Is Zcash Safe?
Recent research has been released this week stating that private data, which should be secure in Zcash, is actually accessible. This is a massive blow for the Cryptocurrency and developers are already behind closed doors trying to rectify the bugs that are causing this failure of security.
Apparently, the unveiling of the incredibly private data occurs when a select type of transactions occur. Especially when coins are changed from being “unshielded” to “shielded” is when the problems begin. Anonymity has been seen to drop by just over 69% when the actions above are taken.
The issues lie in the fact that Zcash has two different types of addresses. The first one – t-addresses – are unshielded and can be seen publicly on Blockchain. Therefore both the balance and any transactions are transparent. On the other hand, z-addresses are shielded, which blocks sight of their transactions and balances. Therefore if a transaction between two t-addresses is made then both the transaction and the balance can be seen and are publicly available. If a transaction between two z-addresses occurs then the transaction and the balance are completely secure with only the timestamp and fees for that particular transaction being visible. The bugs kick in when the transaction is between a z-address and a t-address because then information on the z-address can still be seen.
Much of the above problem is apparently because users are completing the same type of transactions time and time again. On many occasions, the withdrawal will be for exactly the same amount and the transaction will be within the same time interval too. This makes it easy to see who is dealing with who and then work out some of the shielded information based on previous behaviors.
What’s Zcash Doing?
A team in the University College London has uncovered this security issue and informed the Zcash team of their findings before their paper was released. Following this, the University College team has already seen changes amongst users.
Spokespeople from Zcash have congratulated the University College London team on discovering this feature in their software and suggest that these findings and any others by the Cryptocurrency community are vitally important to the industry as a whole.
The Zcash team has since released a statement to its users advising on the issues and recommending that z-address to t-address transactions are not recommended. The team has also announced that there are upgrades already in motion that will address this particular issue and protect their customers a lot more. It has also been highlighted that only a small percentage of transactions with Zcash are actually shielded. This is further proven by the fact that in the last month alone, 85% of the transactions are completely and utterly public. Educating Zcash customers will be a huge turning point for this Cryptocurrency in making sure that transactions and balances remain secure. This recent alert will have only moved this process forward quicker which is great for all concerned.