From 35b3168d2c6de67ed14425bc4fdd372ff0e86e10 Mon Sep 17 00:00:00 2001 From: Taylor Hornby Date: Mon, 18 Jul 2016 14:50:07 -0600 Subject: [PATCH] Note that the actual secret spending key may be leaked. --- doc/security-warnings.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/doc/security-warnings.md b/doc/security-warnings.md index e200c74a..1066dbf9 100644 --- a/doc/security-warnings.md +++ b/doc/security-warnings.md @@ -22,9 +22,10 @@ This implementation of Zcash is not resistant to side-channel attacks. You should assume other unprivileged users running on the same hardware as your `zcashd` process will be able to: -- Determine which note your are spending by observing cache side-channels as you - perform a JoinSplit operation. This is due to probable side-channel leakage in - the libsnark proving machinery. +- Determine the values of your secret spending keys, as well as which notes you + are spending, by observing cache side-channels as you perform a JoinSplit + operation. This is due to probable side-channel leakage in the libsnark + proving machinery. - Determine which notes you own by observing cache side-channel information leakage from the incremental witnesses as they are updated with new notes.