zec
/
zcash-blog
mirror of https://github.com/zcash/zcash-blog.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
zcash-blog/_posts/2018-03-27-2018-security-au...

26 lines
2.8 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

---
ID: 2524
post_title: 2018 Zcash Security Audit Overview
author: Zooko Wilcox
post_excerpt: ""
layout: post
permalink: >
https://blog.z.cash/2018-security-audits/
published: true
post_date: 2018-03-27 19:51:55
---
Our mission is to empower everyone with economic freedom and opportunity. In the service of that mission, we have published numerous scientific discoveries and deployed one of the most advanced cryptographic protocols ever created.
Risks are inherent to all cryptocurrency software. Many other cryptocurrencies have already shown vulnerabilities that could allow theft, destruction or counterfeiting of money. Zcash has not suffered any such failure but we refuse to take anything for granted.
To that end, we employ a complementary set of interlocking engineering practices including three different kinds of peer review: scientific, community and professional.
<strong>Scientific:</strong> Zcash publishes papers for peer review by other scientists to ensure we are held to the highest standard and consistent with current academic research. Examples of these papers can be found here (<a href="http://zerocash-project.org/media/pdf/zerocash-extended-20140518.pdf">Zerocash</a>, <a href="https://eprint.iacr.org/2018/187.pdf">Satisfying simulation extractability in Groths zk-SNARKs</a>, <a href="https://eprint.iacr.org/2017/602">Multi-party Protocol for zk-SNARK Parameters</a>, <a href="https://eprint.iacr.org/2017/1050">Scalable Multi-party Computation for zk-SNARK Parameters</a>).
<strong>Community:</strong> We work in public, allowing the open source community to see, review, and contribute to <a href="https://github.com/zcash/zcash">source code, issue tracking, pull requests, and design discussions</a>.
<strong>Professional:</strong> We commission third-party experts to perform a rigorous investigation of the software and publish those results. Prior to launching Zcash, we <a href="/auditing-zcash/">commissioned</a> a batch of <a href="https://blog.z.cash/audit-results/">security audits</a> and design evaluations.
<strong>Today we have announced the engagement of five leading industry experts to conduct comprehensive security and design audits in support of the upcoming <a href="https://z.cash/upgrade/overwinter.html">Overwinter</a> and <a href="/cultivating-sapling-faster-zksnarks/">Sapling</a> releases.</strong> <a href="/2018-zcash-security-audit-details/">The detail of those audits, including scope and the auditors selected are available here.</a>
We believe that any system intended to withstand the demands of world-wide economic infrastructure needs ongoing comprehensive peer reviews. But even the most comprehensive reviews conducted but the industrys best cannot guarantee safety. The science is new. The technology is complex. Changes are rapid. Proceed with caution.
Reference in New Issue View Git Blame Copy Permalink