On March 15th, 2019, PIVX Core Developers Furszy & Random.Zebra revealed an attack that was launched against the PIVX coin, and it’s zPIV implementation of the zerocoin protocol. This announcement followed a call to all known PIVX forks, urging the activation of the “spork” (a mechanism to make live changes on a coin’s blockchain) to disable the zerocoin functionality.
We at Gamblecoin made the decision to hold the zerocoin disabling spork active, and roll the PIVX fix into Gamblecoin into the already planned next release of the Gamblecoin Core; rather than issuing a special release to solve the zerocoin issue. This, in hindsight, was a very good decision.
On April 9th, 2019, following what is now known as the “Wrapped Serials Attack”, the Zcoin team found irregular spends occurring on their chain. During the investigation, it was found that a vulnerability exists in the underlying cryptography provided via the libzerocoin library.
Gamblecoin had been planning on embarking on an educational campaign to help educate coin-holders of the benefits and privacy provided by zerocoin, and the zGMCN implementation; and making modifications to make it more user friendly. Unfortunately given the recent issues with the cryptographic proof, we will not be moving forward with that plan.
The Plan Forward
The zerocoin disable spork will remain in effect through the v1.2 Gamblecoin Core release, where zerocoin will be cobbled to be unusable; protecting from any ability to re-enable zerocoin without a later release.
We will be following PIVX’s development on this issue, through the v3.3 release; which is intended to provide the means for users to re-convert their current zerocoins back to regular coins. When that is available and vetted, we will integrate it into a Gamblecoin Core release, so that our users can recover their zGMCN balances.
The PIVX release has already been put into beta; and we will implement if it makes sense to, depending on when the release goes live; and more due diligence into the changes. We don’t want to port the PIVX code to GambleCoin, release it, only to find another vulnerability is revealed.
I apologize for the confusion, and the inconvenience this causes everyone. However this decision is being made to protect our chain from the attacks that our reference implementations and sister forks have endured these past couple of months.
Gamblecoin wants to ensure the userbase that your zGMCN coins are safe, and they will be made available to you again once it is safe to do so; and we will continue to keep our ear to the industry for a privacy protocol that will benefit us all in the future.
If you have any questions, please reach out on our Discord Channel.
Cave Spectre & the GambleCoin Team
- PIVX Devs, “Wrapped Serials Attack” 15-Mar-2019
- Mack, S., “Update on Zerocoin Spends” 16-Apr-2019
- Yap, R., “Further Disclosure on Zerocoin vulnerability” 26-Apr-2019
- Fuzzbawls, “zPIV Vulnerability Identified: Official Comment From Devs” 26-Apr-2019
- Yap, R., “Cryptographic description of Zerocoin attack” 30-Apr-2019
- PIVX News, “FAQ on Zerocoin and PIVX” 09-May-2019