Today we’re announcing the release of Zcash 1.0.2 which fixes a bug that prevented creating transactions to multiple shielded recipient addresses. This is an implementation bug in the zcashd wallet which does not impact the consensus protocol.
The list of changes included in this release:
- We fixed a bug to ensure that JoinSplit transactions to multiple z-addresses will succeed. (#1790)
- We changed z_sendmany to check if the size of a transaction for a given number of outputs will be valid. (#1808)
- We fixed a bug that could crash the miner when it was interrupted. (#1778)
- Community contributors helped improve our documentation. (#1765, #1763)
We’re encouraging all users and miners to update to this new version. See our download page and the 1.0 User Guide for more information.
For a more complete list of changes, see our 1.0.2 github milestone. To follow our progress, watch the GitHub project and join the forum.
Background
JoinSplits encapsulate zero-knowledge value transfer and have two private inputs and two private outputs. Multiple JoinSplits may be chained into a single transaction in order to spend more than two private inputs and/or send to more than two private outputs. The order of inputs and outputs can be a subtle information leak to private recipients (see #778). A patch to fix this information leak (#1561) in our 1.0.0-rc2 release randomizes the input and output orderings, but in doing so failed to permute the necessary commitment witnesses in the same manner as the private inputs. In this release we’ve temporarily disabled input/output order randomization (#1790).