Zcash exposes private transaction vulnerability just after launch

Rage Comment : Zcash claims to be highly confidential, and the company's development team is indeed strong, with zero-knowledge proof as technical support. However, the digital currency exposed transaction loopholes as soon as it was released, resulting in the transaction block not supporting mining programs. From a technical analysis, it can be found that the zero-knowledge proof technology is not perfect, and the distinction between Z addresses and T addresses of Zcash does not well reflect its technical advantages. Zcash's privacy still lacks practical application proof.

Translation: Annie_Xu

Zcash took the cryptocurrency world by storm when it was first announced due to a code vulnerability that prevented the mining of private transaction blocks.

The Zcash official website issued a statement on this:

“A known vulnerability prevents the mining of private transaction blocks (input and output transaction information are hidden addresses) and we will release v1.0.1 to fix it soon.”

The red banner on the Zcash Mining Pool reads, "A vulnerability in the Zcash wallet makes it impossible to pay to the Z address. Please only use the T address for now; once the vulnerability is fixed, the payment channel for the Z address will be restored."

Zcash supports two types of addresses, one is the Z address that fully supports private transactions; the other is the T address that supports transparent transactions, just like Bitcoin transaction addresses. The figure below shows the flow of Z address transactions, which is the theoretical flow of Zcash private transactions.

The public addresses of the Zcash sender and receiver correspond to the hash value, but the specific amount is not displayed, so the specific transaction information will be kept confidential. However, preliminary research found that the main network block browser cannot search for Z transaction addresses. Therefore, it is impossible to determine whether the transaction exists.

In this case, when Zcash private transaction technology has not been officially applied, it means that Zcash has not actually been released. This means that Zcash cannot prove whether it supports this transaction method.

The zero-knowledge proof technology (zk-SNARKs) underlying Zcash has only been around for a short time. Although the Zcash team is strong, with scientists, researchers and hackers from John Hopkins University, Tel Aviv University, MIT, and world-renowned cryptography researchers, the so-called complete privacy of Zcash has long been available in Bitcoin and Monero tokens.

Therefore, in order to make people believe in the strong confidentiality of Zcash, it is first necessary to realize the compression mapping of secret transaction information in actual scenarios.