We’re seeking support to take ZcashNames from a working beta to a more trust-minimized system before production.
We launched the ZcashNames waitlist about 50 days ago, and more than 1300 people have already joined. Since then, we completed a public beta test of our infrastructure, collected feedback, and addressed the main issues users and developers raised.
https://x.com/ZcashNames/status/2052521176841494552?s=20
Wallets are already adopting our SDK, and users have been happy with the experience of using names like alice.zcashinstead of long Zcash addresses.
https://x.com/ZcashNames/status/2054668394369265831?s=20
We are now preparing our next beta, which will feature our non-custodial solution for selling names.
The remaining concern is trust. Some community members have pointed out that users should not have to rely on our servers when resolving names. This grant funds the work to reduce those trust assumptions.
Our technical approach is to make name bindings verifiable on-chain. Instead of asking users to trust our resolver database, ZNS will create special Orchard notes that commit to the name, address, operation, and history of each binding. Wallets and apps can then use zns-verify to check those proofs directly.
This is made possible by the rcm field in every Orchard note. It is a 32-byte scalar that randomizes the note’s commitment. ZIP 212 says wallets sample this randomly, but ZNS will replace that randomness with a structured hash of the registration itself:
\rcmσ=ToScalar(BLAKE2b-512(T‖“rcm”‖σ)),ψσ=ToBase(BLAKE2b-512(T‖“psi”‖σ))
where
σ=(α,n,u,p) encodes the operation α, the name n, the target address u, and the predecessor reference p.p is zero for a fresh CLAIM.
For any mutation, p is the prior Name Note’s rcm so that the name’s history can be sequenced. T = "ZcashName/v1" is the domain tag, and ToScalar/ToBase are the standard Pallas field reductions.
The Orchard note commitment that lands on chain is therefore:
cmx=SinsemillaCommit\rcmσ(gd,R∗‖pkd,R∗‖vR‖ρ‖ψσ).
We call this a Name Note. It is a chain-anchored cryptographic photograph of σ itself.
These Name Notes are fully consensus-valid Orchard outputs that full nodes can mine like any other.
Because their (\rcm,ψ) are not sampled per ZIP 212, a regular wallet’s trial decryption rejects them as malformed. Only the Registry’s minter and Resolvers running the published ZNS scanner see Name Notes for what they are.
Finally, we will host the Mint in a Trusted Execution Environment and provide attestations. With our improved Resolver, we will publish verification tools, ship SDKs, run an audit and bug bounty, and support partners through mainnet launch.
We want to make Zcash easier to use while giving users cryptographic proof of name bindings instead of asking them to trust our database.
For more details, please visit our Grant Application on Github: https://github.com/ZcashCommunityGrants/zcashcommunitygrants/issues/298
Thank you for your consideration,
Julian
Engineer at ZcashMe
