The launch of the genesis block for a new cryptocurrency designed to make real the anonymity once thought to be offered by bitcoin has been delayed once again.
Zooko Wilcox, early cypherpunk and founder of anonymous cryptocurrency startup Zcash, told CoinDesk yesterday that his startup will likely be pushing back the mining of its blockchain in order to give multiple third-party auditors the time to perform in-depth code analyses.
In the aftermath of the the fallout surrounding the collapse of The DAO, a short-lived, much-hyped application on the ethereum blockchain, the value of such precautions are more apparent than ever.
And Wilcox should know. His security firm, Least Authority, was commissioned to perform an audit of ethereum's code.
While it is widely agreed that the collapse of The DAO was not the result of a problem with ethereum itself, Wilcox wants to take further precautions now that he's preparing to launch a competing cryptocurrency.
Speaking with CoinDesk at American Banker’s Blockchain + Digital Currencies conference yesterday, Wilcox said:
"I feel bad that we didn’t do a better job of making DAO disaster-like problems harder for people to encounter."
As part of his own firm's security Wilcox hired two firms to perform an audit of the code designed to enable anonymity for the sender and receiver of a transaction, and hide the amount. Those audits are taking longer than expected.
Earlier this year, Zcash launched its alpha product built from the Zerocash protocol created by Wilcox and others. Then, last week, the startup launched an alpha update to the product with guidelines to side channel attacks and other security concerns.
Zcash has raised $1m venture capital from institutional investors including Pantera Capital, Digital Currency Group and Fenbushi Capital. Individual investors Naval Ravikant and Roger Ver also backed the company.
Cautious rollout
Though Wilcox describes his team of 16 employees, including seven computer scientists, as "super-world-class", he said it’s important for cryptocurrency developers to constantly be working with outsiders in order to help avoid problems like The DAO.
To that end, Zcash has hired two separate firms to perform an audit, according to Wilcox. After the firms' analysis is complete, he said Zcash will publish their name and all their findings, something LeastAuthority did during the audit of ethereum's code.
"The full report of what they each discover when they examine Zcash will also be published in its entirety," he said.
To give the auditors more time, earlier this week, the 1.0 release of Zcash was pushed back from 5th September to 26th September, and Wilcox said he expects further delays.
Over the coming weeks, he said that date will likely be pushed back even further.
He concluded:
"The thing that you are intimate with and that you build yourself, whenever you look at it, you will remember what you intended for it to be. And security flaws are often the separation between what you intended and what you actually got."
Emphasis on collaboration
But, this emphasis on collaborative testing goes deeper than just an audit.
Yesterday, Zcash engineer Sean Bowe published the results of his work with several other employees at the Ethereum Foundation/IC3 bootcamp held at Cornell University.
According to the post, three Zcash employees worked with Casey Detrio of the Ethereum Foundation and others to build their zkSNARKs cryptographic tool for protecting identity into ethereum.
"Specifically, we added a snarkverify precompile (like an opcode) to a fork of Parity which uses libsnark to verify generic proofs," according to the post.
In conclusion Bowe wrote:
"We love contributing to both bitcoin and ethereum, and look forward to more collaboration with the broader cryptocurrency community."
Disclaimer: CoinDesk is a subsidiary of Digital Currency Group, which has an ownership stake in Zcash.
Zooko name tag image via Michael del Castillo