Multisig Wallet for Zcash

tonychew1986 · February 27, 2021, 4:52pm

Hey guys,

We are aiming to create a multisig wallet for zcash. One of the key reasons behind this is that we are power users of Electrum BTC & LTC. It’s one of the usage that we feel is lacking at the moment.

Rather than waiting for someone to do it. Thought we’ll just be the change we want to see.

More details within the grant proposal:

cheers

hanh · February 28, 2021, 10:03am

Besides the addition of Frost multisig which as far as I understand relates to signatures, do you see an impact on the zk proof circuit? If so, does your team have the expertise in cryptography required?

Thanks,

tonychew1986 · February 28, 2021, 11:17am

We can understand and apply cryptographic logic on the application layer but if it involves something deeper then we may need to explore it before giving an answer.

Something like bitcoinjs-lib would be great. Otherwise we could leverage other existing libraries.

aiyadt · February 28, 2021, 7:07pm

Great to hear about your interest in contributing to Zcash ecosystem!

Would you consider contributing multi-sig capabilities to the zcash wallet GitHub - zcash/zcash-android-wallet: Android wallet using the Zcash Android SDK that is maintained by core developers. & GitHub - zcash/zcash-ios-wallet: iOS version of the ECC Wallet
That way the entire eco-system of Zcash wallets can benefit instead of duplicating efforts.

gmale · March 1, 2021, 11:40pm

@tonychew1986 It probably goes without saying but just to be explicit: feel free to reach out to the ECC Wallet team if there’s anything we can do to support your efforts. The Zcash Community Discord channels prefixed with #public-community- are great places to go with any questions.

tonychew1986 · March 2, 2021, 1:56am

Yeah sure. We’ll have a look at it.

tonychew1986 · March 2, 2021, 2:01am

One particular thing that I can’t seem to find at the moment is if there’s a library that consist of multisig functionality?

hanh · March 2, 2021, 2:53am

Do you want to do multisig shielded transactions? They aren’t part of the protocol yet (not mentioned in the protocol doc).

tonychew1986 · March 2, 2021, 3:35am

How about non-shielded multisig? Is it similar to the BTC implementation within bitcoinjs-lib? Would be great if there’s a JS library. I see that most implementation seem to be in Rust.

hanh · March 2, 2021, 3:54am

I couldn’t find any library either but transparent addresses use the same scripting language as bitcoin (with minor changes). You would just need to design an address encoding for p2sh since that’s how bitcoin wraps multisig redeem scripts.

tonychew1986 · March 2, 2021, 4:29am

If it’s similar to BTC then it should makes things similar since I’ve done it for LTC prior. That said though, is there any design document or other libraries (non-multisig) for ZEC?

Not as educated on the ZEC nuances as much as I would like to. Thus would be great to have some references on how to structure t-addr & z-addr implementation into a easy to use UI.

The vibe is have now is that t-address and z-address feels a bit disjointed. Therefore causing confusion on how best to use it for non-technical users.

hanh · March 2, 2021, 6:19am

T-addresses are similar to BTC but z-addresses are a completely different beast. I doubt there are any library other than librustzcash that you can use. I guess it’s because the zksnark system used in zcash is too cutting edge and complex to have been ported to js at this point.

However, you can either compile rust as a dyn library and use C FFI from node.js/electron; wrap as a native extension for react native/flutter/ndk, or compile as wasm and run it with wasmer.

None of this is as convenient as a pure js implementation, but I can’t think of any simpler solution.

PS: librustzcash doesn’t support multisig yet.

tonychew1986 · March 3, 2021, 2:19am

Thanks. That’s helpful.

Let me investigate a little more

hanh · March 3, 2021, 3:10am

This library GitHub - BitGo/bitgo-utxo-lib: UTXO coins functions implemented in pure JavaScript seems to have multisig zcash t-addr support.

There is an example in the tests.

github.com

BitGo/bitgo-utxo-lib/blob/d4057d91adf0e666cc5d4d25c7758e50e40f8044/test/fixtures/forks/zcash/transaction_builder.json

{
  "valid": {
    "multisig": [
      {
        "description": "Zcash Sapling P2SH 2-of-3 multisig, signed by key 3 and 1",
        "network": "zcashTest",
        "version": 4,
        "versionGroupId": "0x892F2085",
        "expiryHeight": 289507,
        "inputs": [
          {
            "txId": "1d7d9686ed5eeb7154c2fe659fd3eeea169057cb7bc996962945225139669b86",
            "vout": 1,
            "redeemScriptHex": "5221021dbb31392fa4857601d5ce2225429923688fede8c2d69e547542cbd88240903a2103c8249e0c474d95e09bb04254d342ef1177f8ca92d2a57356a16df25a4635a5382102fae89068c5c63426f83f0bd5492c4fd757e1f4b575b5d6d05592e8ba519bfd6e53ae",
            "signs": [
              {
                "pubKeyIndex": 0,
                "keyPair": "cVmRcxsNdhiCigzrBfpv51JtExBPehtMNzUs9CBvymu1B3ch7LLa",
                "value": 200000000,
                "scriptSig": "OP_0 3045022100e4abb96f9ba029a295c62ca24193036bb3ad8896ef37d6518ad8f41c0fa4848f0220478889b347a0bff6cb1716f170b23bd0f717a73e16dbb2484e4e735c466906eb01 OP_0 OP_0 5221021dbb31392fa4857601d5ce2225429923688fede8c2d69e547542cbd88240903a2103c8249e0c474d95e09bb04254d342ef1177f8ca92d2a57356a16df25a4635a5382102fae89068c5c63426f83f0bd5492c4fd757e1f4b575b5d6d05592e8ba519bfd6e53ae"

This file has been truncated. show original

Just FYI, I haven’t used this library.

tonychew1986 · March 3, 2021, 3:43am

Thanks. Great to see an implementation from BitGo. Definitely will be useful.

aiyadt · March 3, 2021, 5:04am

That’s exactly I thought this grant app is for - multi-sig for shielded transactions. As developing multi-sig for T-addresses does not advance the usage of Zcash privacy features.

tonychew1986 · March 3, 2021, 6:20am

Personally I would like to have multisig for both t-addr & z-addr. The usage pattern might differ based on different scenarios.

However it seems like z-addr multisig is not part of the protocol yet? Have to wait for Halo 2 upgrade?

tokidoki · March 3, 2021, 11:52am

I still think providing option for t-addr multisig is a net good for Zcash. At least, would be useful for all the non-profit that accepts crypto donations. I agree though that it is not ideal and we should strive to create multisig for z-addr first.

Shawn · March 3, 2021, 7:49pm

I’m a bit confused by this statement. It was my understanding that you were aware that shielded multi-sig was not yet widely available in Zcash, and that’s what your proposal was going to assist in making happen, even at the protocol level.

Is this not the case? Or am I misunderstanding your position?

holmesworcester · March 3, 2021, 11:41pm

In the ZOMG meeting we read the grant proposal to mean that you’d dive into the technical details for how to implement FROST and build something that people can use—and this was definitely something we wanted to fund.

If it’s just for t-transactions that still might be interesting but it depends on the details. I think these questions can help us figure that out:

How will this work be useful to other wallets? (Same as @aiyadt’s question above). We’re always worried about how wallets will sustain themselves after the initial build out. So if this can help add multi-sig features to the underlying API, that’s great.
What’s your plan for working with ZF on this? If shielded work is part of the proposal at all, it seems like Chelsea Komlo @ ZF is the leader on this, and we’d want you to have a clear plan with ZF, and some understanding with ZF so that they can prioritize helping you with this. The Discord channel mentioned above or the Zcash R&D Discord channel (DM’ing you an invite now) would be great places to start.
What’s your plan for working with ECC? - The Discord and gmale are great resources here, and this will be important for figuring out how this supports other wallet work.
How does this work with Zecwallet? - Most Zcash users at the moment are using Zecwallet Lite. It uses a separate SDK from the ECC’s SDK. How will this work on multisig be usable in Zecwallet? ( @adityapk00 is the creator of Zecwallet)
Security audits? - To reduce the risks for eventual users, we’d like this work to be audited by an outside party eventually. We’re working on ways to help grantees with this, but since we haven’t really figured out how that will work yet, anything you can do to fit an outside audit into the proposal will be helpful. (For example, this could be as simple as saying you’ll seek outside bids, and apply again for funding for the security audit, and for mitigation work coming out of the audit.) We’re happy to discuss this more with you, too!
References? We’re wondering if there is someone from the Algorand project who could provide a positive reference. That would be really helpful for us.

Thanks! I have a few more questions but I’ll post those in a follow up.