ANON — Addressing the zk-SNARKs Vulnerability
On February 5th 2019, ZCash developers released a blog revealing a code vulnerability discovered that could potentially be exploited to create counterfeit currency undetected. This vulnerability was researched and remedied within ZCash via the Sapling upgrade implemented in October 2018. With the exception of Horizen and Komodo which were informed early — this vulnerability continues to exist and affect any project that depends on the original Sprout system that was distributed in the initial launch of ZCash.
Upon the news release — the ANON team immediately mobilized to address the vulnerability. Below are the current plans to address the code base and supply.
Is ANON susceptible to the vulnerability disclosed by the ZCash team?
Yes — After reviewing the released technical information, it was determined that ANON is vulnerable. The ANON code base was created utilizing ZCash version 1.x which includes the faulty code.
What is ANON’s plan to address the vulnerability?
ANON will be implementing a subset of Sapling features that address the core zk-SNARKs vulnerability within the codebase. Work on the fix has been in progress since the vulnerability was revealed, and is anticipated to be ready by March 31st.
Furthermore, to verify supply and ensure the exploit was not used — ANON will move forward with burning all Z addresses removing any shielded coins. This will allow the team to audit supply and see any anomalies, ensuring future stability.
How will the fix be executed?
STEP 1: Announcement, notice to move to transparent addresses
STEP 2: ANON mandatory update released on Github
STEP 3: Z addresses burned, all shielded coins removed from supply
STEP 4: New Z addresses activated
The code for the upgrade has been in progress and is projected to be completed by the end of March. Initial efforts were made to develop a hotfix for immediate release. However, as coding progressed it was found that ANON would first need to incorporate updated ZCash code in order to integrate the Sapling subset properly. This will be followed by testing and troubleshooting, and a buffer prior to the burning of Z addresses to give notice and time for the community to move their ANON to transparent addresses.
Consistent efforts will be made to raise awareness. The timing is weighted to balance the urgency to address the vulnerability as quickly as possible, ensure adequate testing before release, and allow the community ample time to be made aware and move any shielded coins.
Once the burn has taken place, the team will review the supply to ensure the results remain consistent with scheduled supply metrics. After this has taken place, Z addresses and shielded transactions will be reactivated.
What specific SAPLING features will be implemented?
The team will be implementing a subset of Sapling features (Groth16) that address the vulnerability.
- zk-SNARKs sprout circuit: Groth16 which replaces the previous “Type 2” transaction with “Type 3”
- Introduction of “Type 3” shielded transactions. These new transactions will use a zero-knowledge proving system based on the aforementioned Groth16. The previously used “Type 2” shielded transactions utilized PHGR13 pinocchio protocol as their proving system.
Does the hotfix of SAPLING subset features preclude the plan to implement full SAPLING as outlined on the development roadmap?
No — full SAPLING remains scheduled for ANON per the development roadmap and will be implemented. This subset implementation allows the team the fastest possible response to the vulnerability and supply concerns of 3rd parties.
Will ANON remain a privacy crypto currency after the burning of Z addresses?
Yes — the halting of Z address usage and burning of shielded coins are brief, temporary actions to address the vulnerability and supply authenticity. Once the burn has occurred and the update completed, all core privacy functions will be restored.
Will this update affect the upcoming SUPERBLOCKS implementation?
No — the team does not anticipate the update affecting Superblocks activation.
Does this update alter the future development pathing as outlined?
No — the team does not anticipate any major deviations from the existing development goals. The order of deliverables may alter slightly as resources get pulled to focus on unforeseen issues. However, the net difference should be negligible.
Does the fix implementation alter the team’s plan to utilize the COPAY wallet solution?
No — the COPAY wallet solution can move forward as planned with some minor tweaks.
The accelerated roadmap via partial implementation of Sapling will enable a number of optimization opportunities for ANON in the coming months. Likewise, the auditing of supply will assure current and future 3rd parties of ANON’s supply metrics. We thank the ZCash team for their responsible disclosure of the vulnerability, technical specifics and means to address.
If you have any questions or concerns, please reach out to us via our social channels.
The ANON Development and Admin teams are also active in open communication within the ANON socials. We encourage all community members to participate, debate and foster dialogue that will continue to propel the project forward. #WeAreANON