I remember the shadowcash team denying shen's bounty (a "how dare he make this public!" response) and then claiming their test results came back fine--my memory isn't that short (your participation in the events is overshadowed by the group's response--maybe get a better crew).
And just for the record: are you a cryptographer?
@icebreaker, I seem to remember you had a rundown of this fiasco.
I'll help you refresh your memory.
https://blog.shadowproject.io/2016/02/12/deanonymize-shadow/We didn't claim our "test results came back fine", we claimed that after 10 hours of messing with OpenSSL libs that we hadn't been able to confirm that the vulnerability was a fact.
This was because our cryptographer wasn't online at the time.
I'm not a cryptographer in the sense that I can create my own cryptographic schemes, but I am capable of comprehending the inner workings of elliptic curve cryptography and most cryptographic schemes that involve diffie-hellman key exchanges at their core. As I programmer I am capable of working with cryptographic libraries and implementing well-documented schemes.
I'll also point that the bug in our system also corresponds to the poorly documented schematics in the inititial CryptoNote whitepaper surrounding the way keyImages are created.
The documentation was so bad that Shen even had to do a second writeup about how they indeterministically map hashes to the curve,
https://github.com/ShenNoether/ge_fromfe_writeup/blob/master/ge_fromfe.pdfThe bug was something very small that could've been easily overlooked by anyone doing an implementation based on that paper, but the effects were rather big on the other hand.
Also just FYI, most of the transactions happening on Shadow are still public transactions due to exchanges. On top of that there was only a small portion of ring signature compared to the vast amount of tokens. Of the tokens in existance something < 25% was affected because most HODLers don't move their coins around.
We also never denied Shen his right to the bounty, we did question the applicability but in the end we decided to pay it out. I took 4 days to confirm he was eligible for the bounty and compared to other bounty programs that's rather fast.
--
On the other hand I am confident that our ring signature scheme is secure now, the crucial part in all ring signatures is the keyImage and those have had a thorough review.
The forming of the actual "ring" is not as error-prone as the keyImage and is harder to "fuck up".