Public Report – Electric Coin Company NU4 Cryptographic Specification and Implementation Review

In June 2020, the Electric Coin Company engaged NCC Group to conduct a security review of the six Zcash Improvement Proposals (ZIPs) that constitute the core of the upcoming Canopy (https://z.cash/upgrade/canopy/) upgrade (also called “NU4”) to the Zcash network. This upgrade coincides with the first Zcash halving and will initiate a new development fund for the next four years. The audit was meant to identify vulnerabilities that may result from application of the ZIPs, including consensus breaches induced by diverging implementations arising from incomplete or unclear specifications. NCC Group assigned three consultants to the specification audit for a total of eight person-days.

In a continuation of this effort, NCC Group was tasked with reviewing the implementation of the six aforementioned ZIPs in August 2020. The audit was meant to assess the consistency of the implementation with the proposed changes in the protocol specification, identify vulnerabilities that may have been introduced, as well as review general programming practices. NCC Group assigned two consultants to the implementation audit for a total of eight person-days.


The Public Report for this work may be downloaded below.


The announcement blog post from Electric Coin Company is available here:

https://electriccoin.co/blog/canopy-security-assessment-complete/


[Editor’s note: This post was modified September 8 2020 to include a link to the Zcash blog post].