Official Shielded Support for Zcash In Ledger HW Wallet

Oh wow, I didn’t know about this one, very cool thanks for making it!

It’s rather obvious when a project is backed by passionate people, motivated by enabling people rather than making money out of them. Nighthawk for example is all nice, but rather limited in features, “forgot” to publish on Github & F-Droid but certainly didn’t forget to add some exchange partners in the app.

Honestly I don’t think it’s necessary to constantly diss ZF/ECC, there’s maybe a bit too much of it on this forum imho. Just like any org, there are certainly things they could do better, but they have inspiring goals and are truly working hard on advancing the project. I think that’s a reasonable threshold for deserving a bit more credibility and respect.

2 Likes

This could be because millions of dollars were spent on duplicating work with less favorable results. More significantly, these expenditures, alongside the investment of time and development talent, might have been more effectively utilized in the advancement of NU-6. Such a strategic reallocation of resources could potentially have mitigated the severity of the price crash.

Despite these circumstances, there has been an absence of acknowledgment of responsibility and a complete deficiency in accountability. This situation has resulted in significant frustration for the investors.

2 Likes

Seeing the pattern of overpromising and underdelivering by the leadership, I find it hard to just nod along respectfully.

Inspiring goals don’t mask the missteps of centralized powers. When support turns a blind eye to repeated failures, it starts looking less like loyalty and more like sycophantic behavior. We need to call it as it is.

I believe I’ve read this sentiment many times from you.

Look, let’s be real about Zcash under this leadership. Seven years in, and what do we have? Barely functioning basics. If this was a public company, they’d be bankrupt or booted out by the board by now. Blind support doesn’t change these facts.

Sure, having goals is one thing, but the real measure is in the execution. Continual pivots and using tools like OKRs, which aren’t typical for startups, hint at a lack of clear direction. If they were earnestly advancing the project, we’d see a push for fresh leadership rather than recycling the same ideas.

It’s telling that many smart people associated with Zcash eventually move on, possibly seeing it more as a personal benefit scheme for the top brass than a genuine collaborative effort.

3 Likes

A bit of relevant context:

This specific situation is happening because this couple was a little bit too vocal about their crypto ownership, but the reasoning remains the same as when owning a device dedicated to cryptocurrency; if there’s a reliable way for people to know one owns crypto, there’s a real chance one could be negatively affected.

Zcash is about privacy, and that privacy brings us safety too. If our main method of safely storing our tokens relies on two vendors that may or may not store details of their buyers for an unknown later use, that’s not exactly optimal. Not to mention, they could unilaterally disable Zcash on their device, due to regulatory pressure, or otherwise.

Indeed, it is great we have found a way to make the Ledgers work once again with Ledger, but let’s remain mindful of the existing risks linked to those devices and make sure we can offer quality alternatives.

1 Like

@ainhoa-zondax at the most recent meeting, the @ZcashGrants Committee voted to approve this proposal and has requested that you provide updates via the forum with every milestone.

4 Likes

Thank you @ZcashFoundation, @ZcashGrants Commitee and all Zcash community. I am thrilled to share that we’ve already begun working on the project. Stay tuned for more updates in the coming weeks. We look forward to keeping the entire Zcash community informed about our journey, and we’re grateful for the support received.

While we acknowledge that the Ledger integration has faced its share of challenges, we want to reassure the community that we are steadfast in our commitment to completing it, making it accessible to all users.

Furthermore, our overarching goal is to extend this integration to the most widely used web wallets. To streamline the process and address potential hurdles, we have initiated work with our fork of the Zec wallet for the submission process. However, we are eager to collaborate with other teams at the earliest opportunity.

We appreciate the dedication and mission-driven spirit of the Zcash community, and for us, this marks a new fresh chapter in our collaboration efforts. As a dedicated team with extensive experience in security and HSMs development, we align with Zcash’s mission, committing to ensuring the confidentiality and security of user data.

12 Likes

This is reassuring, as I think a zecwallet fork will quickly become outdated/inferior to other projects like YWallet who are hastily pushing along with development.

2 Likes

Hi folks! I saw that there were some concerns aired in posts on this forum and apparently also in meetings, about the Bootstrap Open Source Licence. I reached out to our friends at Ledger (Charles Guillemet, Seth Hertlein, Fabrice Dautriat, Nafissatou Ndiaye, and Roman Beyon-Grataroli) and Zondax (Juan Leni and Ainhoa Aldave). They all said that they see no problem with including full Zcash support, including Orchard, in Ledger firmware and Ledger Live under the Bootstrap Open Source Licence and the existing “Zcash support exemption”. They said that the Ledger legal team has a backlog of work, so they won’t have time to finish a legal review of the BOSL before the end of the year. I assured them that if Ledger legal turns up any legal issues with the BOSL or the exemption, that we at ECC will fix those legal issues right away. Also, several of them said how they really appreciated the intention of the BOSL: to make open source software sustainable!

Bottom-line: having talked to the people above, none of them think that the current licensing terms pose a problem. If it turns out there’s a legal issue, we’ll fix it. So rest assured, there are no roadblocks to full Zcash support on Ledger!

By the way, not everyone reading this may be aware that the new Edge Wallet upgrade with full Zcash shielded support, and the upcoming Brave Browser Zcash integration, were both funded by licensing revenues thanks to the BOSL. And specifically thanks to the Zcash community supporting the deployment of Halo and Orchard under the BOSL, in NU5.

ECC is are also currently in talks with two other organizations that might contribute back to the Zcash community as part of a partnership deal, leveraging the fact that Orchard is currently under the BOSL. No promises! “A deal is only final when it’s final.”, as my friend and mentor Naval used to say. But I am hopeful that we can get even more benefit for the Zcash community through our licensing, going forward. Stay tuned! And rest assured about Ledger support. :slight_smile:

20 Likes

thank you Zooko. -Ian

4 Likes

Despite my initial concerns I feel the BOSL license has been a net benefit to ECC and Zcash :clap:.

7 Likes

Things are evolving very quickly and we are at risk at becoming laggards in what can be a fundamental shift in Android security that can offer high security and privacy. Zcash is supposed to be excellent and both those things, but as mentioned before, having a hardware crypto wallet is a statement, potentially dangerous, of crypto ownership. This goes against both security, and privacy.

Let’s see what Vitalik says on the subject:

Trusted hardware chips inside of users’ phones, effectively creating a much smaller high-security operating system inside the phone that can remain protected even if the rest of the phone gets hacked. Among many other use cases, these chips are increasingly being explored as a way to make more secure crypto wallets.

Source: My techno-optimism

What are our wallet developers thinking of this? Could Zashi, for example, implement such technology on Android?

2 Likes

Dear Zcash community,

I am thrilled to announce the completion of Milestone 1, which includes adding support for ZIP-317 fees in the Ledger application.

Our next steps involve initiating the coordination of a security audit and preparing for the official submission of the app to Ledger.

Our goal is to initiate discussions with other web wallet providers as soon as possible, enabling them to seamlessly integrate it and making this accessible to a wider user base.

Please be aware that this application has NOT undergone an audit yet. Use it at your own risk. We plan to conduct the audit in the next few weeks.

Here is a demo video.

How to run ZecWallet lite:

  • Install Zcash v3.3.0 from ledger-zcash repository or directly from our hub with a Nano S+ device Zcash

  • Open Zcash-new app

  • Clone Zondax ZecWallet repository (master branch)

git clone --branch master GitHub - Zondax/zecwallet-lite: Zecwallet-Lite is z-Addr first lightwallet for Zcash.

  • Install node v16

node --version

v18.18.2

nvm install 16

v16.20.2 is already installed.

Now using node v16.20.2 (npm v8.19.4)

node --version

v16.20.2

  • Install dependencies and run the project (verify app is open before running)

yarn

yarn start

Now you should be able to see something like this:

Select the second option (Connect to Ledger) and it will ask you to enter the birthday. If you are not sure and set 0, it will start the synchronization from genesis block.

You can check here and search for a specific date. Then use the height field from the explorer as birthday. This will save you a lot of time!

Once the synchronization is completed, you will see this menu.

Go to Receive and select Transparent or Shielded and create a new address.

If you want to generate a shielded address, this will require interaction with the device and it will require several minutes to be created.

The user needs to review 2 steps to retrieve IVK and OVK from the device.

Once you have created an address, you should be able to receive funds and then make a transfer between any combination of transparent and shielded addresses.

Go to Send, fill the address, amount and memo if you are sending to a shielded address

A confirmation screen will pop up, if everything is correct, click on send

Check all the fields on the device and confirm the transaction. The transaction will required 5 steps and might take some minutes to be signed

If you don’t see your balance with the right amount, you might need to rescan. To do that, just go to the top menu, wallet and click in rescan

12 Likes

Nice!

FWIW I’ve found volta more reliable over nvm for managing node versions.

Hi Zcash community! :wave: I wanted to share with you that today the security audit of the Ledger zcash app started. I’ll share more updates soon as the audit progresses.

15 Likes

@ainhoa-zondax FYI I also did an audit of the GitHub - Zondax/ledger-zcash: Zcash app for Ledger Nano S and X codebase a while back, the report should be in your inbox. If you haven’t received it let me know and I’ll resend it!

7 Likes

Hi @earthrise, yes we received your audit, however it was made with an old version of the application and even if we wished, these kind of community audits are not “officially” accepted by Ledger (nothing against you or your work!) We had to work with specific partners they collaborate with.

1 Like

Dear Zcash community,

I am thrilled to share the exciting news: the security audit for the Zcash Ledger app has successfully concluded, and I’m pleased to report that no major issues were identified :partying_face:

We have implemented all the enhancements recommended by the auditors, marking the successful completion of Milestone 2.

Furthermore, we have submitted all necessary documentation to the Zcash Foundation (ZF) to initiate the official submission process. For your reference, the final audit report is accessible here

Ledger-Zcash-app-audit.pdf (308.4 KB)

Thank you for your continued support and engagement in this important phase of our project.

21 Likes

We have just completed the app submission process. :white_check_mark:

22 Likes

I am not technical enough to check this myself. How is a transaction created by the Zondax Ledger app? Specifically, is a private key at any point stored in memory?

Hello @jelly5649 ,

If you are not technical enough to assess a topic I would suggest to try to assess the quality of the argument here you can see an individual saying things are not possible because he says so. No technical or mathematical explanation he just states what is possible or not. Then he uses a negative sentiment around IOTA (which might be deserved, but that’s not the topic) to illustrate his poor take again without any other further explanation.

To deep dive into how a hardware wallet works and fully understand the interactions between components and cryptographic material requires extensive knowledge in computer science and electronics. If you don’t have such background you will ultimately have to rely on someone/something else in any case as you won’t be able to fully verify your device and code. There is no shame in that, almost no one in the world as the time and knowledge to do so, I (developer relations at Ledger) surely don’t. So I don’t think any word from myself will or should convince you to believe that Ledger is safe but I strongly encourage you to exercise critical thinking and listen to technically supported takes when it comes to security/cryptography it will blow away 99% of the noise.

One good way to assess the security of a security product if you don’t have the technical knowledge is to assess the track record, Is there an ongoing bounty program ? For how long as is it running, what are the results of those ? donjon.ledger(dot)com/bounty/
does the report from those bounty look serious ? donjon.ledger(dot)com/lsb/

Ledger exists for a long time now and sold millions of hardware. So Ledger devices are probably securing a good part of the coins that exist today. So any vulnerability such as the one described (an application running away with your seed :rofl: ) would put all the funds at risk. So we are talking mutli billions at risk, have you heard of a multi billion hack due to a vulnerability on a Ledger app ? No and you very likely never will and if you do we can probably all pack our bags anyway (Ledger the company would collapse in blink) because the market impact would be insane. So yes from time to time you’ll read that a mistake has been made at Ledger or Trezor or that a third party email provider has been compromised and so on. But it has nothing to do with the architecture / security of the Ledger devices themselves, if it had ever been the case Ledger would be bankrupt and I wouldn’t be typing this. Even if a track record isn’t a proof but it certainly is an indicator. There is no such thing as perfect security and that’s why our security/firmware team are always working hard to improve the system in place. Then it’s up to you to exercise your judgement with all the information available to you to assess if you are comfortable using a a security solution (notice that this work with any security product that you don’t have knowledge or time to fully verify software or hardware). Considering Ledger’s app, I’m personally very fine with that risk that I assess to be very close to the risk of the protocol itself being broken so for Zcash I’d say millions of times less likely than me being hit by an asteroid today.

Also please know that we hear the community loud and clear on the need to be more verifiable and we are working on ways to improve this. A brilliant bitcoin guy already showed steps in that directions with miniscript Towards a trustless Bitcoin wallet with miniscript | Ledger

For anyone interested to dig Ledger’s architecture and open source choices I’d suggest Secure Hardware and Open Source | Ledger

Best,

5 Likes