CTF Written Submission

Zack Tickman

Dec. 16, 2025

Zcash and Aleo rely on zkSNARKs requiring a “trusted setup,” which introduces a permanent trust assumption. If the setup’s entropy (“toxic waste”) is not securely destroyed, it could allow undetectable token counterfeiting, undermining supply integrity.
Zcash’s opt-in privacy model results in most transactions being transparent, enabling deanonymization through statistical analysis. This undermines its claim to privacy-preserving status and exposes users to surveillance risks.
Aleo’s programmable privacy increases protocol complexity, which has led to real-world data leaks (e.g., unencrypted KYC data). This complexity heightens the likelihood of implementation flaws, expanding the attack surface and compromising user privacy.

Last Reviewed or Updated: Dec. 16, 2025

More in this Section