Apr 26, 2019zPIV Vulnerability Identified: Official Comment From Devs

We have an important update that will cover the current status of the situation, how we will need to proceed and some good news on what’s ahead.

New libzerocoin Vulnerability

The recent vulnerability first mentioned on April 16, 2019 by Zcoin (https://zcoin.io/update-on-zerocoin-spends/), has been analyzed and confirmed by the PIVX core developers with positive test results. We can now confirm with certainty that this new vulnerability exists within one of the cryptographic proofs which is part of the libzerocoin library created by Miers et al., IEEE S&P 2013 of Johns Hopkins University. Complete details of the vulnerability will be disclosed at a later date to be respectful for other projects using the same library.

Most importantly. PIVX was not attacked using this latest vulnerability, and not affected due to zPIV having already been disabled. All user funds are safe. Nothing was lost.

zPIV Activation

Now that the issue has been confirmed, we will no longer wait for the soft-fork to complete and will release a new wallet that will allow conversion of all zPIV held in the wallet to PIV. This will mean that all users will be able to fully access their funds immediately once released. This new release will be mandatory, and the subsequent zPIV spends will no longer be private in light of this new vulnerability.

New Privacy Protocol

In light of this most recent discovery, the PIVX core development team will be putting increased efforts into the continued research and development of a brand new privacy protocol that was started by the PIVX team last year (2018).

A more detailed FAQ will follow this post in the coming weeks.



Lead Developer, Core Developer.