WE WEREN'T JOKING. THERE WERE WARNINGS THAT THIS WAS BUGGY PROTOTYPE CODE AND YOU USED IT ANYWAY. SO WE'VE TAKEN AWAY THE MAKEFILE. THIS CODE IS ABANDONED (AND HAS BEEN SINCE 2014)
THIS CODE IS UNMAINTAINED AND HAS KNOWN EXPLOITS. DO NOT USE IT.
THERE ARE DOWNSTREAM COPIES THAT MIGHT HAVE BETTER SECURITY. THEN AGAIN, SOME PROJECTS COPIED THE CODE VERBATIM COMPLETE WITH THE BELOW WARNING, SO CAVEAT EMPTOR.
The successor protocol that has undergone substaintial cryptographic and code review is Zerocash/Zcash. More can be found at https://github.com/zcash. We strongly suggest you use that instead. It is also open source.
libzerocoin WAS a C++ library that implemented the core cryptographic routines of the Zerocoin protocol. Zerocoin is a distributed anonymous cash extension for Bitcoin-type (hash chain based) protocols. The protocol uses zero knowledge proofs to implement a fully decentralized coin laundry.
The Zerocoin protocol is provably secure and uses well-studied cryptographic primitives. For a complete description of the protocol, see our white paper published in the IEEE Security & Privacy Symposium (2013) below.
THIS IS DEVELOPMENT SOFTWARE. WE DON'T CERTIFY IT FOR PRODUCTION USE. WE ARE RELEASING THIS DEV VERSION FOR THE COMMUNITY TO EXAMINE, TEST AND (PROBABLY) BREAK. IF YOU SEE SOMETHING, SAY SOMETHING! IN THE COMING WEEKS WE WILL LIKELY MAKE CHANGES TO THE WIRE PROTOCOL THAT COULD BREAK CLIENT COMPATIBILITY. SEE HOW TO CONTRIBUTE FOR A LIST OF WAYS YOU CAN HELP US.
NO, SERIOUSLY. THE ABOVE WARNING IS NOT JUST BOILERPLATE. THIS REALLY IS DEVELOPMENT CODE AND WE'RE STILL ACTIVELY LOOKING FOR THE THINGS WE'VE INEVITABLY DONE WRONG. PLEASE DON'T BE SURPRISED IF YOU FIND OUT WE MISSED SOMETHING FUNDAMENTAL. WE WILL BE TESTING AND IMPROVING IT OVER THE COMING WEEKS.
WARNING WARNING WARNING
WE'RE NOT JOKING. DON'T MAKE US PULL AN ADAM LANGLEY AND TAKE AWAY THE MAKEFILE.
Overview of the Library
libzerocoin implements the core cryptographic operations of Zerocoin. These include:
- Parameter generation
- Coin generation ("Minting")
- Coin spending (generation of a zero knowledge proof)
- Accumulator calculation
- Coin and spend proof verification
This library does not implement the full Zerocoin protocol. In addition to the above cryptographic routines, a full Zerocoin implementation requires several specialized Zerocoin messages, double spending checks, and some additional coin redemption logic that must be supported by all clients in the network. libzerocoin does not provide routines to support these functions, although we do provide an overview on the Integrating with Bitcoin clients page.