Cryptographic flaw in zerocoin protocol leads projects to question its viability

The team at Zcoin have discovered a vulnerability in the cryptography of the Zerocoin protocol, which is used by a number of privacy-focused projects in the space. The vulnerability in question allows for an attacker to create zero-knowledge proofs and create coins out of, basically, nowhere.

Coins that use the protocol such as Veil are vulnerable to an attack until Zerocoin is disabled. Although the exposed flaw is able to be fixed, the Zcoin team doesn’t plan to allocate resources to the issue and instead will continue to focus on transitioning to its new privacy protocol, Sigma.

As reported by CryptoSlate, earlier this month:

“The XZC team was alerted to a series of irregularities in the mint and spend patterns of 100 tokens. They immediately contacted all pools, exchanges, and projects that utilize the protocol to disable Zerocoin while a deep investigation took place.”

So by 19th April, the root cause of the issue was found and on 24th April an emergency update was released.

During this time, the team was able to uncover the vulnerability but found that it wasn’t the result of the coding error and that it was actually a cryptographic flaw in one of the zero-knowledge proofs that had existed since the inception of the Zerocoin protocol.

“Zerocoin works by allowing people to burn their coins (mint) and then redeem them later (spend) for new coins with no previous transaction history by producing a zero-knowledge proof that proves that they burnt the coins without showing which coins they burnt. To prevent people from reusing the same zero-knowledge proof to redeem new coins, each Zerocoin mint when spent will yield a unique serial number.”

Is this the end of Zerocoin?

The COO of Zcoin, Reuben Yap spoke to CryptoSlate and spoke on whether the crypto project is ‘dead’ and if there was a plan to fix any of the issues:

“Declaring Zerocoin is dead is premature. There are probably ways to fix it and we are already floating some ideas with other teams. The only reason why we won’t dedicate resources to it is because we are transitioning out already anyway in line with our long term road map.”

Zcoin is yet to disclose any specifics on the cryptographic flaw because it could potentially elicit additional attacks on XZC and other projects using the protocol.