Blockchain, cryptocurrencies, and insider stories by TNW.

Powered by

Zerocoin’s bug that allows hackers to burn honest users’ coins is still not fixed

It has been more than 45 days since the bug was pointed out

ZCoin

Zerocoin has a ‘denial of service’ bug that allows for attackers to burn honest users’ coins. This fact has been known for almost two months now, but remains unfixed.

The problem was highlighted by Tim Ruffing in his presentation ‘A Tale of Zero Coins‘ at the Genesis Conference in London in February.

Peter Todd tweeted in the aftermath that while ZCoin could prove that attackers can’t steal coins, but they couldn’t prove that attackers can’t destroy the coins they don’t own.

research work published by four researchers in Germany including Ruffing, has now further proved this vulnerability.

The research paper shows how an attacker can force the network to reject an honest transaction as a ‘double-spend’:

In both of the proposed Zerocoin schemes, a minted zerocoin is represented by a public bitstring, which is a commitment to the serial number but hides the serial number at the time of minting. Users are supposed to choose a random serial number to ensure that it is unique (with very high probability). However, an attacker can, instead of taking a new random serial number, freely choose the serial number when he mints a zerocoin.

This leads to the following attack: An honest user tries to spend her (honestly generated) zerocoin and sends the spend transaction (including the serial number) to the network. An attacker, which is assumed to have control over the victim’s network, now blocks that message such that it never reaches the nodes of the cryptocurrency. Then the attacker mints a new malicious zerocoin with the exact same serial number. The attacker can now spend this maliciously zerocoin, revealing the serial number.

As soon as this spend transaction performed by the attacker is confirmed, the nodes in the cryptocurrency network record this serial number as used. As a result, the honest user cannot spend her zerocoin anymore. Whenever she tries, her spend transaction will be rejected as a double-spend, because the serial number has already been recorded as used. This effectively burns the zerocoin of the honest user!

ZCoin is based on the Zerocoin protocol introduced by authors Ian Miers, Christina Garman, Matthew Green, Aviel D. Rubin at The Johns Hopkin University, although none of them are involved with the project themselves.

There are other cryptocurrencies based on the Zerocoin protocol, and they have all had the same vulnerability at some point — but only ZCoin and Zoin still remain vulnerable to the bug, the research says.

When this bug was pointed out in February, ZCoin had said that they are aware of the vulnerability and they have a fix ready that is in internal testing.

The bug was apparently being fixed with the help of Tim Ruffing, who is one of the authors of the latest research that highlighted the bug. As per Ruffing, the contract with ZCoin had ended soon after they delivered the patches for some of the bugs that they were supposed to fix.

More than one month later though, the bug remains unfixed, and ZCoin is still saying that the bug is already fixed and the fix just needs to be activated on the network. This time they went a little far ahead, and tried to downplay the bug saying that the attack is very hard to pull off anyway.

ZCoin has been running in trouble with technical glitches for a while. Another bug was discovered in February, when hackers managed to mint 370,000 coins out of nothing, Emin G Sirer, Cornell Professor, shared on Twitter.

Such continuous bug discovery and fixing episodes have prompted Matt Odell to conclude that altcoins are just a free market bug bounty program to help improve Bitcoin.

 

Published April 13, 2018 — 12:24 UTC

Explore our
decentralized future

12 - 14 DECEMBER - ALL OVER LONDON

FIND OUT MORE
hero__character1 hero__character2