[Grant Update] Zcash Shielded Assets Monthly Updates

Dear Zcash community,

We are excited to share that we have pushed our pull requests for the implementation of the Transfer Protocol, as described in draft ZIP 226. The PR is here (PR#372), and the specifics are detailed below.

With this update, we are submitting the implementation corresponding to milestone #5 of the ZSA proposal and grant - Transfer Protocol Implementation PR (previously called milestone 3a).

This submission builds on top of the Issuance PR submitted earlier for milestone #6. The submission includes:

Burning mechanism:

With this, you are now able to publicly burn ZSA notes in addition to being able to transfer them. This adds a burn field inside the Orchard bundle along with the necessary changes to make use of it.

The full list of changes is listed in ZSA burn functionality #35.

Note Encryption:

The encryption of the notes also now works for larger note sizes, as is required for the addition of the asset identifiers.

We extended the Domain trait in the zcash_note_encryption package to allow for variable length encryption and decryption, by converting the constants to trait-specific types. This also involved updating various parts of the librustzcash crate to adapt to this generalization. The PR for this is zcash_note_encryption generalization zcash/librustzcash#746.

We also implemented this updated Domain trait for V3 notes in the orchard crate. The PR for these changes is V3 encryption #38.

Python test vectors

We have updated the zcash_test_vectors repository to generate test vectors that account for the above changes. The details of these changes are in the Testing encryption v3 zcash-test-vectors#6 pull request and the zsa1 branch.

Other changes

  • To avoid the ambiguity of the word “type”, the term note_type used previously was renamed to asset of type assetID. (Thanks @daira )
  • We have also constructed test vectors for the derivation of AssetID . The details of this are in the AssetID test vectors #34 pull request.
  • The split note mechanism is also included, but not currently activated. Activation will be done only once the circuit is ready, so as to preserve the transfer functionality in the meantime (activation point).

There are tests included to allow you to check these changes out — do let us know any comments you have on the PR so that we can track everything.

Next steps

The status of other pending steps is as follows:

  • The changes to the circuit to support the AssetID, split notes, and the other functionality changes are in progress (part of milestone #3).
  • The backward compatibility for the serialization of the encrypted notes (to support both V3 and V2 simultaneously) is also in progress.
  • The relevant ZIPs (ZSA Protocol ZIPs - Transfer and Issuance. zcash/zips#649) are also currently being reviewed, and the fixes and comments made there might require implementation changes, which we will be working on as well.
  • We will also soon submit the ZIP and Specification changes, thereby completing Milestone #7 - ZSA Protocol Specification.

Going forward, we will finish the implementation of the circuit for the proof, with which we will also be able to activate other implemented mechanisms such as the split note functionality. We will also be completing the note serialization backward compatibility simultaneously.

The ZSA Team.