2018 Zcash Security Audit Details

We at Zcash are committed to the security and safety of our user community as we seek to empower everyone with economic freedom and opportunity.

Zcash has engaged five leading industry experts to conduct comprehensive security and design audits in support of the Overwinter and Sapling in line with our approach to comprehensive peer reviews.

Audit Scope

The audits will focus on changes to Zcash since our prior reviews, including security analysis of protocol design, cryptographic constructions, consensus rules, and implementation. We have also engaged with cryptographic scientists to analyze security arguments, proofs, and constructions.

All Overwinter changes will be audited and are presented in five Zcash Improvement Proposals (ZIPs):

The Sapling libraries to be audited are:

  • An implementation of a new pairing-friendly elliptic curve in the Rust pairing library
  • The Rust library for building zk-SNARKs called Bellman
  • Various components as part of the Sapling-crypto implementation

As with the previous audit, we are also commissioning a review of the C++ code including race conditions, networking, buffer overflows and dependency management.

We will bring forward previous audit assumptions and assume that previous security audits were accurate and truthful.

Auditors

All audits will be performed by top security, cryptology and technology professionals. Each auditor will have a specific focus and scope.

NCC Group: The NCC Group is a leading cybersecurity firm. They have prior experience with the Zcash through their audit of the initial Zcash protocol implementation, source code and ceremony artifacts.

Coinspect: Coinspect provides Bitcoin security services. As with their previous audit, they will place specific emphasis on Zcash additions over the Bitcoin Core source code.

Least Authority – Recently spun off as a sibling company of Zcash Company, the Least Authority team is highly experienced in security audits and design analysis including Ethereum’s gas model.

Kudelski Security – Kudelski is a highly regarded international cybersecurity company. The specific auditor engaged, Jean-Philippe Aumasson, is a accomplished cryptographer, having written numerous papers analyzing cryptographic algorithms, and authored several important cryptographic algorithms, including BLAKE2, SipHash, and Gravity-SPHINCS.

Mary Maller – As a PhD candidate in the area of cryptography at the University of London under the supervision of Dr Sarah Meiklejohn and Dr Jens Groth, Maller is studying the formal design and analysis of cryptographic protocols including different types of signature schemes and how they can be used in blockchain technologies.

Understanding Risk

Zcash is sophisticated and novel technology. While security audits help reduce risk, they cannot eliminate them entirely. Additionally, each auditor is focused on a specific kind of analysis and cannot vouch for the entire system, nor do they necessarily endorse Zcash as a product.

Schedule

The audits are underway. Final reports of all Overwinter and Sapling related audits will be completed before code is activated in the main Zcash network.

As stated in the 1.0.15 release announcement, the scheduled activation for Overwinter on testnet went live at block 207500. The upcoming 1.1.0 release will set an activation block height on the main network.

While we intend to release these upgrades according to our current schedule, the security and stability of the Zcash network is our priority. Any unforeseen issues arising from our testing or these audits may delay releases.