Encrypted memo field


#1

We've just posted a write-up on the encrypted memo field feature in transactions between shielded addresses. https://z.cash/blog/encrypted-memo-field.html

There's a ton of potential for this feature and we would love to hear your ideas on what this could be used for. See blog post for inspiration. :slight_smile:


#2

very cool, will have to check it out


#3

hey @paige,

I have some questions regarding encrypted memo field:

  1. I suppose I can use time-locked transactions as in bitcoin, right?
  2. Can I use a time-lock also for private/shielded transactions?
  3. Is the memo field content of a time-locked private transaction sealed (for recipient and everybody else) until it is actually added to the blockchain (time-lock passed)? Or can the recipient see the memo field content of a pending time-locked private transaction before time-lock is released?

Would be nice if you can clarify this!


#4
  1. Yes, this works as in Bitcoin for transparent transactions.
  2. Not at the moment, but that is a feature we have considered and know how to do: https://github.com/zcash/zcash/issues/344 . At some loss in privacy, you can make funds transparent in order to do a Bitcoin-style time lock and then shield them again.
  3. There's no such thing as time-locked shielded transactions at the moment, but I'll add that as a potential security property to ticket 344. However, I don't see how to implement it, since there's no way for the sender to choose a key that will only be available after expiry of the time lock.

#5

Hey @daira,

Thank you for your reply that makes it a bit clearer for me. I will follow your progress with issue #344.

Regarding 2/3. Your blog post https://z.cash/blog/encrypted-memo-field.html mentions "transaction view keys". If the transaction view key can only be used by a recipient when a shielded transaction is actually added to the blockchain, and not before when it is pending as a time-locked transaction, then time-delayed memo/secret sharing with the recipient should be possible. I guess I'm still missing something here...(and do not understand how you want to enable time-locked shielded transactions).


#6

Where the blog post refers to a "transaction view key", it means the ephemeral private key used by the sender to encrypt a note plaintext. The sender could hold onto this and reveal it at a later time, but there would be no mechanism to enforce when they reveal it. So that would not work for most uses of time-lock protocols where the sender is untrusted.


#9

Is it possible in the API to derive the view key?


#10

There is no API to do that currently. The ticket for it is https://github.com/zcash/zcash/issues/1997 .


#11

We're currently focused on specifying and then implementing payment disclosure which will create a blob to decrypt individual payments to shielded addresses. The viewing key has a much larger scope (all transactions sent to shielded address) so implementing payment disclosure is safer to do first because of it's added granularity. If a blob gets shared by accident, it only affects the transaction involved whereas a accidental sharing or viewing key affects the entire address.


#12

I just realized I don’t know how to use the memo field.
When I see the received transaction I see the memo in hex; how do I translate it to a string?


#13
$ python
>>> from binascii import unhexlify
>>> unhexlify('4d656d6f206669656c6421')
'Memo field!'

#14

There are plenty of online services too for a very simple solution e.g. https://codebeautify.org/hex-string-converter


#15

I wanted to see I could retrieve myself the messages from z_board http://www.z-board.net/


#16

On that note, I had previously done the same by importing the viewing key and running z_listreceivedbyaddress and then manually decoding the memo. One thing I didn’t understand was why the amount field contained a lot of different values. I assumed this was the fee but looking on zcha.in it seems the default fees were used. See this incoming transaction for example:

{
    "txid": "2a11563a57c39151878f83700d6c1133b232cdb058086b0fb4ed50c3e34b99b8",
    "amount": 0.00050000,
    "memo": "53544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f5020544845205741522053544f502054484520574152200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000"
  }

#17

Well they asked people to send some small amount, so people sent different amounts I guess.


#18

Ah, OK that makes perfect sense - I think I sent a 0 amount and just sent the fee and hadn’t actually read that part so just confused myself :confused:


#19

you got off cheap :wink: