Zcash has announced that it plans to add a new consensus rule in order to protect its coin supply against counterfeiting attacks. Although Zcash offers privacy features, some of its coins move in such a way that they can be observed via a “turnstile” effect. Beginning in May, Zcash will reject blocks should they show signs of counterfeiting—something that hasn’t happened yet.
Over the past year, Zcash discovered and patched a vulnerability that could have allowed attackers to freely mint new ZEC tokens instead of mining them. Fortunately, this vulnerability was never exploited and has now been patched. However, the recent patch prevents just one known method of counterfeiting. This new rule will protect against any type of counterfeiting.
An overarching solution is important because Zcash’s privacy features make it difficult for anyone to detect counterfeiting directly. Although many Zcash wallets and addresses don’t make use of these privacy features, some Zcash addresses are “shielded.” This means that only some participants can view a particular address’s value, making it hard to say whether counterfeiting has taken place.
However, counterfeiting can also be detected indirectly. Zcash has two pools of shielded addresses and one pool of transparent addresses. Values can be measured whenever ZEC tokens enter or leave shielded pools—just as a turnstile can be used to count people who pass through it. If more ZEC tokens leave a pool than have entered it, counterfeiting has probably taken place.
Preventing Possible Attacks
Zcash has already used the turnstile effect to demonstrate that counterfeiting hasn’t occurred yet. But starting in May, Zcash nodes will be actively required to reject blocks in which incoming values and outgoing values total a negative amount. This means that Zcash’s coin supply will be safe, even if counterfeiting does take place.
This feature will be tested extensively before it is deployed to Zcash’s main blockchain. However, there could be some issues. Due to irregularities in public tracking, users may not be able to transfer all of their funds out of a shielded pool. Zcash says this is necessary in order to keep counterfeit coins contained.
This change could provide very strong security. More cynically, it could indicate that Zcash has found another vulnerability. Although Zcash says otherwise, the project would need to keep such matters a secret in order to preserve security. It is possible that more details will emerge after the feature is activated in May.