Arculus Cold Storage Wallet Zcash Shielded Transaction Support

link: ZF Grants - Arculus Cold Storage Wallet Zcash Shielded Transaction Support

Description of Problem or Opportunity

Orchard shielded transaction support is an important factor in Zcash wallets. However, most hardware wallets that currently support shielded transactions are not the most transaction friendly hardware wallet.

The Arculus cold storage hardware wallet system is designed to bring the security of a cold storage wallet with the usability of a hot wallet. Designed to be highly transactional, our metal, credit card form factor wallet signs transactions with just a tap. Our mobile wallet apps send an unsigned transaction over encrypted NFC, and the secure element sends back the signed transaction over encrypted NFC to be broadcast to the public chain.

No charging, no plugging, no waiting. Carry-in-wallet.

We believe that Zcash plays a crucial role in driving innovation within the cryptocurrency industry. With that in mind, we aim to promote widespread adoption of shielded transactions by allowing users to securely store their shielded funds on the user-friendly and intuitive Arculus wallet.

Proposed Solution

Subject of this grant is full Arculus ecosystem support for Zcash and Zcash Orchard (ZIP-224) shielded transactions.

Solution Format

New code added to our frontend, backend, and UI.

Technical Approach

The component of the Arculus key card’s firmware that relates to Zcash will be extended to fully support Zcash Orchard shielded transactions.

Our developers will integrate backend, front end, UI changes, and node efforts to have a successful shielded user experience for ZCash.

For a technically detailed look at steps for integration, please see milestones.

Unintended Consequences Downsides

We don’t expect any hardships in this process. It’s possible, during testing, that unknown factors come up, and as usual we will iron out any bugs and release to our B2C and B2B wallet partners a fully functional update providing Zcash and shielded transaction capability.

Evaluation plan

We offer an active communication channel via Slack to ensure smooth collaboration throughout the project. This platform enables seamless reporting of any changes, roadblocks, or updates, allowing us to maintain clear progress tracking. We can also report progress within this thread.

Upon project completion, our Arculus wallet empowers users with the ability to receive, store, spend, and manage their shielded and transparent Zcash funds. (Comprehensive control over Zcash assets.)

Budget and Payout Timeline

Considering the duration, complexity, and value of the project, we have devised a proposed framework with a rate of $19,011.8 USD per month of work. As the project spans 12 months, the total cost amounts to $228,141.6 USD.

For payment distribution and timeline details, please refer to the milestones outlined below.


Milestone 1 - estimated completion date:


Milestone 1 - USD value of payout upon completion of deliverables:


Deliverable 1.1

Basic project structure • zk-SNARKs protocol and other primitives implementation • Unit tests of these primitives.

Milestone 2 - estimated completion date:


Milestone 2 - USD value of payout upon completion of deliverables:


Deliverable 2.1

Adding Zcash to mobile environment (shielded and unshielded txns) • ZIP32 Orchard shielded addresses generation • Unified addresses (transparent + Orchard) • Viewing a unified address on display

Milestone 3 - USD value of payout upon completion of deliverables:


Milestone 3 - estimated completion date:


Deliverable 3.1

  1. Add Orchard (Shielded) key generation to the Arculus Key Card hardware.
  2. Incorporate necessary cryptographic functions: PRFexpand, PRFockOrchard, and PRPd.
  3. Implement the Orchard-specific key derivation function for deriving internal keys.
  4. Include the key agreement scheme for secure key exchange.
  5. Implement the commitments scheme for generating commitments.
  6. Integrate the DiversifyHashOrchard function for diversifying payment addresses.
  7. Implement the signature scheme for creating spend authorization signatures.
  8. Utilize conversion functions for proper byte sequence conversions.
  9. Ensure randomness and uniformity in key generation and utilization based on specified algorithms and constraints outlined in the Zcash Protocol Specification.

Milestone 4 - USD value of payout upon completion of deliverables:


Milestone 4 - estimated completion date:


Deliverable 4.1

  1. Add Orchard (Shielded) signing capability to the Arculus Key Card.
  2. Implement Orchard spending key and derived key generation.
  3. Incorporate PRFexpand for key derivation and randomness generation.
  4. Include KAOrchard for secure key exchange.
  5. Implement diversified address generation with DiversifyHashOrchard.
  6. Support value commitment and note commitment operations.
  7. Enable creation of spend authorization signatures for Orchard notes.
  8. Implement balance and binding signature scheme for note value verification.
  9. Incorporate encryption and decryption operations for Orchard notes with outgoing viewing keys.
  10. Generate proof for Action statements in Orchard transactions.

Milestone 5 - estimated completion date:


Milestone 5 - USD value of payout upon completion of deliverables:


Deliverable 5.1

Write project report • Prepare and coordinate submission • Review and release to public

Total proposed USD value of grant:

$228141.60 USD

Arculus’ WhitePaper


Hi @JonahatArculus - Welcome to the forum, and thank you for submitting your grant proposal! We will review it in the upcoming weeks and reach out if we have any questions.

In the meantime, if you have any questions for us, you can post them to this thread or DM us at @ZcashGrants.

Zcash Community - We want to hear your feedback on this grant! You can post your comments to this thread or DM us at @ZcashGrants if you’d like to provide feedback in private.


1 Like

You are kinda mixing sapling and orchard in the description of the tasks, so it is not clear what pool you are targeting… It’d be good to know the hardware specifications of the card to determine if doing all these calculations on the card is possible.


Ah! You are correct. Thank you for pointing that out to me, I need to revise.

As for hardware specs, we believe it’s possible but it’s part of the investigation. 32-bit ARM® SecurCore® SC300™ core with FAME accelerator for crypto ops. To reiterate, this is not a standard micro, but a secure element chip (US passport grade.)

We’ve tried Arculus before and agree with simplifying the hardware wallet experience. However, we have concerns about using public grants to support private companies and proprietary integrations. Will any of the software be released under open-source licenses?


Necessary edits have been made, please see my previous replied comment for hardware specs.

Does Arculus only support US customers?
Nobody else can use it?

It seems that you plan to perform synchronization and zk proof generation on the card. If that’s the case, the hardware does not have enough compute and memory capability by a long shot.

1 Like

The Arculus app on it’s own is completely international, however getting the hardware Arculus card is currently only available in the US, Canada, and Australia. We are actively expanding our international presence. Any country in mind you would specifically request?

+1 how do you plan on doing this if your hardware cant support it?

It’s part of the investigation. While hanh, you may be right, it’s possible that we can make something work. We won’t know until we get our hands dirty and start testing. Nevertheless, me and my team appreciate your input.

Please see my reply to hanh. :slight_smile:

1 Like

Not to be a Debbie Downer, but if @hanh says something isn’t going to work, there’s a good chance you should listen.

First of all, I would love to have another option for a cold wallet! However, the project plan puts Synchronization and Orchard ZKP in the final milestone. These are major difficulty spikes. By that time, lots of time and money would have been committed already. I would be fully supportive of your grant if the design included a technical solution for these two items in the early stages (ideally even before the grant is approved). So that we can avoid the same fate as other zcash projects that left these issues TBD.

For information, neither Ledger nor Trezor hardware devices are performing these tasks. They are offloaded to the host computer.


@JonahatArculus, thank you for your grant submission and for you and the team taking the time to meet with ZCG and also fielding community inquiries.

At the most recent meeting, the @ZcashGrants Committee has voted to reject this proposal, Although ZCG rejected it, they would like Arculus to keep in touch and possibly submit their proposal in the future once ZCG’s treasury is stronger.

For more details from the meeting where this decision was made, please keep an eye out for the minutes that will be posted this week.

Understood, thanks for your time and reviewing our proposal. To your and @hanh’s point, we would love to resubmit in the future when the treasury is stronger, and include tackling Synchronization and Orchard ZPK far earlier in the milestone plan to reduce risk on the treasury’s end.

Thanks for your time and thoughts, everyone!