I’m starting an FAQ for the upcoming Zcash upgrade; I hope it can be helpful for either a standalone FAQ written in laymen’s terms - perhaps posted on both ZF + ECC websites - or may be a useful resource to add to ZIP 315 work in progress by daira · Pull Request #607 · zcash/zips · GitHub. It could (should?) also be pushed out to crypto journals for articles about the Zcash upgrade. I’m aware a lot of these questions are redundant, but from my reading, I don’t know a place where they are all located together. Also, this list is cursory and mainly the result of a brief Twitter exchange earlier today between myself and @nuttycom. Please add more Q and A’s! For some of the answers, I just put placeholders that could be improved through group effort.
Unified Addresses + Auto-shielding
Q. Will a wallet like Exodus or something similar that only uses t-addr be able to send to a wallet with a unified address right out of the box? Or do t-addr only wallets need to update too?
A. Wallets will need to be updated to recognize and parse unified addresses; they do not share an encoding with previous address formats.
Q. What will happen if you already have a wallet with t- and z-addr and the wallet upgrades to support UA? Will the UA be derived from the same private key and boom you just have one public address now?
A. That’s more or less correct. Unified addresses still use BIP-44/ZIP-32 derivation under the hood. However, for UAs containing transparent receivers, we also recommend rolling addresses to reduce linkability when receiving T-funds that then get auto-shielded.
Also, even though shielded addresses never appear on-chain, parties can still coordinate off-chain to share an address you give them, so it’s still useful to roll addresses even that have only shielded receivers to limit this off-chain linkability.
Q. UAs must have an orchard z-addr under the hood, but must they also have a t-addr to allow interoperability with t-addr only wallets?
A. UAs are not required to include a t-addr; many users may prefer to use shielded-only UAs. In this case, a wallet that lacks shielded transaction support should report to the user that they can only send funds to UAs containing transparent receivers.
Unified addresses serve the purpose of providing an upgrade path, but they respect the user’s consent: if a user doesn’t consent to receive transparent funds for whatever reason, they have the choice to not provide a transparent receiver.
Q. If a UA does not have a t-addr receiver (shielded only) – how can a t-addr-only wallet know they will not be able to send funds to the UA with shielded only?
Q. What is Auto-shielding?
Q. What is the status in regard to NU5 of each major wallet that offers Zcash shielded support currently? For instance, Nighthawk, Edge Wallet, Zec Wallet Lite, Unstoppable?
Q. What is the Halo upgrade that is part of NU5?
A. Halo is a new underlying cryptographic technique for verifying Zcash shielded transactions. It differs from the prior systems due to it not requiring a trusted setup, and also having the property of recursion, which allows “proofs of proofs” and will help unlock L1 scalability in Zcash.
Q. Will Halo improve Zcash’s scalability right away?
A. No, Halo lays the groundwork for future scalability improvements, which are already being worked on.
Q. Will users notice a difference now that Zcash is using the Halo proving system?
A. Everyday users will not notice a difference when making shielded transactions or holding shielded zec, other than the differences due to Unified Addresses and Auto-Shielding. However, by eliminating the need for trusted setup, Halo increases Zcash’s security by removing the trusted setup - one of the main attack vectors that theoretically could have been used for counterfeiting zec.