get burned investing in stablecoins. https://t.co/j6oaWQpUxC— Preston Byrne (@prestonjbyrne) April 12, 2018
"From the perspective of a Bitcoin user, I have little hesitation in declaring that Bitcoin’s governance is broken. Confusion is the tip of the iceberg, an iceberg made of vitriol and hate. Let’s revisit the Bitcoin Cash and Segwit2X examples again briefly."
"'The bottom line is that the world is dominated by closed monopolistic, state-owned, manipulated, controlling, surveillance-based currencies that pose a fundamental existential threat to democracy and liberty in the world,' he said. 'We are at a crossroads and the crossroads is not between Bitcoin and Bitcoin Cash.'"
1/7 The true problem with BCH isn't technical. I mean, it's too bad they're eschewing LN, and their block size roadmap will surely lead to more centralization, but there's no law against trying out that approach.— Meni Rosenfeld (@MeniRosenfeld) April 12, 2018
"One discussion that this chaos has brought back to the forefront is ethereum's interest in scrapping mining by moving from proof-of-work to proof-of-stake. Buterin told developers at a recent meeting that ASICs would be flushed out with the upgrade so there isn't much to worry about (although there still isn't a date nailed down for that change)."
"According to a spokesperson from Hunter Energy, it expects roughly 5% of the energy from the power plant will be used for blockchain related processes."
"We can quickly learn a lot about the American economy by looking at this kind of data. The average state generates about 20% of its economic activity through international trade of one kind or another. Six states get more than 30% of their GDP this way. Three states with huge economies are extremely reliant on trade: California ($2,734B total GDP with 22.4% from trade), Texas ($1,692B total with 31.2% from trade), and New York ($1,550B total with 13% from trade)."
"A clearer understanding of how growth happens, and why growth-boosting institutions sometimes wither or fail to take root, could raise the living standards of billions of people. The economics of growth should therefore be central to the discipline, even though the questions it poses are objectively hard, and the answers rest more in history and politics than in elegant mathematics."