Here’s our monthly update on the status of our work on the ZSA project and our supporting work for Zebra.
Zebra Node
We helped review the lockbox funding streams PR for NU6 in Zebra a week ago when it was submitted. The PR was good overall, and we gave some minor suggestions.
We have been making various changes across the zebra, librustzcash, orchard and zcash-test-vectors repositories to support V6 transactions, including some refactoring to revert from V7 notation to V6 since we have received confirmation that there is no transaction format upgrade in NU6.
We are creating a test setup with the ability to run our ZSA additions, and we have also been shifting the dependencies to versions that are compatible with OrchardZSA and vanilla Orchard, in preparation for merging without disruptions.
We have been working on a demo client that can be used for playing with ZSAs. It uses our zcash_tx_tool with a Zebra node and will have a Docker that will build the necessary components.
zcash_note_encryption updates
We have added changes based on the review provided for our PR#2 to upstream.
There were some challenges with achieving some of the comments, which we were able to discuss with the ECC and decide on a way forward, which we have implemented, for example in PR#13 in our repository.
The interface changes that have happened as a result of these updates have required appropriate refactoring in various other crates dependent on zcash_note_encryption. We have made those changes as well, for example PR#112 in orchard, PR#3 in sapling-crypto. We will submit PRs with these changes to upstream as well in the future.
Halo2 gadgets
Last time, we mentioned submitting PR#823 to the halo2 repository and PR#429 to the orchard repository to support these changes. These are a stepping stone for the further changes to generalize the crate to help work with ZSAs.
We largely completed these further changes, but on discussion with the ECC we are splitting the work into three portions that each add a part of the functionality. This would make it easier to review the work. The three parts are:
The new Lookup that has been optimized for 4, 5, and 10 bits. This builds over the generalization done in PR#823.
A new SinsemillaChip that adds support for hashing from a private point.
Some further helper features (such as new_from_constant, mul_sign, mux_on_points, mux_on_non_identity_points)
This splitting work is currently in progress.
ZIPs
We have been working on resolving the open issues related to ZSAs in the specifications. Some of these relate to typographical improvements and updates to the references, which have been completed and merged into our PR#854.
In order to handle ZIP 209 style tracking of the balances for ZSAs as well, we have made an addition to the global state, requiring ZSA balances to be tracked as an additional failsafe. This has also been merged into PR#854.
We ensured that our work was merged on top of the latest changes to the upstream repository. This included taking into account the new structure of the folders, both for ZSAs and Asset Swaps PRs.
We’re happy to share our monthly update on the status of our work on the ZSA project and our supporting work for Zebra.
Zebra Node
We have largely completed changes across the librustzcash, orchard and zcash-test-vectors repositories to support V6 transactions, including the refactoring as we described in the previous update. We are working on providing the complete V6 transaction support inside the zebra repository.
We have switched over to using the OrchardZSA versions of librustzcash and orchard (which have support for V6 and V5 together).
We introduced NU7 specific code to the appropriate sections in the zebra crates. We are in the process of adding ZSA-specific changes inside these sections.
We are also working on using RocksDB to store the additional issuance state that is required in the ZSA protocol (specifically, whether assets are finalized, and issued amounts) .
We resolved CI issues: the Zebra node and repository has a complex CI setup that cannot directly be copied to our working repository. We instead created a simpler CI setup for our day-to-day work. We will be verify the ZF CI setup passes on our work at regular intervals.
We are continuing work on the ZSA test setup and the zcash_tx_tool (link) that can be used for creating ZSA transactions for integration tests.
We have also begun work on V6 transaction verification logic.
OrchardZSA Audit
We have contacted the Least Authority team for initial work and cost estimation.
The scope of review is as follows:
The OrchardZSA protocol, as reflected by the modified Orchard crate.
The OrchardZSA Halo2 circuit and dependencies.
We will be supporting the audit in the upcoming weeks.
TxV6 serialization and testing
We completed the TxV6 serialization and edge-cases in librustzcash.
We also completed the test vectors for TxV6 and OrchardZSA.
ZIPs
We have continued resolving the open issues related to the ZSA ZIPs. These have been merged into our PR#854.
We have made some additional improvements to the burn mechanism section, and added rationale where it was necessary.
We are also making a pass through ZIP 228 for Asset Swaps over ZSAs (PR#780), refining the material as we begin our implementation.
Open Implementation PRs
We have submitted PR#823 to the halo2 repository and PR#429 to the orchard repository to support the halo2 gadget changes, as described in the previous update. We will be submitting further PRs based on the split described last time after the initial review of this PR, since they build on this base.
We have made changes and responded to the review on our PR#2 to zcash_note_encryption.
We are happy to share with you an update on what we have been working on for the ZSA project!
Zebra Node
We have prepared an initial sequence of pull requests in our fork (Step 1: PR#24, Step 2: PR#15, Step 3: PR#16, Step 4: PR#17, Step 5: PR#18) with the changes we mentioned in our previous update. We have been pair reviewing this with the Zcash Foundation, in order to prevent a situation where we submit one big, hard-to-handle PR at the end of the process.
In parallel, we are continuing to progress on the addition of new items to the global state. These include issued note commitments, supply, finalization and reference note tracking.
Up next will be the consensus rules changes for OrchardZSA.
tx_tool for Zebra
We are adding support for V6 transactions.
We updated the setup to make use of Zebra’s new regtest mode.
Changes to the librustzcash crate
We have updated the semantics to better support the TxV6 format.
We also refined the transaction builder with the new logic for OrchardZSA.
ZIPs
We have been responding to review comments that have been made on PR#854.
We have also successfully resolved some of the ZSA-related open issues (for example, Issue#751 and Issue#752).
We have also updated PR#667 regarding the fees changes for the OrchardZSA Protocol based on review comments from last week.
We are currently working with the ZIP Editors to resolve remaining comments before the 05 November deadline for NU7 ZIPs.
OrchardZSA Audit
Least Authority has begun the audit of the OrchardZSA Protocol, and we have been supporting them with clarifications as it proceeds. As mentioned in the previous update, the scope of the audit is the OrchardZSA protocol, as reflected by the modified Orchard crate, and the OrchardZSA Halo2 circuit and dependencies.
Open Implementation PRs
We have submitted PR#823 to the halo2 repository and PR#429 to the orchard repository to support the halo2 gadget changes, as described in the previous update. We will be submitting further PRs based on the split described last time after the initial review of this PR, since they build on this base.
We have made changes and responded to the review on our PR#2 to zcash_note_encryption.
We hope you are having a pleasant holiday season, and we’d also like to wish you all a Happy New Year! We’d like to share with you an update on what we have been working on for the ZSA project.
ZIPs
Our PR#854 to the ZIPs repository was merged some time ago, and the ZSA ZIPs have received go-aheads from the ZIP editors based on their viability assessments for NU7.
We have opened a new pull request, PR#960 to the ZIPs repository, in order to continue with further updates and improvements, which we detail more about below.
We have adjusted the V6 transaction format to include forward-looking support for Action Groups, which is a generalization required for Asset Swaps. We have also correspondingly updated the computation of the transaction digests.
We have resolved even more of the open issues related to ZSAs, viz. Issue#956, Issue#957, Issue#958. In the process, we did a refactor of the entire consensus rules section of our ZIPs, bringing it to the same format and structure of the protocol specification, making for easier review.
We have added an explicit specification of the types of Issue Notes, removing a minor ambiguity that we spotted.
We have discussed a resolution to Issue#955, that adds specification for the computation of the \rho field in Issue Notes, which we are putting the finishing touches to in our internal PR#90.
We are also completing the specification for reference notes, another forward-looking addition to the issuance state that will be used in Asset Swaps and other potential future improvements to the protocol.
Based on discussions with the ZIP Editors and changes to the ZIP update guidelines, we have moved the specification of the ZSA Fees from an edit of ZIP 317 (The Proportional Transfer Fee Mechanism ZIP) to a section in ZIP 227 (The Issuance of ZSAs ZIP). Accordingly, PR#667 for the Fees has been closed and further discussion will continue in PR#960.
Zebra Node, zcash_tx_tool, testnet and demo
We ran a community call some days ago, where we gave a quick overview of the changes we have made, demonstrated the functionality by running a Zebra node and using our zcash_tx_tool to set up the transactions. The recording can be found here, we’d love to hear more from you!
We have continued to develop the asset supply and state management functionality in Zebra.
Work is also ongoing related to implementation of the new consensus rules and transaction structure for Zebra.
We are also progressing well on setting up a persistent Zebra node on an ECS instance, as a step towards setting up a dedicated ZSA testnet.
Changes to the librustzcash, orchard, and other crates
We implemented the transaction format change to account for Action Groups, through all the relevant crates, viz. librustzcash, orchard, and zcash-test-vectors. We are in the process of putting all these changes together.
We have added an implementation for reference notes into the orchard crate.
We have updated the Orchard and Halo2 books with a draft of our changes, so everything is appropriately explained there as well.
OrchardZSA Audit
We received the audit report for the OrchardZSA Protocol from Least Authority. It is very positive, with no major issues found, and some suggestions for improvement, which we have already begun incorporating.
Open Implementation PRs
We have submitted PR#823 to the halo2 repository and PR#429 to the orchard repository to support the halo2 gadget changes, as described in the previous update. We will be submitting further PRs based on the split described last time after the initial review of this PR, since they build on this base.
We have made changes and responded to the review on our PR#2 to zcash_note_encryption.
We wanted to share here that we received the completed Final Audit Report from Least Authority a few weeks ago.
To summarize, the initial report stated our work was
well-organized and of high quality, … adheres closely to development best practices
It also said
the system [was found] to be well-designed and clearly documented, with a strong emphasis on security.
We received a few suggestions for improvement as a part of the initial report, which we have incorporated. You can check out the complete Audit Report here. This completes Milestone #5 of our grant.
In other updates, we have set up a persistent Zebra node on an ECS instance, as a step towards setting up a dedicated ZSA testnet. We are have a couple of Github Actions that will run a Docker image that will be able to set all this up for a user to use. We are working on a few test scenarios to include in addition to the initial scenario we already have in PR#13 of the zcash_tx_tool repository.