PIVXQA.png

May 9, 2019FAQ on Zerocoin and PIVX

In light of all the recent buzz around Zerocoin protocol vulnerabilities, we thought we’d pull together a simplified FAQ to at least help with some of the questions we’ve been fielding for a couple of months.

Although the list is simplified, the activities and efforts from our development team are far from simple. Zerocoin protocol, on its own, is very complex. Transactions which use the Zerocoin protocol are drawn from an escrow pool, where each coin’s transaction history is erased when it emerges. Transactions are verified by zero-knowledge proofs, a mathematical way to prove a statement is true without revealing any other details about the question. PIVX took this and customized it further to allow for the ability for users to not only send privately but earn rewards as a proof of stake currency. (zPIV/zPoS)

The PIVX Core Development Team are working diligently on a new protocol. In the meantime, browse the FAQ and if there are any other questions not here, please join our Discord and ask in the #support channel.

BACKGROUND

Was this an issue with PIVX code?

No. This recently discovered Zerocoin vulnerability (where PIVX was not impacted by) is akin to the “Heartbleed” vulnerability a few years ago, which was a vulnerability in the OpenSSL library, in the sense that it is at the library level, and not at our implementation level. So this is not a PIVX vulnerability or exploit. It is an issue with a library level protocol and ANY project using it is at risk.

What is the PIVX protocol for verifying and validating a proposed vulnerability?

In cases of underlying vulnerabilities (even suspected ones), especially ones that are at the library level that could have ramifications across multiple implementations, we will always tend to verify internally first, privately disclose second, THEN make a public announcement.

How did PIVX utilize the libzerocoin library?

PIVX was the first Proof of Stake cryptocurrency to have implemented the full set of Zerocoin protocol ideologies and practices on mainnet. While based on the original libzerocoin public repository that was created by academic cryptographers, the majority of the PIVX zPIV code is custom, and our accumulators were encrypted using RSA-2048 challenge generated keys for a non-developer trusted setup making zPIV very unique.

Is Zerocoin Dead?

No. Zerocoin protocol (and the concept of “zerocoin”) is far from “broken”. Libzerocoin =/= Zerocoin. The math of one of the proofs (in the libzerocoin library) is exploitable due to a technicality. The overall concept of zerocoin is still sound.

What is the effect on PIVX?

The vulnerability was discovered in the underlying libzerocoin library (not in any specific implementation by PIVX or it’s code base). zPIV (the PIVX protocol using libzerocoin) was/had already been disabled in the network prior to the discovery of this vulnerability in the libzerocoin library. So PIVX network was not impacted by this vulnerability. For more information of the vulnerability found, please see this disclosure from Zcoin – https://zcoin.io/further-disclosure-on-zerocoin-vulnerability.

PIVX IS SAFE

What are zPIV?

zPIV are the zerocoin unit counterpart of PIVX that utilize the Zerocoin protocol to maximize privacy for the user. See white paper here on zPIV And a page on zPoS here.

Are my coins safe?

YES. An individual’s own zerocoin mints are safe, meaning that this exploit did not give an attacker the ability to spend someone else’s mints.

Can an attacker now mint their own zerocoins and spend them?

NO. Minting zerocoin isn’t an option with PIVX right now. zPIV minting has been disabled since March 7, 2019.

Could my zPIV have been spent?

NO. zPIV was already disabled.

SOLUTIONS

What are the next steps for PIVX?

Recently released 3.2.2 wallet update was needed first. As the fork situation was really the most urgent need, as it was a problem for exchanges. This issue has now been fixed (with 3.2.2) and no user funds were at risk.

We will release a new wallet v3.3 that will allow conversion of all zPIV held in the wallet to PIV. This will mean that all users will be able to fully access their funds once released. This new release will be mandatory, and the zPIV spends (with this interim release) will not be private in light of this new vulnerability. Meanwhile, PIVX core development team will continue to work on the new privacy protocol. We’re committed to continuing our development to remain as one of the most innovative private, proof of stake cryptocurrency around.

What about the BIP 65 implementation? Is that affected by this?

BIP 0065 (Wiki) (aka Atomic Swaps) will still apply, but given that the forthcoming release (tentatively 3.3.0) will be mandatory, version 4 blocks (from wallet version 3.1.1 or older) will no longer be accepted on the network with the new release, leading the BIP65 changeover logic (soft-fork) to completion by proxy. 

What is next for PIVX privacy?

We have advanced work that was started in 2018 and it was poised as a replacement for libzerocoin. We are following this route right now as a superior solution and replacement for libzerocoin. Although we all gather inspiration and intel from other projects, we will NOT be adopting someone else’s privacy protocol.

What is the new work that PIVX is doing?

Our upcoming privacy protocol (still in development) relies on a new cryptographic accumulator, uses range proof (more specifically bulletproofs) and it does not require a trusted setup (trust-less).

Is PIVX abandoning zPIV?

No. We are not abandoning zPIV. The conversion from zPIV to PIV will ultimately be required one way or the other to allow those coins to enter into a new privacy protocol.

What about private staking?

We are committed to continuing to provide the ability for stakers to stake privately. We have not given up on this, and our next advancements in privacy tech will seek to improve this functionality for the PIVX ecosystem and other projects that choose to use the PIVX codebase. For PIVX specifically, features such as zPoS and ZNLP are targeted to remain.

TechzPIVUpdatesZerocoin