This article was first published on PIVX
In light of all the buzz around Zerocoin exploits, we thought we’d pull together a simplified FAQ to at least help with some of the questions we’ve been fielding for a couple of months. Although the list is simplified, the activities and efforts from our development team are far from simple. Zerocoin protocol, on its own, is complex. Transactions which use the Zerocoin feature are drawn from an escrow pool, where each coin’s transaction history is erased when it emerges. Transactions are verified by zero-knowledge proofs, a mathematical way to prove a statement is true without revealing any other details about the question. PIVX took this and customized it further to allow for the ability for users to not only send privately but earn rewards as a proof of stake currency. (zPIV/zPoS)
The Development Team are working diligently on a new protocol and will be calling for testing as things reach that stage. In the meantime, browse the FAQ and if there are any other questions not here, please join our Discord and ask in the #support channel.
Is this an issue with PIVX code?
No. This recent issue is akin to the “Heartbleed” vulnerability a few years ago, which was a vulnerability in the OpenSSL library …in the sense that it is at the library level, and not at the implementation level. This is not a PIVX vulnerability or exploit. It is an issue with a library level protocol and ANY project using it is at risk.
What is the PIVX protocol for verifying and validating a proposed vulnerability?
In cases of underlying vulnerabilities (even suspected ones), especially ones that are at the library level that could have ramifications across multiple implementations, we will always tend to verify internally first, privately disclose second, THEN make a public announcement.
To keep reading, please go to the original article at: