My only critique would be a little more on who (potentially) benefits and who is harmed by the possible exploit just to shed a little more light on “why”, but otherwise good
Thanks for your feedback! Can you please elaborate on what you feel is unclear? What do you understand and what do you not understand?
Like I said not much perhaps just a link to here which is the details of CVE-2019-7167
Link added, thanks for the recommendation.
Thanks for sharing, I would like to note a few things:
- There is a fundamental friction between Privacy (P) and Supply Integrity (SI)
- ZCash is a network of money, money with privacy.
- The extent to which shielded users are affected by transparent migrations is an open question ^1.
- Everyone benefits from transparent migrations ^2
Now to elaborate,
^1: I am not familiar with the state-of-the-art on how vulnerable the network is, so please correct me if I’m wrong, but how bad is this really? I sync a full-node somewhere, encapsulate traffic, broadcast migration (maybe in chunks and over time) and then GTFO cleaning after me. Maybe I do these steps locally or offline (?) and use a third-party service for the broadcast part (send a usb key? disclose through Tor?) etc. Correct me if I’m wrong but there are lots of ways to mitigate surveillance of network activity.
And the problem gets easier to solve when the UX-part gets nailed down. I believe making the blockchain succinct is on the horizon for ZCash (?). That line of effort alone can do a lot. Reducing the operational complexity and cost of operating a full node will free a lot of room for defensive measures and privacy at the network level.
^2: As I understand it, your line of reasoning is that t-users benefit from migrations because 1/ they are not at risk of having their coin frozen in case of a supply leakage 2/ privacy is not a concern for them. From there you conclude that shielded users do not benefit because 1/ they are at risk of compromising their privacy (suppose) 2/ they shoulder a risk of getting their coins frozen in case of supply leakage.
But you forget to mention that in fact everyone benefits from derisking the Zcash supply integrity and moving the intra-adoption of newer ZCash technology.
If ZEC get counterfeited, then we are going to zero at a speed directly proportional to the extent the bug has been abused. Whether the “benefit - cost” of a migration is negative or positive is highly user specific and I wager that for the overwhelming majority of people it is positive and the privacy cost can be addressed.
tl;dr - keep de-risking shielded pools. Supply Integrity is paramount. In ZCash, Privacy is a property of the interactions and state of users’ balance and identity. It all comes crashing down if the underlying is worthless. SI is the bedrock on which it builds. Hard private money.
LMK what are your thoughts
“You lost access to all of your funds, but just think of the overall benefit to the asset” wouldn’t be much consolation.
And whether or not the privacy issues can be addressed in the future, they weren’t for the first migration.
It’s not about consolation but damage control. I acknowledge the friction between SI and P. But you can let everyone arbitrage what’s best for them. Also the fact that we can improve the process to make the P cost very small is important because that means that shouldering the risk of staying in a deprecated shielded pool is not worth it.
There are no perfect solution but “stopping migrations” does no one a favour. Shielded funds are still worthless in case of leakage supply and risk increase for all the other users.
For what it’s worth, I see your points. However, I agree with @sgp that regardless of how you feel about the balance of privacy and supply integrity guarantees, the Sprout-Sapling migration was handled very poorly from a user safety and experience perspective. Should the community decide a future migration is worth it, I hope that there is much more research and engineering work conducted, as well as more comprehensive user education.