2016-07-12 12:34:34 -07:00
|
|
|
Security Warnings
|
|
|
|
====================
|
|
|
|
|
|
|
|
Security Audit
|
|
|
|
--------------
|
|
|
|
|
2016-09-29 21:02:59 -07:00
|
|
|
Zcash has been subjected to a formal third-party security review. For high priority security announcements, check https://z.cash.
|
2016-07-12 12:34:34 -07:00
|
|
|
|
2016-07-12 14:22:17 -07:00
|
|
|
x86-64 Linux Only
|
|
|
|
-----------------------
|
|
|
|
|
|
|
|
There are [known bugs](https://github.com/scipr-lab/libsnark/issues/26) which
|
|
|
|
make proving keys generated on 64-bit systems unusable on 32-bit and big-endian
|
|
|
|
systems. It's unclear if a warning will be issued in this case, or if the
|
|
|
|
proving system will be silently compromised.
|
|
|
|
|
2016-07-12 12:34:34 -07:00
|
|
|
Side-Channel Attacks
|
|
|
|
--------------------
|
|
|
|
|
|
|
|
This implementation of Zcash is not resistant to side-channel attacks. You
|
2016-07-18 13:54:22 -07:00
|
|
|
should assume (even unprivileged) users who are running on the hardware, or who
|
|
|
|
are physically near the hardware, that your `zcashd` process is running on will
|
|
|
|
be able to:
|
2016-07-12 12:34:34 -07:00
|
|
|
|
2016-07-18 13:50:07 -07:00
|
|
|
- Determine the values of your secret spending keys, as well as which notes you
|
|
|
|
are spending, by observing cache side-channels as you perform a JoinSplit
|
|
|
|
operation. This is due to probable side-channel leakage in the libsnark
|
|
|
|
proving machinery.
|
2016-07-12 12:34:34 -07:00
|
|
|
|
|
|
|
- Determine which notes you own by observing cache side-channel information
|
|
|
|
leakage from the incremental witnesses as they are updated with new notes.
|
|
|
|
|
2016-07-13 17:23:11 -07:00
|
|
|
- Determine which notes you own by observing the trial decryption process of
|
|
|
|
each note ciphertext on the blockchain.
|
|
|
|
|
2016-07-12 12:34:34 -07:00
|
|
|
You should ensure no other users have the ability to execute code (even
|
|
|
|
unprivileged) on the hardware your `zcashd` process runs on until these
|
|
|
|
vulnerabilities are fully analyzed and fixed.
|
2016-09-01 11:12:48 -07:00
|
|
|
|
|
|
|
REST Interface
|
|
|
|
--------------
|
|
|
|
|
|
|
|
The REST interface is a feature inherited from upstream Bitcoin. By default,
|
|
|
|
it is disabled. We do not recommend you enable it until it has undergone a
|
|
|
|
security review.
|