More Devs, More Destruction: Another Zcash Crypto Ceremony Is Underway

Amid criticism of its first security ceremony, zcash has made changes as it prepares for a fork. But has it done enough to silence the skeptics?

AccessTimeIconNov 30, 2017 at 9:00 a.m. UTC
Updated Sep 13, 2021 at 7:12 a.m. UTC

Blockchain coder Cody Burns wakes up in a coffin-sized hotel room in what he would later call a "questionable" part of Hong Kong.

As the hotel cashier doesn't speak English (and only accepts in-person paper-based check-ins), Burns believes this hotel is "not something a westerner would stay in," but that's all part of his plan to keep his tracks covered.

You see, Burns is performing the cryptographic ceremony that privacy-oriented cryptocurrency zcash has become known for: a ritual that involves multiple people around the world destroy the so-called "toxic waste" that zcash's "trusted setup" creates.

Burns turns off his phone and cuts off all internet connections to his laptop (so no one can track him), then boards the buzzing Hong Kong metro, where no one will suspect him of performing the sacrament – running a secret program given to him by the zcash development team.

He's brought along two USB sticks, one shaped like SpongeBob and the other like Pikachu – technology now doubling as toys – which he used to install the operating system and a zcash virtual machine. Also with him is a colorful Rubix Cube he picked up at a local market as a key to pull random words from the famous sci-fi novel "Neuromancer."

Fittingly, perhaps, as the scenario he's created could just as easily be written in the pages of a William Gibson novel.

At the time, 20 people, including Burns, are moving through similarly strange (if not dystopian) scenarios, displaying not only just how difficult it is to keep things secure and private online, but also how far crypto enthusiasts are willing to go to make sure their next-generation money is.

"It was about two hours in the train running wonky crypto computing software, under one of the most densely populated cities in the world, during rush hour," Burns, who writes blockchain code for Accenture during the day, told CoinDesk, adding:

"It was a true cypherpunk way to end the trip. 10/10. Would do again."

Behind the curtain

Even with many of the best-known cryptocurrency communities poring over possible code improvements in an effort to offer users more privacy, zcash's ceremony – this one named "Powers of Tau" – is perhaps the most unique.

But while the process may seem over-the-top to outsiders, zcash's cutting edge zk-snarks cryptography, which shields transactions senders, receivers and balances, makes the routine necessary.

For this particular hard fork upgrade, it'll have to go through a new trusted setup, and if someone is able to compromise the "randomness" input into the system by developers, they'll theoretically be able to exploit the system, possibly printing themselves as much zcash (currently valued at $316 per token) as they've ever dreamed of.

At least one participant must successfully destroy the cryptographic toxic waste, or the whole system could be vulnerable.

In this way, many think last year's ceremony didn't go far enough since it only included six developers – a small enough number that some criticized the inherent trust needed in that group to not collude or be compromised in some way.

But this time around, for its first hard fork upgrade (meant to pave the way for a faster network), hundreds or thousands of people participated, though they needed the technical prowess to run the code in a secure environment.

As University of Illinois, Urbana-Champaign assistant professor and zcash advisor Andrew Miller explained in the ceremony announcement:

"As the number of participants grows, it becomes implausible that all of them could be compromised."

The new proof

This process is playing out openly on the zcash mailing list, with those participating writing "attestations" describing what technical safety measures they took. While some are more or less extravagant, they're all performing their own versions of what Burns did.

As another example, ethereum developer Hudson Jameson and his friend used a crude "Faraday cage" made out of a cardboard box covered in tinfoil to shield the computer used from attackers who might try to figure out what the computer was computing by beaming radio signals toward it (stealing information in this way is more common than it sounds).

Then, going one step further, (Burns merely ran a program to destroy the software within his USB sticks), they demolished the RAM, computer and USB sticks with a drill and hammer, because destroying the physical computer helps destroy any traces of the program that could be lingering on the hardware.

"It seemed like it would be a lot of fun; it was," Jameson told CoinDesk. But he feels that it's useful too.

"I feel confident using these public parameters that will be generated because I destroyed the secret randomness used in my part of the ceremony," he said. "I don't need to trust that other people in the ceremony were honest or not being spied on because of my personal participation."

All this might seem paranoid, and to a certain extent, it is. But it also goes to show just how difficult it has become to secure online systems – from both rogue hackers or omnipotent dictators – where much of humanity now spends much of its time.

For my part in the process, I tried to use lava lamps (it's predicted as much as 10 percent of the Internet is encrypted using the randomly moving blobs within the lights). However, I didn't have enough time to write a program that would harness their randomness, so I just glanced at the lamp from time to time, hoping it would make my typing more random.

Probably not the most random, but we've got Jameson's destruction to fall back on (should you trust him).

Vulnerabilities still?

Others don't.

Despite the complex, distributed precautions many developers are taking to secure zcash, some worry the ceremony could go awry anyway.

"It is an improvement, but it doesn't address the issues with a trusted setup," said OkTurtles founder Greg Slepak, who has been one of the most vocal critics of zcash's creation mechanism.

Even though many more developers are participating this time around, he argues there still could be problems. For one, all computers using Intel Management Engine, a chip that's in millions of computers, could be compromised in the same way.

Plus, participants might not be as careful as they think they are.

"Every single person participating in this ceremony is being watched. If any sane person were to participate in this ceremony, they would do it anonymously," he contends.

Instead, he said, other cryptocurrency projects, such as Monero (which is live) and MimbleWimble (which is forthcoming), offer similar levels of anonymity without an initial trusted setup that however small, could ruin zcash's primary appeal.

"I'm glad that they're trying to improve upon it; I'm just against the very concept of a ceremony," Slepak said.

But while Slepak has his worries, the new ceremony has changed the minds of other skeptics.

"I was not a fan of the original 'closed, but trust us' process, but I understand its intent," Burns said, adding:

"The second [ceremony] is much more resilient and scalable."

Disclosure: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Zcash Company, the for-profit entity that develops the zcash protocol.

Correction: Due to editing error, the quote from Miller's blog post was misstated. This has been corrected.

Ceremony image via Hudson Jameson 


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.