A well audited and solid Lelantus implementation is critical for Zcoin. A vulnerability in Lelantus may result in a break of anonymity or hidden inflation of supply. We are seeking funds for a third party code audit of Lelantus cryptography and implementation.
While the core team has renewed development funding post halving, this comes into effect only in September and even then assuming similar market conditions, would have a significant impact on the Core Team’s reserve funds that are used to tide over challenging market conditions.
From our discussions with various code audit companies (for e.g. Trail of Bits, SmartDEC), a reasonably comprehensive review of the Lelantus cryptographic library and the wallet implementation code will cost around USD64,000. We will update this proposal from time to time to reflect the actual cost.
Scope of Audit
A smaller scope that just covers the implementation without going into the cryptography would be quite a bit cheaper but if the budget permits, it makes more sense to have a reasonable coverage of both.
We intend to cover the following in the audit but will subject to change depending on amount raised and finalized quotes.
Lelantus cryptographic library
Lelantus RPC functions
Wallet functionality in relation to Lelantus
Wallet database in relation to Lelantus
Lelantus state
Accepting Lelantus transactions into mempool, block connection and disconnection, etc
Miner related changes
Transaction and auxiliary structures
HD Lelantus mints.
Evaluation of Lelantus cryptography as described in paper
Timeframe
We hope to begin audit in July and the code review is espected to take about 2-4 weeks after which we will take another few weeks to incorporate the fixes as recommended by the audit. The results of the audit will be made public.
Excess Funds
Should the code audit be cheaper than anticipated, the balance will be kept for future code audits which may be required as we will be implementing Lelantus Direct Anonymous Payments after the initial deployment of Lelantus and/or our code bounty program.
Should the core team have excess funds we will also contribute towards this proposal and disclose these amounts.
Acknowledgement of Donation
Should you wish to be named as a donator in the audit, you can optionally let us know and we will include your name/organization name in any announcement relating to the Lelantus code audit.
An audit is vital for the continued unhindered operations of the project, this both from a logistical and technical standpoint.
On the operational side, a significant number of high-end exchanges, payment processors, services and funds are starting to filter the projects they work with through the “security” criterion which is defined as audits, and third party review. By being able to say that the Lelantus is both cryptographically and implementation secure, we can backstop any potential arguments about security brought up by previous incidents related to Zerocoin.
On the technical side, a security audit will provide vital insight on the current state of the implementation with the potential findings allowing for a more solid foundation in practice when developing atop, iterating and pressure testing the implementation.
Personally if it’s a choice between SmartDEC & Trail of Bits, I would lean toward Trail of Bits, I had the pleasure of attending their CEO, Dan’s talk at CESC in SF, and had the pleasure of being introduced to him recently, his team’s skillset in the arena of Zero Knowledge Proofs, Blockchain Audits, and General Code Healthiness is unparalleled. Their previous work in the space in relation to Zcash, and other projects in the privacy space act as a vouch. Their work with DARPA is also pretty relevant as well :).
Just to add, Trail of Bits came back with a more detailed code that recommended it be brought up to 6 engineer weeks which would mean 96k USD. We are in the process of exploring a reduced scope audit to bring it back to 4 engineer weeks and will update once we hear from them.
SmartDEC’s proposal would be significantly cheaper (5.5x cheaper) but would mainly cover coding practice, potential issues and correct implementation rather than the cryptographic security of Lelantus. The audit will be covered by Lenar Safin.
This is the scope of SmartDEC’s proposal:
We will check the correctness of the implementation of the protocol,
We will check the code in the fork (the crypto library and the implementation):
its correctness, reliability in support;
whether the code is following the best coding standards;
we will give the general recommendations regarding further development of the codebase;
as a side effect, we will check the dependencies and scan the overall system for the critical vulnerabilities using the automated analysis. Nevertheless, this won’t be the main aim of the audit and be more of a bonus.
We will prepare the official private audit report in PDF format.
After your development team fixes the issues we find in the private report, we check that the fixes are applied properly.
After this we prepare the final retrospective public audit report that reflects the interaction of your team and SmartDec. You can check our latest public audit for Grin++ as an example of how the result looks like.
Trail of Bits Proposal is as follows:
Security review of the Customer source code through a combination of manual and automated review. Activities include but are not limited to:
Review of the Lelantus cryptographic paper and reconciliation of implementation against the proposed design with a focus on concerns around deanonymization
Review of the wrappers around the secp256k1 code and integration with bitcoin core to verify that modifications do not allow arbitrary coin minting, etc
Apply a comprehensive suite of tools to quickly and automatically uncover bugs
Review the architecture of the system for design flaws
Perform detailed manual code review
Review of cryptographic libraries, APIs, algorithms, and cipher modes
Review of possible weaknesses and exposure to cryptographic attacks
Identify security and correctness properties
Related services as requested by Customer or recommended by Trail of Bits
Best-effort guidance after the project. After the project concludes, Trail of Bits will make its best efforts to address security questions that arise via email
Funds permitting, I would prefer to go for a Trail of Bits audit purely because it addresses the main concerns we are worried about which is deanonymization and coin inflation due to bugs/flaws be it in code or cryptography. SmartDec’s proposal would probably cover the more obvious easy to find flaws but would possibly miss the type of attacks that we experienced with Zerocoin.
A quality audit is essential to the roll-out of Lelantus. Being that this is a much anticipated protocol I would lean towards the audit company that will address our main concerns. I’m not as technically savvy when it comes to these audit companies, but it seems the consensus so far is Trail of Bits (ToB). If ToB provides the quality audit we need I’d say we choose them.
I’m in support of a high quality audit. I don’t believe cheaping out on audits is appropriate. I’m no expert in audit firms but Trail of Bits, although an expensive option, seems like a great choice.
In a public chatroom, Ian Miers, the co-author of Zerocoin and Zerocash actually said that “Assuming the crypto is right and audited(big assumptions), it’s [Lelantus] an interesting trade-off to Zcash, if done right”. Lelantus technology is groundbreaking and competitive and we should ensure that our code and implementation do justice to the technology which an audit by a top tier firm would help greatly.
Trail of Bits have gotten back to us with two reduced scope options to fit within the budget:
Option A 2 engineer-weeks:
A focused assessment of the cryptographic library against the paper without providing opinion on quality or correctness. This will ensure you are doing your due diligence:
Review of the cryptographic library implementation and reconciliation against the Lelantus paper with a focus on:
Confirming the code implements what the paper proposes
Opinion on paper quality or correctness will not be provided
Concerns around deanonymization
Failure of the protocol/code that would allow coins to be created out of thin air (inflation)
Provide a summary document at the end of the review with a short discussion of what was done, what was found, and the point in time maturity of the project
Option B 4 engineer-weeks:
Reviewing the cryptographic library and wallet implementation getting as much done as possible within the timeframe. The more time we have, the deeper we can dig. This review would include:
Review of the cryptographic library implementation and reconciliation against the Lelantus paper with a focus on:
Confirming the code implements what the paper proposes
Opinion on paper quality or correctness will not be provided
Concerns around deanonymization
Failure of the protocol/code that would allow coins to be created out of thin air (inflation)
Review of the wrappers around the secp256k1 code and integration with bitcoin core to verify that modifications do not allow arbitrary coin minting, et cetera
Full report: 10+ page report that includes extensive detail on issues discovered
Just to give a quick update. First of all thanks so much to everyone who has donated thus far! The support you have shown has touched us.
We are still quite a long way from our target but we hope to raise more funds but we cannot wait too long on this so we’ve started going on a limited scope audit as follows:
We have engaged Trail of Bits for 2 engineer weeks to do a security review of the implementation of their privacy protocol Lelantus (lelantus.io) through a combination of manual and automated review. Activities include but are not limited to:
Review of the cryptographic library implementation and reconciliation against the Lelantus paper with a focus on:
Confirming the code implements what the paper proposes
Opinion on paper quality or correctness will not be provided
Concerns around deanonymization
Failure of the protocol/code that would allow coins to be created out of thin air (inflation)
Apply a comprehensive suite of tools to quickly and automatically uncover bugs
Review the architecture of the system for design flaws
Wallet implementation and crypto library code without checking it for correctness (since this is covered by Trail of Bits)
Audit will be carried out by Lenar Safin
This will cost us USD14,000
We are also in talks with two cryptographers who will work as a team to audit the Lelantus paper itself. They can begin in July. We are still in discussion of the fee but this is also really dependent on whether we can raise the necessary.
We are taking a risk here if the current donation level stays here as these will significantly exhaust the team’s rainy day fund leaving us a bit vulnerable to price shocks. Please do contribute what you can thank you!