ECC's work to date and next steps for ZSAs


Thank you, @joshs and the many others at ECC working on this, for this great update.

I too think that Zcash Shielded Assets are a crucial next step for the Zcash vision, and you’re doing impressive work in addressing it simultaneously from all of these complementary angles. Can’t wait to see what is learned from these first steps, and what are the next ones!

How can the rest of the community help? What finer-grained questions would you like to bring up for brainstorming or input-gathering, and what ZSA-related efforts/projects would you like to see initiated by others in our community, supported by ZOMG, etc? And putting on my cryptographer hat, what kind of interesting ZSA-related protocol/cryptography/security questions need research attention?


There are questions about native shielded support - whether TZEs are sufficient to support something like a native zUSDC or whether they would need to be issued on another chain first.

Another question related to regulated assets is whether, or how, assets can be frozen. Regulated stablecoin issuers have to be able to freeze assets on addresses that show up on an OFAC sanctions list.


Another concept that’s come up a couple times is a shielded DEX. How do we allow ZSA swaps within a shielded pool? Might be a killer feature.


let’s not support fiat based stablecoins on Zcash. It’s only going to get negative attention towards Zcash.

shielded DEX is great idea. Has there been any research into this? Is that feasible?

Would be awesome to see a Zdai or something along those lines, a decentralised, shielded stablecoin


These are good questions.
TZEs allow stateful smart contracts like functionality on zcash in a really elegant way, but the “contracts” are hardcoded into the client, which means that “writing a contract” has to go through the entire release cycle for zcashd. This is enough to do issuance of private currencies.

This is also enough to build a DEX , but only if there’s some offchain sequencer who updates the TZE state which is what, increasingly, a lot of AMMs look like. The one thing TZEs don’t let you do is have multiple people try to call functions on a single “contract” at the same time. To avoid that, someone has to sequence calls and update state. But again, none of this is a problem for issuance of centralized stable coins where there’s a single logical entity who controls the reserves and owns the issuance contract.

So, out of the box, we can trivially support tether and the like in exactly the same way they support it on Bitcoin via colored coins, but with privacy , better scale, and lower fees. And we can do all the multisig/threshold bits you need for treasury management.

If you need more complicated issuance, we can do that via a custom TZE or a bridge to a smart contract platform. The bridging already, mostly, exists for wrapping ZEC on other chains.

I would be curious if this is someone reflexively asking for feature parity with ethereum even if those features are unused or can be achieved in other ways. As far as compliance goes,most such lists can be kept on the operator side for actual withdraws.
This gets you most compliance and indeed most of the lists for, e.g., politically exposed persons and the like are maintained by the operators/institutions anyway and have to be for confidentiality reasons. As far as I know, no one puts those on chain.There’s a reason most of the on chain block features are never used and IIRC USDC has one banned address in it.

Of course, the one thing you can never do in Zcash, b/c private transactions are fungible, is freeze funds and prevent them from moving on chain. Stablecoin issuers can block conversion to FIAT using KYC/AML rules though.


@hdevalence is building exactly this (called Zswap) for Penumbra. I see lots of overlap between where Zcash wants to be & what’s being built for Penumbra. I wish hdevalence stayed with ZF to build this!!

1 Like

Well, permisionless means someone will do it on Zcash. If it’s useful, then why not?