Taylor Hornby
8 years ago
2 changed files with 33 additions and 0 deletions
@ -0,0 +1,26 @@ |
|||
Security Warnings |
|||
==================== |
|||
|
|||
Security Audit |
|||
-------------- |
|||
|
|||
Zcash has not yet been subjected to a formal third-party security review. This |
|||
section will be updated with links to security audit reports in the future. |
|||
|
|||
Side-Channel Attacks |
|||
-------------------- |
|||
|
|||
This implementation of Zcash is not resistant to side-channel attacks. You |
|||
should assume other unprivileged users running on the same hardware as your |
|||
`zcashd` process will be able to: |
|||
|
|||
- Determine which note your are spending by observing cache side-channels as you |
|||
perform a JoinSplit operation. This is due to probable side-channel leakage in |
|||
the libsnark proving machinery. |
|||
|
|||
- Determine which notes you own by observing cache side-channel information |
|||
leakage from the incremental witnesses as they are updated with new notes. |
|||
|
|||
You should ensure no other users have the ability to execute code (even |
|||
unprivileged) on the hardware your `zcashd` process runs on until these |
|||
vulnerabilities are fully analyzed and fixed. |
Loading…
Reference in new issue