[Grant Update] Zcash Shielded Assets Monthly Updates

Hi all, I decided to create a new thread, to separate the main ZSA Proposal from the actual work done.

We promised the community and the MGRC to post monthly updates. This is the first update, after a month of work! Expect all updates to come around the 15th of the month, though we plan to have more interactive discussions.

This first month has been super exciting, and we have several updates on the project:

  1. We have hired Vivek and Shahaf, two cryptography engineers to join the ZSA team. I have never seen such a fast onboarding onto the Zcash protocol (quite complex one!) - they are in their second week and diving into the deeper details of how to make the values balance with the binding signature for a multi-asset version.

  2. We had a great discussion in one of the latest Arborist calls with the ECC and ZF technical teams, we outlined several options for how to make the Issuance happen best (more on this below). It is important for us to share the technical details with the community, but especially with these two teams who make the core dev team of the protocol.

  3. We are getting really close to releasing a first draft of the transfer ZIP (please stay tuned). For the first version we decided to not fix the specific number of types of assets allowed per transaction, as we are studying the concrete circuit used with Halo2 and its limitations.

  4. In terms of the issuance mechanism, we will also soon release a preliminary document to outline our concrete approach so we can get the full review of the community before writing the ZIP. We are considering using the “spend” part of the Orchard Action to issue assets transparently (with a potential private extension) and the “output” part to burn assets transparently. For now, we will focus on the simple functionality of not limiting the amount of issuance calls allowed by an issuer, and we leave the importing / wrapping of assets to be handled by a trusted entity (while making everything verifiable). Stay tuned for the full doc!

In terms of the timeline, we are doing great with time since we have two more months to accomplish the first two milestones of the project (transfer ZIP + issuance ZIP).
We recommend everyone to join the next Arborist call, next Thursday to hear more!
We will also be hosting a separate community call to discuss the issuance mechanism in a live discussion.

Thank you all!!
to the zsa-moon <3


Very exciting! Welcome to Vivek and Shahaf from the depths of the Zcash Specification :smiley:


OMG, a “zsa-moon” token should definitely be the first on-chain issuance :joy:


jajaja maybe we should
want to be the issuer??


I’m in. Max issuance divided evenly amongst valid addresses memo’d to me :astronaut::rocket::full_moon_with_face:.

I think there should be some kind of sybil resistance to this mechanism. I propose a shielded memo with a proof of forum account :stuck_out_tongue:


Very exciting!

Is NFT issuance possible with ZSA? Is that out-of-scope?

@dontbeevil That’s a good question. As far as I understand it each token is fungible. Asset types are not.

@LeCryptoMath how many bytes will the asset type ID be? I imagine rather then needing NFTs to represent art/collectibles we could issue a seperate new ZSA type for each seperate piece of art/collectible.


Dear Zcash community,

We are super excited to share with you the first DRAFT versions of the two ZIPs that cover the ZSA protocol, which @naure @PabloK @shahafn @vivek and myself worked on for the past months with the help of @daira @str4d and @tromer:

These ZIPs have been in the works for the past two months and we have interacted with the community, the ECC and the ZF developers to ensure the compatibility, usability, privacy & security and elegancy of the protocol.

You can find here the three different calls that we had discussing these ZIPs

A short description


As our MVP, the issuance mechanism is transparent, and enables several interesting applications of issuance on Zcash. We have designed a protocol that enables batch issuance for finite or infinite supply of assets. It allows for NFT-style issuance, and is off-chain extensible to allow for bridges to be built. In terms of security, we provide the ability for the chain to track the total supply of any token, as well as for individuals to revoke the issuance of an asset id in case of compromise.


In terms of the transfer mechanism, we have designed a circuit that ensures that old-style ZEC Orchard notes can be used as-is within the ZSA protocol, making the transactions totally indistinguishable from the Orchard transactions. This means that we have backward-compatibility and in terms of upgrade, we will not have to create a turnstile.

The transfer has been reviewed to be secure, albeit lacking of an actual security proof, which we hope to at least sketch.


In order to properly support an end-to-end ZSA protocol, we designed a very elegant burning mechanism. We will use the inherited format of the shielding/unshielding of ZEC in the Orchard protocol (that uses the transparent ValueBalance) in order to confirm that some amount of a given asset has been burnt and is unspendable. We define purely the protocol for burning, but we do not provide a specific implementation of how a bridge should be built, as there could be several ways to accomplish the bridge (the main question is how to transfer data to the bridge operator).

Discussion points


These ZIPs are in DRAFT mode and will definitely see some changes in the months to come, both as we receive feedback from the community and core developers, as well as changes that arise in the implementation process. We have started working on a prototype of these designs in order to have initial tests.

We welcome any comments and questions!

We will be hosting a live twitter spaces in a couple of weeks to discuss this, stay on the look out for more info!


Hi @LeCryptoMath,

The links are not working and I couldn’t find them on the /zips repository - can you help me fix it?


I’m sharing the links here:


Thanks for the links! Are the ZIP drafts now in a state where they could actually be presented as draft PRs to the GitHub - zcash/zips: Zcash Improvement Proposals repository?


(Speaking as a ZIP Editor.)

Ditto! These look great!

They appear to be. I would strongly encourage filing them as a PR, so that GitHub’s comment/suggestion/review features can be used and so that changes can be tracked.


this is a great point! We will make sure to do this in the next few days.


Yes please, this would be great to track questions/reviews/suggestions/what has been discussed and what not


Dear all, after some time, please find our monthly update (sorry that we skipped one, between time off and initial development, there was not a lot to update on).

The last two months we have done important progress, ironing out many details of the design of the protocol and the circuit. Specifically,

  1. We have created a pull request with the draft versions of

  2. We have been advancing at a good pace with the implementation of the protocol

    • The transfer protocol changes are pretty advanced - see repo
    • The client implementation (RPC) for the ZSA functionality is also advancing well - see repo’s main branch
    • We are also getting started with the issuance implementation, having already implemented the issuance key structure - see this pull request
  3. We are advancing with the ZIP for the fee mechanism, though we do not feel like we are ready to share the draft. More on this soon!

  4. We are getting ready to present our work and progress at Zcon3!! We will have one session with concrete design overview, updates and (hopefully) a demo. And we will also host an interactive discussion on the future applications and protocol design for the Zcash blockchain (i.e.: towards real programmability). Do not miss it out.

We are hear to answer any questions!
Thank you all,
The QEDIT team.


Thankyou, this is awesome! We made a start on editing in the ZIP sync meeting on Wednesday. Looking forward to seeing the QEDIT team at Zcon!