 Alright everybody, let's give it up for Ruben. Yeah, talk with us about Zero Point. Yeah! Yeah! This guy. Alright, here you go. Okay, hello everyone. My name is Ruben. I'm from the Zcoin team. And today we're going to be talking about basically how we handle broken protocol create in the currency set. It's all the challenges and lessons we learn from the, you know, guy's chocolate flaw that is a Zero Point. So, just a bit about ourselves. Yes. How about this? So, we are at a price point that we launched our main app in September 2016, and we actually pioneered the practical use of a Zero Point, which is actually different than a Zero Cash. And it was actually one of the lovely incredible prices for the calls that actually introduced the burn and the mechanism. We're currently using a different currency protocol that we placed after Zero Point, but Sigma, and we're currently working on something called Lantus, which is also being consisted by our guy as a business gatherer solution from there. We have a team of about 19 people, which, you know, almost more than half of the developers, and two executives, one of which is here, and six of our operations, including me, we're working all around the world, and most of us are full-time. So, the thing about dealing with bugs and cryptocurrency are popular, and more than we set up a true cryptocurrency, the more that it is to actually deal with it. Like, for example, the first thing is, the decentralized nature of this is that of us. And, like, for example, you know, if you have an app, an app store, and it's a bug, you just have to push out a copy, and everyone has to transfer it. But the key point of, like, any blockchain address, decentralized address, is that you're not forced to put an upgrade, any upgrade, if you want to. And what happens is that, let's say, if you can't understand a lot of the fix, you need everyone to agree and all that kind of fix to the norm. And it's about convincing not just, you know, you can use us, but the pools and exchanges to actually update urgently without actually costing an app is really important, not costing an app, especially with cryptocurrency. Now, one of those biggest challenges of open source software is that actually every single release has to be accompanied with the associated code, meaning, let's say, when I'm fixing the bug, the fix to the bug will have to be committed before I can make a release. And that's a real problem, because by completing the fix, I'm not hearing a lot about the flow, and that's also a real issue that... This one is also really bad, it's really hot, because let's say if you suffer from damage, if coins are being created on an app, those coins are sent to exchanges and bought by innocent people, it's very difficult to see a rollback of damage per se, because, you know, you have innocent people holding the coins. And, you know, we don't have a really classic situation. So, in the American countries, we cannot do the damage, and most of the damage is from it. So, one of the driving flaws, you know, we have to sort of distinguish them from, let's say, like, software implementation flaws, and one of the driving flaws, the flaw that happens in the actual app, and I think it's a bit... It's not just the software bug on the code, but actually it's all, like, there's a problem with the building block. And, you know, there's been actually many ways of implementation in a software bug, but, even in Bitcoin, there's been, like, you know, a bit chronic old-flow incident where over 184 billion points were created out there. That was the software implementation bug. There was a set of Z-points that suffered early on, which was a bit of a bad feedback, so it suffered it as well. And then all of these, like, just pure software implementation bugs didn't actually go down to the problems in the end, I guess. Now, these are some of the examples of what cryptographic flaws had to happen and not go to privacy points because of, you know, use cryptographic mixing of methods, and, you know, there was a Z-point vulnerability that was actually live for two years since inception, and one that rarely goes around nowadays when exploited or not. And narrow had an inflation bug that, technically, was now exploited and, you know, it could actually tell that it was a little, sort of, cockpit-consciously created, and Z-pointed the one that we were talking about today. There was a huge zero-point inflation bug in April 2009, and then it was actually resulting from a failure of one of the zero-points. It actually created about 67,000 points about today, luckily, that's left 100% of the supply. I mean, it costs quite a lot, like, eight years and so on, but, you know, it's still something that it cannot retroactively fix. So, just to give you an understanding, for those of you who love to live with zero-points, zero-points of privacy protocol that allows you to knit, which is the destruction of the problem, and then the spam, which is the redemption of brand new points with no previous transaction history. So, it was actually, like, the first application of zero-points proves that at least it's sort of the spam mechanism to provide privacy, and we need to sort of compare to, like, you know, our type of privacy mechanisms, like coin drawing, and these signatures bring some coin drawing in here, with obfuscating transaction history, so, hiding the problem, and zero-points tends to try to break the transaction history between the coin, because the brand new points do not have any transaction history to produce the... and off with zero-points, and we probably should have looked into it a lot harder, and the origin of zero-point paper was written by Amy Nielsen, Kristin Dahmah, and Matthew Lee, which had sort of wrote the zero-points paper, which now is the foundation of C-Cache, and, you know, we were like, when Z-Trend has thought that we, you know, we only have one, we thought that it was like an experiment, and we trusted that these people were going to talk to the drivers, you know, want to talk to the drivers in the world, and we kind of trusted it, and that was one of the bigger problems that we had. It was actually rather particularly written, and it said that the constructions of the proof that means it wasn't actually fully described, it was only described in the software that we had created, and that's a big problem, because then, you know, it's a very different thing than, say, I'm reading true paper and understanding how it all was, rather than going to individual crypto analysts to actually have this whole scheme actually work. There's really no single people exactly describing the way zero-points implemented in the library, and in quite a few bits and pieces of other papers here and there, and yeah, it's not as if we didn't take a look at it, no, we actually engaged the cryptography to actually try to find false in open pages in the zero-points security model, and we actually defined two of them, which was that allowed the fact that it created to destroy coins of honest users while in transit, and a fact that can actually hijack by the actors that say if someone creates coins to redeem themselves, those coins can be redirected to someone else. However, we will talk about this later that isn't as serious as it seems to be, because to actually pull off this success, you will actually control the hash power with more than 51% and control the nano to be able to stack at least sensitive transactions. If you're going to control all of this, you have kind of the fact that you control the nano, but we'll talk a bit more about that later. Now, even like which was a zero-point which was the protocol, was hacked and viewed to a floor through, and coins will actually be redirected and this protocol will actually impact all the projects which license your protocol. What are you going to do? What's the fact? So, just kind of like the timeline of it. So, we actually notice a spike in zero-point nano, I think, in the transactions. We do monitor the network just to save it up and even actually like the problem with privacy hop in is that we generally pick up such transactions quite a little and suddenly you see every single mass number of zero-point nano in the transaction we were starting to wonder what was happening here. What happened at the lead was one point is best the different dimensions exceeded the birds and we knew something was definitely not right there. I think that's supposed to not happen and we were actually given the no way to call us or knew that something was wrong. We immediately contacted the mining pools that we know to inform them to request a stable of zero-point spans that's not done at a consensus lead that's a parameter that pools can choose from zero-point spans they want to process a block and we told them, you know, we are actually investing in certain zero-point re-reactive guarantees. We were also tempted but there was too some of known pools for any continued process and so this hack that happened we couldn't really stop it because of this decentralized nature. We actually did inform our lead to a project utilizing zero-point of a possible issue that seems like there's something that's not right here we noticed more spans than mints we don't know if it was affected but maybe let's create a worthy loop on the 16th of April because, you know, we hacked in this evil zero-point spans without telling the whole public but it was already too long it was already like a week ahead and people were suddenly complaining why can't it process on zero-point spans and we had come out of public notice that we had asked the groups to this evil zero-point spans while it has to be in the new area at least. Now, after three days we discovered the root cause of the flaw and we confirmed that it was actually a cryptographic flaw among the proofs and this was at the start of our own we did a limited exposure to the zero-point looking to tell people that hey, this is something that we know this is definitely something is wrong we think that everyone's affected but we didn't want to give the exact fault yet because we didn't want to give animation but we just wanted to tell people the problem is real maybe you want to start looking at it in the midst of patching it but you might want to keep zero-point as evil because at that point in time, the other projects such as Clibax had already this evil zero-point protocol prior to this hack happening they were vulnerable to a different software implementation called a RAP series hack and they had this evil zero-point keeping this evil for now they actually planned to re-activate it and we told them since you have this evil just keep it this evil for a little longer and we'll figure out what's happening here and I think that's what we did I'm going to try to give you an email that says hey, do you know how to do it we didn't really engage you too much in capping he actually offered to work for us for security although we didn't know how to do it so on the fall of April we actually released an emergency software update which actually kept this evil zero-point at a consensus late because we were only going to disable it and my cooler still spans getting through those blocks we only had two days in the and we were kind of lucky we had a small point so it was rather easy to do this now this is something that I'm not even aware of in the future as we grow bigger and once the hard-fought came into being we were actually completely stopped and we knew that the total number of damage was 69,000 points and the only reason why we knew about the exact amount of damage is that actually if you knew the exact floor of zero-point you could actually create perfect fortress but because the understanding just kind of got simple and the spans that we created had a certain signature that was slightly inflated in size and that's why we knew that it was 69,000 points greater now what actually happened was when we, when this happened we did inform a local who wanted to project really kind of a job done I didn't know for whatever reason they were in need they had this brochure first before we did and said oh you know the fact that we are in need of zero-point is disabled on that work and that's really to say that this is a bit of a big move because you know other projects would have not secured themselves you know other projects did not have a mechanism of justice because they were calling like that and this was a really big problem with us because although we had already secured ourselves all these other projects that were still in zero-point did not have a clean way that was nearly erratically and this actually required us to come up with a different quick brochure to say this is what's happening exactly how this is one of the real problems that really kind of hit us really badly now I'll tell you that we were luckily all projects that we were aware of all had this zero-point approach and as sports is kind of like for those that are using the dash muscle code dash muscle code they actually have a sort of master key that can handle more certain features so for those points they had a busy time with that which is great for stopping and not so good for decentralization and that made a cool brochure of graphically and it made it popular and after that two months later we placed another pricing protocol and we actually met in 2018 so it was actually met in any of the places we were going so what actually did we learn from is that we think that there are two key pillars which is capability complication and caution and the first thing is that no one has to deal with other people's shit especially on a general basis when a photographic flaw happens and acts relatively and we try to look for help just in case we couldn't solve it ourselves we were really worried that this could potentially kill the flaw here and we reached out to all of the researchers Aaron was out busy and didn't remember to touch this problem this was a really big problem and I think that's a key, really key differentiator between projects that immediately just implement other people's pricing protocols versus those that actually develop it themselves for example with Zcash there's so many other pricing projects that use Zcash pricing protocol similarly there's a lot of projects that use Moneric and so we really get how it works but they don't really look in and out of these and that's really dangerous because they rely on whatever parent project is just to make this closest to them and sometimes that doesn't really work as we would see and sometimes we really cannot trust everybody I'll talk about this a bit later but even cryptographically there's a high chance these two people were as well especially if they're just contractor as well they can exploit it themselves or they can punish and track people and burn out our options and gain credit for themselves which we actually see what actually happened with the burdens now this portion working together with other projects to accomplish it is very receipt I know we all in satisfaction fixed the zero point our experience with this full zero point of view was so bad that we really didn't like in the future we might not be able to elaborate which is just very sad but it's a you know there's a little like a breach of trust so you have to carry the machine so communicators we have a certain people that really talked to the community and PR of infrastructure and their tool itself and to the community of course we need to try to get as much as possible to let them know that there's a problem but again we kind of studied the information and at least one of them fixed the problem and you know totally sort of block it out and we also need to make sure that oh my god there's all this speculation about getting money and trying to really impact the trial of the project now the thing that's really important is the the engagement of a media and PR when something goes wrong you really need to be proactive not just reactive and made a mistake before it kind of just reacted to the problem and in this part of the case when we need to have a problem we need to have a problem we need to have a problem and we really wanted to make sure you got the portrayal of the problem correctly now just to give you an example of something that went really wrong so remember those two bars that we found previously that were not that critical which was probably the zero points we found on the profit then I started to approach all this media I found a picture floor on a zero point and the problem was that we had to engage him actually find this board that we had attached it which was actually scheduled for activation and what had happened was all the rules were saying critical forms zero points this thing kind of fixed and actually as I mentioned it is actually really difficult to think about the trick so it's really important to just proactively reach out instead of waiting for people to crack them now with any structure of course you know it's always a little bit decentralized approach meaning stakeholders ask actually to exchange the mining pools and we're going to make sure we open up a good amount of communications to get to that point this is emergency out there at least you know they trust us enough to take it it's not the best thing but we need to have a good deal of information about that and the most thing that I guess is true to code we need to communicate through code remember every single sort of fix that we would have to be committed to the source code before we can actually make a release and one way to do it that I guess is to do one which is the Zcash which is basically wait for a huge copy and if I'll sneak the fix in there's something like a drawback to that because that means you need to be open for a much longer period or that's what we did kind of downplay it so for example I did that I said oh this part we fixed the part that saw T-dolls but then actually it was a source of information about so what we did was to downplay it fix and we committed it to a github so that it doesn't be like a new design and it's all handy but later on it will possibly be disclosed so the last one I guess is the caution you know we trust Verify and give it a start understanding the protocol is quite different than being a github and the zero control is actually quite tricky to find the protocol is getting rather old you know people are a little bit cryptographers from different projects looking at it no one saw every product okay and unless you actually pointed it and said it something wrong there so the keys were actually really analyzed and that was the caution of it now don't be in a rush to be calling especially when it seems much better this is something we have been giving off for example our proof of hold there was a new paper that promised to be better than the actual thing and what happened and we spent about 8 to 10 months trying to build this up and develop it 2 weeks before launch there was actually a paper that said our MPP is broken we can attack it in this way and can you imagine that we just showed 1 or 2 years ago so we had to invest in more research to actually fix it to another year to get the paper out and deploy it fixed and I think it's exactly rather than looking at new shiny things to wait for the development I mean it seems really obvious now but you know it's very competitive and what are you doing what are you doing is quite take on most sexy technology the other thing I would say is that considering that you can set the rate with a limit that can slowly last so for example in Zephyr we actually have a limit of let's say like 500 or Zephyr from long it could be spent it's almost like similar or maybe a random loss of tax I think this is quite especially what you're doing with Zephyr technology it's probably why it has some some sort of limiters in place and I guess that actually saved us so that a lot of people limit the damage that you can just create like 1 billion points about that but it's not ideal and it has to be you know it's just one of the many fixes that you can do but we have to be very very careful and not intuitively synchronization why I'm actually personally really against sports because basically the developer who has the key to be able to turn off functionality and I think especially as a privacy point that's hard to adapt to like a law enforcement or like a governance entity goes to that turn off privacy I think that's what I'll go out so let's quickly want to replace the Zephyr coin we are currently which is based on much attractive papers in areas similar like the construction is relatively simple and areas similar portion has security proof and it works because every time a Zephyr coin exists it's a different photography and it's a lot smaller it's different small proof sizes and it also doesn't have such a setup so this is already currently deployed on more natural life and it's like energy life that is what I heard it further expands over time and it minors the meat for burning and that actually can fix the normal nature by adding a lot as well we also have the ability to have anonymous hands that you don't have to keep repeating back to the base later but it requires a self-span it's a problem that we're looking for and it's a if the lack is to be able to consider to be deployed on natural this is a problem that needs to be solved so we're narrowing the proposal so that the lack is kind of different at all as the point of time to use it so I'm narrowing it if I'm not correct but it depends on you like a new lodge it's like a thousand or so the way that Z-points in Canada use this as like a similar zero-point or a new building so it's different approaches but also in the same analogy so this is a quick comparison of the area that has a bit of errors in some of the proofs sizes so just to solve the whole view of the different processing mechanisms so as you can see when I saw most of the issues of the non-bittyside size which is something that is active research I think that needs to be corrected is that in the lattice and sigma the proof sizes when all the proofs including the real proofs is about 3 to 4 to the bytes we can also our data so it's about similar to narrow and I think everything else is relatively correct you can take a look at all of that as we're on this point of time for all of this stuff so yeah we can find more you know where we are in Canada we need to be able to find more of the lattice on the left side we have a zoom we can get them all so yeah it's already blocked so right now originally we did think about having the lattice on q1 to n20 but after this incident maybe we should slow down a bit and that may be a white choice but we do have to put the graph because it's very little and hopefully we can share some of that as well but right now I would say that we're kind of patting on sigma and intro everything is quite identity we also need to do more of that but then I think maybe about one or two months time the lattice development will be stuck in again so that's patting on a lot you know with a great touch we actually probably shall also have done to assign the before beginning open source ok thank you very much