A venture-backed cryptocurrency with the promise to provide truly anonymous transactions is scheduled to launch in beta today, a move that will mark the latest in a detailed and expensive process to help ensure as many bugs as possible are removed before its blockchain supports real transactions.
Created from a fork of the bitcoin blockchain, Zcash is designed to cloak the addresses of both the counterparties participating in a transaction as well as the amount transacted.
If successful, the privacy-oriented, public blockchain could eventually form the foundation of an ecosystem of distributed applications built by both consumers and big banks looking for a more private means to transact.
Not only are the eyes of the cryptocurrency community closely watching this development, but so are would-be hackers looking for a high-value target.
So, to help ensure the soundness of this new protocol, the currencyâs creators, Zcash Electric Coin Company, are spending a quarter of their recent $1m venture capital investment to hire three separate auditing firms. The high-stakes environment where even competing cryptocurrencies might stand to benefit calls for a higher standard of due diligence, according to veteran cryptographer Zooko Wilcox, one of Zcashâs founders.
In an interview with CoinDesk, Wilcox explained the difficulties of balancing the almost impossible task of perfectly audited code, with limited financial resources.
He said:
âThe sad, unfortunate fact is that with a large codebase itâs impossible to find all the bugs. When youâre doing this kind of security process, you have to choose a scope of whatâs most dangerous.â
To the address the problem, Wilcox focused the auditorsâ attentions on the changes his team has made to the bitcoin protocolâs code.
After seven years of running without a hack, that part at least, can be set aside with at least some confidence.
In particular, Zcash narrowed its scope to six components, including the zkSNARK cryptography built on libsnark, the cryptographic construction of the âzk-SNARK circuitâ and the Equihash proof-of-work algorithm.
âThere isnât any way to look at a big codebase and know it is safe in general,â said Wilcox. âYou have to look at a big gray area thatâs more safe or less safe.â
The first step in performing an audit is to select the auditors. While this may seem obvious, the actual process of making the selection isnât always easy, as the collaboration requires a lot of trust and could include difficult conversations.
For Zcashâs first audit, which has been under way since August, Wilcox called in London-based NCC Group, a partner from a previous audit he conducted with his own security firm, Least Authority.
The publicly traded NCC Groupâs principal security consultant, Alex Balducci, was tasked to analyze third-party dependencies such a libsnark. Specifically, Balducci broke down the analysis into two categories: reviewing the implementation of the Zcash protocol and an audit of the source code.
Early conclusions of the audit resulted in multiple recommendations involving the way Zcash is developed. Specifically, he has advocated for the inclusion of tools to help identify coding issues during development.
âThis process should be something that touches all aspects of a company,â Balducci told CoinDesk. âDevelopers should have an awareness of the various security issues, policies should be set in place to enhance and adapt to changing security threats, audits should be performed and plans for worst-case scenarios formed.â
Later this month, NCC Group will be joined by two other auditors in the process of helping minimize bugs and other vulnerabilities in the code.
Due in part to Argentina-based Coinspectâs history of publishing âinnovativeâ protocol designs, Zcash tasked the firm to validate specific threats, protocols and algorithms that only occur for cryptocurrencies.
The founder of the veteran security firm, which has audited implementations including Bitcoin Core, ethereum, monero, counterparty and bitcoinj says that cryptocurrencies prove an especially alluring target because some of the data at stake also has a corresponding token value.
CoinSpectâs Juliano Rizzo compared the launch of Zcash with the launch of bitcoin. He said that when bitcoin launched, there were few if any people with the diverse skill sets necessary to hack a cryptocurrency â skills which he estimates include cryptography, familiarity with GPU-internals, awareness of ASIC-design, regulation, economics and social dynamics.
One strategy Rizzo said he looks for in his clients to help reduce the risk of theft is smart contracts that allow companies to store cryptocurrency in cold storage and that include reversible time-locked vaults so âillegally triggeredâ transactions can be reversed.
But even as defenses against hacks have become more sophisticated since the early days of bitcoin, so to have the attackers.
Rizzo said:
âTo physically steal bags of cash from a bank in minutes, you need a gang with different skills, including firing guns and digging tunnels while pretending to sell butter cookies. A cryptocurrency theft can be carried on quietly by a single hacker enjoying a Frappuccino in a coffee shop.â
Another auditor scheduled to begin work in September is Alexander Peslyak, better known as Solar Designer. His particular focus was on the Equihash proof-of-work algorithm.
In addition to being the founder and CTO of Openwall, Solar Designer is an advisor to the Open Source Computer Emergency Response Team that provides security support to open-source projects.
In interview with CoinDesk, Solar Designer explained the difficult task that other founders building cryptographically based startups face when trying to balance the nearly impossible task of creating a completely debugged codebase with a limited budget.
Solar Designer agreed with statements made individually by each of the other auditors that a perfectly debugged codebase of any ânon-trivialâ size ânot only canât be achieved â it canât even be defined.â
Even with a $250,000 auditing budget, Zcash was forced to narrow the scope of its efforts to just those areas that werenât already largely debugged.
But for startups that arenât funded or donât have another source of capital, Solar Designer said that the level of due diligence required changes from project to project. In the end, he said itâs up to the auditors themselves to communicate the limitations of each project.
But that doesnât mean the diligence is optional.
âIt is typical to adjust scope to budget, and the range can vary by an order of magnitude or more,â he wrote. âCanât afford any? Thatâs tough.â
Zcash is scheduled to launch into beta today with all its features live.
But Wilcox is seeking to discourage the accumulation of any large amount of wealth on the blockchain between now and the full launch slated to occur on 28th October.
Even then, he said he hopes the growth-rate of the currencyâs value occurs slowly.
If a codebase is complicated enough, there truly are no guarantees. He calls it the âhalf-life of doubtâ, or the idea that every year that goes by without a hack his confidence increases â but it may never reach absolute certainty.
Even though Zcash is based on the as-yet un-hacked bitcoin code base, Wilcox said heâs not 100% confident it might not someday be compromised.
âThe only thing that will make me satisfied,â said Wilcox, âis that if years and years go by with more and more money.â
Thereâs two ways to ensure the security of a system.
The first is what security expert Bruce Schneier famously described as âsecurity through obscurityâ in a 2008 article. This, arguably, was the state of bitcoinâs security through its early years, when few people knew it existed, and those who did are generally believed to have had the cryptocurrencyâs best interests in mind.
The second form of security though is what Wilcox calls âtrial by fire.â
Months before he hired auditors to take apart the code and look for weaknesses, the code was published on Github and the public was invited to search for bugs. As a result, multiple vulnerabilities were identified even before the formal audits began.
But the actual bugs exposed in a complex system like a cryptocurrency codebase are a factor of the actual bugs, and the exposure, or value, riding on the product, according to Wilcox.
Inviting additional outside auditors to review the cryptocurrency code accelerates that rate of exposure.
Wilcox concluded:
âYou force yourself not to go through a trial by fire. And you want it to be seen by as many eyes as possible.â
Disclaimer:Â CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Zcash.
Fire coals image via Shutterstock
