By Elise Hamdon
This is our fortnightly community and communications update; last week’s engineering update is available here.
Eleven months ago we discovered a counterfeiting vulnerability in the cryptography underlying some kinds of zero-knowledge proofs. The counterfeiting vulnerability was fixed by the Sapling network upgrade that activated on October 28th, 2018. The vulnerability was specific to counterfeiting and did not affect user privacy in any way. Prior to its remediation, an attacker could have created fake Zcash without being detected. The counterfeiting vulnerability has been fully remediated in Zcash and no action is required by Zcash users.
This blog post provides details on the vulnerability, how we fixed it and the steps taken to protect Zcash users. There was also an announcement and discussion in the Forum.
From the blog
Our “People Behind Zcash Technology” series continues, this week featured Marshall Gaucher. “I love this company because these people are passionate … they want to move the world.”
Mark your calendar! Zcon1 will take place June 22–24 in Split, Croatia. Applications are open!
Least Authority and Zcash Company teamed up to demonstrate how, as a privacy-protecting digital currency, Zcash is particularly well-positioned to support the regulatory requirements. Shielded addresses enable users to send and receive Zcash without publicly disclosing their addresses or the amount transacted. According to a recent TechGDPR report contracted by the Zcash Company to analyze the use of Zcash within a subscription payment system, these private addresses prevent publicly transmitted information from being linked back to an individual, therefore making them compliant for GDPR purposes and out of the scope of the regulatory requirements. Forbes covered this story in a feature article last week.