NU5 / Halo Arc FAQ

Hi all,

I’m starting an FAQ for the upcoming Zcash upgrade; I hope it can be helpful for either a standalone FAQ written in laymen’s terms - perhaps posted on both ZF + ECC websites - or may be a useful resource to add to https://github.com/zcash/zips/pull/607. It could (should?) also be pushed out to crypto journals for articles about the Zcash upgrade. I’m aware a lot of these questions are redundant, but from my reading, I don’t know a place where they are all located together. Also, this list is cursory and mainly the result of a brief Twitter exchange earlier today between myself and @nuttycom. Please add more Q and A’s! For some of the answers, I just put placeholders that could be improved through group effort.

Unified Addresses + Auto-shielding

Q. Will a wallet like Exodus or something similar that only uses t-addr be able to send to a wallet with a unified address right out of the box? Or do t-addr only wallets need to update too?

A. Wallets will need to be updated to recognize and parse unified addresses; they do not share an encoding with previous address formats.

Q. What will happen if you already have a wallet with t- and z-addr and the wallet upgrades to support UA? Will the UA be derived from the same private key and boom you just have one public address now?

A. That’s more or less correct. Unified addresses still use BIP-44/ZIP-32 derivation under the hood. However, for UAs containing transparent receivers, we also recommend rolling addresses to reduce linkability when receiving T-funds that then get auto-shielded.

Also, even though shielded addresses never appear on-chain, parties can still coordinate off-chain to share an address you give them, so it’s still useful to roll addresses even that have only shielded receivers to limit this off-chain linkability.

Q. UAs must have an orchard z-addr under the hood, but must they also have a t-addr to allow interoperability with t-addr only wallets?

A. UAs are not required to include a t-addr; many users may prefer to use shielded-only UAs. In this case, a wallet that lacks shielded transaction support should report to the user that they can only send funds to UAs containing transparent receivers.

Unified addresses serve the purpose of providing an upgrade path, but they respect the user’s consent: if a user doesn’t consent to receive transparent funds for whatever reason, they have the choice to not provide a transparent receiver.

Q. If a UA does not have a t-addr receiver (shielded only) – how can a t-addr-only wallet know they will not be able to send funds to the UA with shielded only?

A. ?

Q. What is Auto-shielding?

A. ?

Q. What is the status in regard to NU5 of each major wallet that offers Zcash shielded support currently? For instance, Nighthawk, Edge Wallet, Zec Wallet Lite, Unstoppable?

A.

Halo

Q. What is the Halo upgrade that is part of NU5?

A. Halo is a new underlying cryptographic technique for verifying Zcash shielded transactions. It differs from the prior systems due to it not requiring a trusted setup, and also having the property of recursion, which allows “proofs of proofs” and will help unlock L1 scalability in Zcash.

Q. Will Halo improve Zcash’s scalability right away?

A. No, Halo lays the groundwork for future scalability improvements, which are already being worked on.

Q. Will users notice a difference now that Zcash is using the Halo proving system?

A. Everyday users will not notice a difference when making shielded transactions or holding shielded zec, other than the differences due to Unified Addresses and Auto-Shielding. However, by eliminating the need for trusted setup, Halo increases Zcash’s security by removing the trusted setup - one of the main attack vectors that theoretically could have been used for counterfeiting zec.

A: UAs contain receiver types, not addresses. A UA must have at least one shielded receiver type, and it doesn’t have to be Orchard. A UA doesn’t have to contain a transparent receiver type.

To clarify, UA is the equivalent replacement to the current z-addr, meaning that Sprout and Sapling z-addr should be treated as deprecated in NU5. So after NU5, ideally all documentation in Zcash will not mention z-addr anymore, only UA and standalone t-addr. The standalone t-addr will still be used as UA cannot only contain a transparent receiver type.

A: With UA, a receiving wallet decodes the Address Encoding and performs validity checks (ZIP 316). So, in the case above, the wallet will tell the users that the address is invalid (for that specific wallet).

A: Auto-shielding lets wallets automatically move funds from a transparent address to the latest shielded ZEC pool that the wallets support (ECC blog). This is a UX improvement for users as their funds will always be stored in a shielded pool regardless of where the funds come from and arrive at. For example, ZEC sent from an exchange that only support t-addr will automatically be moved to a shielded pool as soon as the ZEC arrives in a wallet that supports shielded-by-default. This way, the next time the user uses that ZEC, it would have been coming from a shielded pool.

A: You can track which wallets that have indicated NU5 + Halo Arc support on the halo website.

There is a list of typecodes for specified receiver types in ZIP 316. After a UA has been parsed, the wallet can filter the receivers for the transparent receiver typecodes; if none are present, then the UA is shielded-only. The zcash_address Rust crate provides the FromAddress helper trait to make this easy to implement.

• Q. Do users need to migrate Sapling funds to the Orchard pool explicitly?
  • Will using UAs just do it in the background?
  • Is it entirely dependent on if/how the wallets implement it?

A few other summary resources that might be helpful:

Thanks! So right now, Edge, Nighthawk, Gemini, and Unstoppable will support NU5. Could we get a consensus if ZecWallet Lite will? I know it has been mentioned it will but it is not listed here: ZEC & Halo - Cypherpunk Zero

Also, if these wallets are listed to be in support of NU5, how does that relate to the BOSL licensing discussion where @fireice_uk and others were discussing wallets + Orchard code? Does the use of BOSL/Orchard in wallets already have some data points? I don’t mean to reopen the licensing discussion in another thread, only to ask for the consensus answer about it in regard to wallets currently going to support NU5.

• Q. Do users need to migrate Sapling funds to the Orchard pool explicitly?
  • Will using UAs just do it in the background?
  • Is it entirely dependent on if/how the wallets implement it?

This depends upon the wallet. ZIP 315 (mentioned in the top post) will describe this in detail. In all cases, when funds are sent from the Sapling pool to the Orchard pool, the amount of the transfer that moves across the pool boundary is revealed by the “turnstile” to maintain auditability of the monetary base (though of course no address information is revealed on either side) and because this might be considered private information, it requires the user’s explicit consent.

If you are sending from an Orchard-supporting wallet containing Sapling funds to a unified address with both Orchard and Sapling receivers, the wallet should prefer to send to the Orchard receiver, contingent upon the user being okay with revealing the amount via the turnstile. Under this circumstance, the wallet may also suggest to “opportunistically” move other Sapling funds to the Orchard pool via the change outputs of the transaction.

Is this what a unified zaddress looks like:

u19rpel8gv4urwjpjhv2tfvalv2kck4n0hcznjpq4eevt2r6m9gz9ks62ztxmr3jn56sc938u6j5xl4rrta0md9llugp2z0u6r28mp0fenpeplayxmpv6dkqu96rutwwkajsqjvn7s6ppzdspr6sj9554q3fj9lrmkpk9lrjcw3ug03kn0x289e04pwnkvvc0e5rvtvrjuexh7jaea7x2

~/work/zcash/canon (feature/z_sendmany_tx_limit)λ ./src/zcash-cli z_listunifiedreceivers 'u19rpel8gv4urwjpjhv2tfvalv2kck4n0hcznjpq4eevt2r6m9gz9ks62ztxmr3jn56sc938u6j5xl4rrta0md9llugp2z0u6r28mp0fenpeplayxmpv6dkqu96rutwwkajsqjvn7s6ppzdspr6sj9554q3fj9lrmkpk9lrjcw3ug03kn0x289e04pwnkvvc0e5rvtvrjuexh7jaea7x2'
error code: -5
error message:
Invalid address

This doesn’t appear to be a valid unified address, according to zcashd’s unified address decoding. How did you generate this address?

EDIT: OOPS. My apologies, I was being stupid; this is a valid mainnet unified address, and I just mindlessly tried to parse it on testnet:

~/oss/zcash (master)λ ./src/zcash-cli z_listunifiedreceivers u19rpel8gv4urwjpjhv2tfvalv2kck4n0hcznjpq4eevt2r6m9gz9ks62ztxmr3jn56sc938u6j5xl4rrta0md9llugp2z0u6r28mp0fenpeplayxmpv6dkq
u96rutwwkajsqjvn7s6ppzdspr6sj9554q3fj9lrmkpk9lrjcw3ug03kn0x289e04pwnkvvc0e5rvtvrjuexh7jaea7x2
{
  "orchard": "u1nyzw4s33k272h23fr9lk2t9l4ugmkpsfk3a4hld58ppkeszjttz7kj293hpjltvkdawx8ru4e3rr9lqrgd686g038y703tmges75az0m",
  "sapling": "zs1h66n5kz072u4kyxkzxkgwtt0ngrrsj7scyuxcc3xce7a9wr3wafzndx5ymed90q5ruhkj3cwtry",
  "p2pkh": "t1VYEF9FoZLCyDv9bimjvvjYCaR3PdPa8p8"
}

a)
./src/zcash-cli z_getaddressforaccount 0

a=)
{
“account”: 0,
“address”: “u1q8fq3u67u9scx30afm87su4whx9p6wda4l5vc3s9qausluc5d7wkhvvhu8exjj2ncgrxuk3vda23py0vwywzuvxu4umumyj0v5x2a765l9yeqlld5sc0s8f9ccmgxn4vzugarj9jpcxswdqr288q2lm34kmsmusqel594q74jt6pjgegtj6skju8evq7dv6wztvqzpn7q787ss2qfnj”,
“diversifier_index”: 2,
“receiver_types”: [
“p2pkh”,
“sapling”,
“orchard”
]
}

b)
./src/zcash-cli z_sendmany “u19rpel8gv4urwjpjhv2tfvalv2kck4n0hcznjpq4eevt2r6m9gz9ks62ztxmr3jn56sc938u6j5xl4rrta0md9llugp2z0u6r28mp0fenpeplayxmpv6dkqu96rutwwkajsqjvn7s6ppzdspr6sj9554q3fj9lrmkpk9lrjcw3ug03kn0x289e04pwnkvvc0e5rvtvrjuexh7jaea7x2” ‘[{“address”: “u1q8fq3u67u9scx30afm87su4whx9p6wda4l5vc3s9qausluc5d7wkhvvhu8exjj2ncgrxuk3vda23py0vwywzuvxu4umumyj0v5x2a765l9yeqlld5sc0s8f9ccmgxn4vzugarj9jpcxswdqr288q2lm34kmsmusqel594q74jt6pjgegtj6skju8evq7dv6wztvqzpn7q787ss2qfnj”, “amount”: 0.001}]’

c)
[
{
“id”: “opid-a26db0c3-c2ae-42df-98ae-6187d3f1fbac”,
“status”: “success”,
“creation_time”: 1652042130,
“result”: {
“txid”: “088b0dc3091884dafb93bbc1c0643d2f5942fcd93b877f75f0973ebe19cb6d62”
},
“execution_secs”: 6.785273,
“method”: “z_sendmany”,
“params”: {
“fromaddress”: “u19rpel8gv4urwjpjhv2tfvalv2kck4n0hcznjpq4eevt2r6m9gz9ks62ztxmr3jn56sc938u6j5xl4rrta0md9llugp2z0u6r28mp0fenpeplayxmpv6dkqu96rutwwkajsqjvn7s6ppzdspr6sj9554q3fj9lrmkpk9lrjcw3ug03kn0x289e04pwnkvvc0e5rvtvrjuexh7jaea7x2”,
“amounts”: [
{
“address”: “u1q8fq3u67u9scx30afm87su4whx9p6wda4l5vc3s9qausluc5d7wkhvvhu8exjj2ncgrxuk3vda23py0vwywzuvxu4umumyj0v5x2a765l9yeqlld5sc0s8f9ccmgxn4vzugarj9jpcxswdqr288q2lm34kmsmusqel594q74jt6pjgegtj6skju8evq7dv6wztvqzpn7q787ss2qfnj”,
“amount”: 0.001
}
],
“minconf”: 1,
“fee”: 1e-05
}
}
]

Guess it is a unified zaddr
What do you think?

Works for me @nuttycom:

./src/zcash-cli z_listunifiedreceivers u19rpel8gv4urwjpjhv2tfvalv2kck4n0hcznjpq4eevt2r6m9gz9ks62ztxmr3jn56sc938u6j5xl4rrta0md9llugp2z0u6r28mp0fenpeplayxmpv6dkqu96rutwwkajsqjvn7s6ppzdspr6sj9554q3fj9lrmkpk9lrjcw3ug03kn0x289e04pwnkvvc0e5rvtvrjuexh7jaea7x2
{
  "orchard": "u1nyzw4s33k272h23fr9lk2t9l4ugmkpsfk3a4hld58ppkeszjttz7kj293hpjltvkdawx8ru4e3rr9lqrgd686g038y703tmges75az0m",
  "sapling": "zs1h66n5kz072u4kyxkzxkgwtt0ngrrsj7scyuxcc3xce7a9wr3wafzndx5ymed90q5ruhkj3cwtry",
  "p2pkh": "t1VYEF9FoZLCyDv9bimjvvjYCaR3PdPa8p8"
}

I’m running the tagged 4.7.0 BTW.

@nuttycom It does not work for me on recent master (commit f285a39063d71c4c7da6a4c8188be66b97bd1be8 is what I’m running on this box):

./src/zcash-cli z_listunifiedreceivers u19rpel8gv4urwjpjhv2tfvalv2kck4n0hcznjpq4eevt2r6m9gz9ks62ztxmr3jn56sc938u6j5xl4rrta0md9llugp2z0u6r28mp0fenpeplayxmpv6dkqu96rutwwkajsqjvn7s6ppzdspr6sj9554q3fj9lrmkpk9lrjcw3ug03kn0x289e04pwnkvvc0e5rvtvrjuexh7jaea7x2
error code: -5
error message:
Invalid address

Oh, I’m probably being stupid here - this might be a testnet vs mainnet distinction, I tried to parse this on testnet.

EDIT: YUP. Just me being stupid, my apologies - this is a valid mainnet unified address.

And I did the same thing.

For any of you that Reddit, Please share some engagement to this post submitted in the /r/CryptoCurrency sub that is to help spread excitement about today’s Halo upgrade!

Two questions:

What to do now with the funds already on wallets like exodus, nighthhawk, ledger, trezor?

If I buy the dip on an exchange, and send that to one of the above wallets, will there be any issue?

Do we know the answer for specific wallets today?

I have not personally done a survey; you might ask @andrea or @pacu because I know they’ve each done some feature comparison work across wallets.

I think most of them can be retrieved from seed with Ywallet. @hanh might know best about exodus. I’m not sure about that one.

According to ECC coming out from “emergency mode” criteria, Nighthawk wallet users should be able to just update to latest version and sync.

The problem is that Nighthawk hardcodes the lightwalletd.com light wallet servers, IIRC. Since those are now down, I’m not sure whether Nighthawk can sync at all.