Kleptographic Backdoor

Are there proofs available that confirm that ZEC’s elliptic curves have not be compromised by a kleptographic backdoor as was the case with Dual EC DRBG?

Compromising the security of the MPC would require having compromised ALL these peoples secret input
( which would be (even proactively i.e time travel) difficult because if you read some of the attestations youll see some of them don’t even know what their input was, not even a Truthsayer could figure it out!)

1 Like

The Powers of Tau MPC was conducted to address your concern which is not unique, honestly I dont know who the idea of “trust” at all bothers more than the devs here (see Halo), but basically backdoors are unethical and the likes of which bother them even more

1 Like

The backdoor in Dual_EC_DRBG involved choosing system parameters so that a discrete log between two points that were supposed to be independent, was known to the NSA. This is specifically prevented in Zcash Sapling by choosing bases using hashing to the curve; see GroupHash in the protocol spec. (In Sprout this issue didn’t arise.)

Incidentally, Dual_EC_DRBG was –I won’t pull any punches here– a really shit cryptographic design (including having obvious biases in its output), even independent of the backdoor. Both that and the potential backdoor were pointed out publicly soon after it was proposed.

Certainly if anything like that had been used in Sprout or proposed for Sapling, it would have been caught by the auditors.