Zcash Overwinter Consensus and Sapling Cryptography Review
Executive Summary
In the spring of 2018, The Zerocoin Electric Coin Company engaged NCC Group to perform a two-pronged review of recent changes to the Zcash cryptocurrency. The first prong focused on updates to the Overwinter consensus code, such as architectural changes facilitating future network upgrades, and new features, such as transaction expiry. The second prong concentrated on the implementation of the cryptographic primitives used in the cryptocurrency’s Sapling release. This release brings a number of changes to Zcash, including changes to core cryptographic components such as the underlying elliptic curves, shielded transaction structure, and signature scheme.
The Overwinter portion of the engagement consisted of 20 person-days split between two consultants, taking place between March 26 and April 6, 2018. The cryptographic review of the Sapling primitives’ implementation consisted of 20 person-days split between four consultants. It ran from May 7 to May 18, 2018. The changes to the Overwinter portion are written in C++, whereas Sapling cryptographic primitives are implemented in Rust. Retesting was completed on September 4 and 5, 2018.