2018 Zcash Security Audit Overview

Our mission is to empower everyone with economic freedom and opportunity. In the service of that mission, we have published numerous scientific discoveries and deployed one of the most advanced cryptographic protocols ever created.

Risks are inherent to all cryptocurrency software. Many other cryptocurrencies have already shown vulnerabilities that could allow theft, destruction or counterfeiting of money. Zcash has not suffered any such failure but we refuse to take anything for granted.

To that end, we employ a complementary set of interlocking engineering practices including three different kinds of peer review: scientific, community and professional.

Scientific: Zcash publishes papers for peer review by other scientists to ensure we are held to the highest standard and consistent with current academic research. Examples of these papers can be found here (Zerocash, Satisfying simulation extractability in Groth’s zk-SNARKs, Multi-party Protocol for zk-SNARK Parameters, Scalable Multi-party Computation for zk-SNARK Parameters).

Community: We work in public, allowing the open source community to see, review, and contribute to source code, issue tracking, pull requests, and design discussions.

Professional: We commission third-party experts to perform a rigorous investigation of the software and publish those results. Prior to launching Zcash, we commissioned a batch of security audits and design evaluations.

Today we have announced the engagement of five leading industry experts to conduct comprehensive security and design audits in support of the upcoming Overwinter and Sapling releases. The detail of those audits, including scope and the auditors selected are available here.

We believe that any system intended to withstand the demands of world-wide economic infrastructure needs ongoing comprehensive peer reviews. But even the most comprehensive reviews conducted but the industry’s best cannot guarantee safety. The science is new. The technology is complex. Changes are rapid. Proceed with caution.

Recent blog posts: