I put together a little tool that so people can get their heads around the economics of staking via this particular design of Crosslink:

TL;DR: What matters most is your stake relative to the TVL of all staked positions.

Other intuitions:

1. Your annualized earnings balance out no matter the size of your finalizer. The voting power only affects the tempo of the accrual.
2. Adding stake is mostly linear and has only a small effect on your annualized earnings % because adding stake increases TVL.

love it. could we have the orchard pool ZEC amount also changable?

thanks for the updates @shieldedmark

now the yield estimate is more clear at different orchard pool sizes. (difference is big with different pool size)

I would like some feedback about the feasibility of adapting Penumbra-style Shielded Delegations to Zcash. I went a layer or two into the onion myself, and sketched the following.

Level-setting (PLEASE READ):

• The following is purely exploratory and is not intended as a change to Crosslink v1.
• Crosslink v1 protects information about the identity of the staker, this is a potential improvement

Cross-posted from GitHub, feel free to reply here or in the ticket.

Sketch: Penumbra-Style Private Delegations for Zcash

This exploratory sketch adapts Penumbra Private Delegations to Zcash to achieve shielded delegations, and publicly verifiable voting power. This effort is motivated by strict privacy and trustless finalizer weights.

Sketch

Here’s how we might be able to achieve this natively with ZEC:

1. Create a new staking consensus domain (Merkle tree + nullifier set), separate from Orchard’s
2. Each finalizer generates a staking keypair (separate from spending keys) and registers its public key as finalizer_id in a staking transaction.
   1. Consensus state stores the map: finalizer_id -> { ... }
3. A delegator spends v from Orchard, and creates three artifacts:
   1. A staking note commitment inserted into the chosen finalizer’s subtree
   2. An additively homomorphic value commitment (V = v·G + r·H)
   3. An encrypted payload that only finalizer_id can open to (v, r)
4. From there, delegations can be redelegated, unbonded, and retired in similar fashion, strictly maintaining the balance between the staking pool and Orchard (spends insert a staking nullifier / spend marker; redelegation re-mints a new staking note)
5. Once per epoch, all finalizers must publicly prove that their weight W = Σ V over all eligible leaves in that finalizer’s subtree, consistent with the staking state

Goals

• Privacy:
  • Delegator identity and delegation amounts are publicly shielded
  • Only the designated finalizer_id can unseal v via their private key
  • Staking domain transactions are sufficiently indistinguishable from one another
• Completeness
  • Finalizer weight W equals the sum of all unspent, epoch‑eligible staking notes to finalizer_id, with no omission
• Integrity:
  • No inflation: Finalizers cannot benefit by over-reporting W > Sum(v_stake)
  • No omission: Finalizers cannot game by under-reporting W < Sum(v_stake)
  • Spending authority remains with the delegator, finalizers cannot spend delegations
  • Values balanced are strictly enforced cross-domain: Δstake + Δorchard = 0
• Compatibility
  • Uses familiar Zcash constructions
  • Use the native ZEC token

The rest of the owl

To complete the full design, we would need to decide on:

• Completeness aka “no omission”: per-finalizer Merkle tree vs. Penumbra flow-encryption
• Domain separation (Orchard vs Staking): tags for commitments, hashes, keys, and sigs
• Finalizer registry design: minimal fields, activation/rotation rules
• Encrypted payload design: keying/derivation, binding/AAD, padding
• Data structures: staking and value-balance enforcement fields for block header / transaction / consensus state
• Policy: slashing, bonding/unbonding rules, liveness/penalties, activation/rotation rules

~100 validators to begin with is reasonable, but it’s important we don’t lose sight of the importance of decentralization. Hope we’ll eventually rank high on the Nakamoto coefficient!

Some food from thought coming from the NEAR ecosystem:

Only way to get many validators (10,000s) with low time to finality is to adopt Avalanche’s consensus algorithm that is based on sampling.

Makes sense to use tendermint for this iteration, but in the future we should switch to Snowman consensus. Privacy coins have higher risk for state actors attacks and need decentralization more than any other coin.

Thanks, yeah - Avalanche is great for its use case but (as I understand) its own finality is probabilistic, which unfortunately defeats the purpose of the whole Crosslink endeavor

If scaling becomes an issue, perhaps we might explore the feasibility of something like Narwhal…? But we have not discussed this and currently have no plans to move away from Tendermint.

It’s the safety that is probabilistic not the finality. What use case do you foresee where Snowman consensus is not appropriate for Zcash?

I agree with this method 100%.

Personally I would prefer implementing a hybrid with Avalanche and PoW, like eCash has done, instead of Crosslink. Perfect for a chain that wants to serve as digital cash, since the vote happens immediately when the transaction hits the network.

Video going into further detail.

It can also be implemented as a softfork, so easy to revert back to pure PoW in case of some hypothetical disaster scenario. The roadmap for Avalanche on eCash (XEC) can be found here:

https://avalanche.cash

Another thing to consider that I asked about in the telegram yesterday relates to protocol upgrades and maintaining compatibility with hardware wallets (Keystone). I assume that this has been considered and there wouldn’t be a protocol upgrade without alignment with our hardware wallet partners; but as someone personally invested and likely speaking on behalf of other current and future investors: I would like clarity on this.

It would be a very bad situation to proceed to market with a protocol upgrade that broke the compatibility with Keystone as I imagine the majority of the ZEC in the orchard pool is using this storage method. This would mean a). a large subset of investors would, from a practical standpoint, not be able to withdraw from orchard (or stake) and b). it would prohibit further funds from flowing into orchard (and stake). I’m posting this in here because this is a tokenomics consideration, even now.

So my two questions are a). Will this crosslinks upgrade break compatibility between keystone and zcash wallets and b). if so are we co-ordinating with keystone now to ensure we are proceeding to market aligned?

Breaking from ECC 2025: Founder Amaury Séchet has officially announced Avalanche Pre-Consensus going live on mainnet Nov. 15th! A milestone built on years of research and engineering, bringing instant finality and real-time transaction processing to eCash.

Amaury1280×960 196 KB

https://e.cash/blog/preconsensus-pr

What if people un-staked in the shielded pool earn 30% of the staking rewards and people Staking earn the remaining 70%. This way you earn a reward by providing privacy in liquid Shielded pool ZEC and staking offer a premium on those rewards.

That would kill all incentives to stay in Transparent address.

Nozy Wallet will eliminate all incentives to remain on transparent addresses, as it does not incorporate t-addresses into its wallet structure.

Nozy’s start and stay in the shielded pool by default no manual shielding step needed, reducing friction. It could embed a one-click “Liquid Shielded Pool” feature, auto-routing deposits to earn the 30% un-staked rewards. For stakers, Nozy could integrate Orchard’s native staking auto-enrolling z-ZEC into the 70% premium tier. This turns the wallet into a “set-it-and-forget-it” privacy earner, where shielding is the yield strategy.

Here is a good video on Amaury Séchet explaining Avalanche Pre-Consensus in 2018:

Are there any plans to incorporate either staking or a token burn mechanism in the future?

Hi @Runamukk there’s another mostly unrelated project called the Network Sustainability Mechanism that has burn dynamics you’ll probably find pretty interesting: NSM - Shielded Labs

Looks good and makes sense. If we are going to a hybrid pow/pos design will staking get us any rewards?

There are currently no plans to go to a hybrid PoW/PoS design, and this is just a proposal. I think you can see my simulator above if you want to play with yield calculations.