If to postulate infinite resources are used against anything, well, how can it have a chance?
I prefer to be realistic and trust that the technical competency of the zcash team is high enough that they wont be fooled into running contaminated compilers, which seems to be the main theory of how zcash will be compromised.
https://z.cash/blog/snark-parameters.htmlhttp://diyhpl.us/~bryan/papers2/bitcoin/snarks/Secure%20sampling%20of%20public%20parameters%20for%20succinct%20zero%20knowledge%20proofs.pdfThere’s a kind of “cryptographic toxic waste”, which if it were to be created and exploited, would allow the attacker to counterfeit currency (although it wouldn’t allow them to violate anyone’s privacy). Our plan to prevent that uses a secure multiparty computation in which a set of well-known people each contribute, in such a way that if any one of them successfully destroys their shard, then the cryptographic toxic waste can never come into existence. We’re also working on other potential long-term defenses against risks like this.
My assessment is that the probability of zcash parameters being compromised are much smaller than ring signatures being deanonymized via brute force statistical correlations.
You need to put things in perspective. Knowing the zcash devs, I put zero probability that ALL of them are govt operatives. And it would require all of them to be cooperating. So, what is required is that all of their systems are compromised without their knowing about it. Now there are not just the average joe computer users, they are arguably the most skilled in the field and all of them will be fooled into using compromised setups?
Please, let us be realistic. Even in this horror of horrors, we end up with a situation that is similar to fiat system where new supply is created without controls. However, anybody with the resources to do this can already print money and the failure mode is not loss of privacy, but loss of control over the money supply.
So, using the logic that an uneconomic attack is not a real attack, I dont worry much about this "attack" vector. By the way, if we ignore uneconomic attacks, all of crypto is vulnerable as you can brute force every single privkey given enough resources, might take a few decades and the entire output of the silicon industry, but when costs dont matter, such details can be ignored
Also, based on the initial market price point we are seeing on bitmex, most people are not overly concerned over this. Basically anybody that is willing to use any centralized system is taking much much greater risks than this "compromise zcash" attack chances
tl:dr I trust daira will not generate params on a compromised setup
