Cross-ecosystem collaboration on the Zcash Protocol has never been stronger. In that spirit, various participants came together at the recent Z|ECC Summit to form a shared protocol roadmap for the next 18 months. This roadmap is based on the best estimates from members of Qedit, Shielded Labs, the Zcash Foundation, and the ECC team.
Please note that these estimates reflect current knowledge and are specific to the Zcash protocol itself. Dates may shift due to ecosystem feedback, audit findings, or other unknowns.
Special thanks to the Zcash Foundation team for helping to mitigate NU7 schedule risk by volunteering to Dockerize and get early ecosystem feedback on the new zebrad and Zallet-based protocol stack.
Additionally, ECC published its Q3 plans for our specific work on Zcash and Zashi, which is available at Roadmap - Electric Coin Company.
@daira and @joshs. I’m trying to get a better understanding of the NU7 timeline. I assume all features and associated ZIPs will require audits, as well as Zallet and Zaino, but I don’t see that reflected on the roadmap above. Will there need to be individual audits for each feature as well as a more comprehensive audit of Zebra as a whole? I also assume these will be conducted by qualified third-party security firms, but will ECC or ZF also perform internal reviews in addition to those audits? I’m trying to understand what’s required and how and when it all fits into the timeline.
For Crosslink, Shielded Labs has reserved Q3 2026 for implementation audits.
The need for an additional specification audit of ZSAs + quantum recoverability is in fact reflected on the roadmap; it’s the “Quantum-resilient ZEC/ZSA audit” scheduled for September/October. [Edit: the terminology has changed from “quantum resilient” to “quantum recoverable”.] The quantum recoverability changes, although by construction they are extremely unlikely to cause any new security problem, require expert review by specialists in post-quantum crypto (who we are in contact with) in order to check that they will achieve the desired recoverability goals.
There has also been a review of the OrchardZSA protocol by Least Authority. I don’t think it’s enough on its own; tbh I was a little disappointed with the shallowness of review. It’s always possible that they didn’t find problems because there was nothing to find, but I’m skeptical. Compare, for example, with the deep thoroughness of Qedit’s audit of NU5, which did indirectly lead to us finding a soundness problem that was then fixed.
My current view is that the ECC engineers who are most familiar with circuit construction (str4d and I) will simply have to spend more time and effort on reviewing this code than we’d originally planned for.
ECC is part-way through our review/internal audit of the OrchardZSA implementation. We have reviewed changes to halo2_proofs and halo2_gadgets, and the orchard changes are next on our plate.
Yes, other features that are part of NU7 (memo bundles and the v6 transaction format primarily) will need to be audited. I expect that will probably end up being in January (which is why it’s not on the timeline), because it’s difficult to schedule things for December due to the holidays.
Congrats on the amazing progress on Zashi and beyond! I’m catching up on Zcash. Is the roadmap image in this post still the latest, or has it been updated?
