Official Shielded Support for Zcash In Ledger HW Wallet

Thank you @ZcashFoundation, @ZcashGrants Commitee and all Zcash community. I am thrilled to share that we’ve already begun working on the project. Stay tuned for more updates in the coming weeks. We look forward to keeping the entire Zcash community informed about our journey, and we’re grateful for the support received.

While we acknowledge that the Ledger integration has faced its share of challenges, we want to reassure the community that we are steadfast in our commitment to completing it, making it accessible to all users.

Furthermore, our overarching goal is to extend this integration to the most widely used web wallets. To streamline the process and address potential hurdles, we have initiated work with our fork of the Zec wallet for the submission process. However, we are eager to collaborate with other teams at the earliest opportunity.

We appreciate the dedication and mission-driven spirit of the Zcash community, and for us, this marks a new fresh chapter in our collaboration efforts. As a dedicated team with extensive experience in security and HSMs development, we align with Zcash’s mission, committing to ensuring the confidentiality and security of user data.

This is reassuring, as I think a zecwallet fork will quickly become outdated/inferior to other projects like YWallet who are hastily pushing along with development.

Hi folks! I saw that there were some concerns aired in posts on this forum and apparently also in meetings, about the Bootstrap Open Source Licence. I reached out to our friends at Ledger (Charles Guillemet, Seth Hertlein, Fabrice Dautriat, Nafissatou Ndiaye, and Roman Beyon-Grataroli) and Zondax (Juan Leni and Ainhoa Aldave). They all said that they see no problem with including full Zcash support, including Orchard, in Ledger firmware and Ledger Live under the Bootstrap Open Source Licence and the existing “Zcash support exemption”. They said that the Ledger legal team has a backlog of work, so they won’t have time to finish a legal review of the BOSL before the end of the year. I assured them that if Ledger legal turns up any legal issues with the BOSL or the exemption, that we at ECC will fix those legal issues right away. Also, several of them said how they really appreciated the intention of the BOSL: to make open source software sustainable!

Bottom-line: having talked to the people above, none of them think that the current licensing terms pose a problem. If it turns out there’s a legal issue, we’ll fix it. So rest assured, there are no roadblocks to full Zcash support on Ledger!

By the way, not everyone reading this may be aware that the new Edge Wallet upgrade with full Zcash shielded support, and the upcoming Brave Browser Zcash integration, were both funded by licensing revenues thanks to the BOSL. And specifically thanks to the Zcash community supporting the deployment of Halo and Orchard under the BOSL, in NU5.

ECC is are also currently in talks with two other organizations that might contribute back to the Zcash community as part of a partnership deal, leveraging the fact that Orchard is currently under the BOSL. No promises! “A deal is only final when it’s final.”, as my friend and mentor Naval used to say. But I am hopeful that we can get even more benefit for the Zcash community through our licensing, going forward. Stay tuned! And rest assured about Ledger support.

thank you Zooko. -Ian

Despite my initial concerns I feel the BOSL license has been a net benefit to ECC and Zcash .

Dear Zcash community,

I am thrilled to announce the completion of Milestone 1, which includes adding support for ZIP-317 fees in the Ledger application.

Our next steps involve initiating the coordination of a security audit and preparing for the official submission of the app to Ledger.

Our goal is to initiate discussions with other web wallet providers as soon as possible, enabling them to seamlessly integrate it and making this accessible to a wider user base.

Please be aware that this application has NOT undergone an audit yet. Use it at your own risk. We plan to conduct the audit in the next few weeks.

Here is a demo video.

How to run ZecWallet lite:

• Install Zcash v3.3.0 from ledger-zcash repository or directly from our hub with a Nano S+ device Zcash

• Open Zcash-new app

• Clone Zondax ZecWallet repository (master branch)

git clone --branch master GitHub - Zondax/zecwallet-lite: Zecwallet-Lite is z-Addr first lightwallet for Zcash.

• Install node v16

node --version

v18.18.2

nvm install 16

v16.20.2 is already installed.

Now using node v16.20.2 (npm v8.19.4)

node --version

v16.20.2

• Install dependencies and run the project (verify app is open before running)

yarn

yarn start

Now you should be able to see something like this:

1301×730 43.4 KB

Select the second option (Connect to Ledger) and it will ask you to enter the birthday. If you are not sure and set 0, it will start the synchronization from genesis block.

You can check here and search for a specific date. Then use the height field from the explorer as birthday. This will save you a lot of time!

1301×730 31.6 KB

Once the synchronization is completed, you will see this menu.

1301×730 29.8 KB

Go to Receive and select Transparent or Shielded and create a new address.

1301×730 26.4 KB

If you want to generate a shielded address, this will require interaction with the device and it will require several minutes to be created.

1301×730 26.9 KB

The user needs to review 2 steps to retrieve IVK and OVK from the device.

1301×730 33.2 KB

Once you have created an address, you should be able to receive funds and then make a transfer between any combination of transparent and shielded addresses.

Go to Send, fill the address, amount and memo if you are sending to a shielded address

1303×730 40.4 KB

A confirmation screen will pop up, if everything is correct, click on send

1303×730 47.4 KB

Check all the fields on the device and confirm the transaction. The transaction will required 5 steps and might take some minutes to be signed

1303×730 42.6 KB

If you don’t see your balance with the right amount, you might need to rescan. To do that, just go to the top menu, wallet and click in rescan

Nice!

FWIW I’ve found volta more reliable over nvm for managing node versions.

Hi Zcash community! I wanted to share with you that today the security audit of the Ledger zcash app started. I’ll share more updates soon as the audit progresses.

@ainhoa-zondax FYI I also did an audit of the GitHub - Zondax/ledger-zcash: Zcash app for Ledger Nano S and X codebase a while back, the report should be in your inbox. If you haven’t received it let me know and I’ll resend it!

Hi @earthrise, yes we received your audit, however it was made with an old version of the application and even if we wished, these kind of community audits are not “officially” accepted by Ledger (nothing against you or your work!) We had to work with specific partners they collaborate with.

Dear Zcash community,

I am thrilled to share the exciting news: the security audit for the Zcash Ledger app has successfully concluded, and I’m pleased to report that no major issues were identified

We have implemented all the enhancements recommended by the auditors, marking the successful completion of Milestone 2.

Furthermore, we have submitted all necessary documentation to the Zcash Foundation (ZF) to initiate the official submission process. For your reference, the final audit report is accessible here

Ledger-Zcash-app-audit.pdf (308.4 KB)

Thank you for your continued support and engagement in this important phase of our project.

We have just completed the app submission process.

Hello @jelly5649 ,

If you are not technical enough to assess a topic I would suggest to try to assess the quality of the argument here you can see an individual saying things are not possible because he says so. No technical or mathematical explanation he just states what is possible or not. Then he uses a negative sentiment around IOTA (which might be deserved, but that’s not the topic) to illustrate his poor take again without any other further explanation.

To deep dive into how a hardware wallet works and fully understand the interactions between components and cryptographic material requires extensive knowledge in computer science and electronics. If you don’t have such background you will ultimately have to rely on someone/something else in any case as you won’t be able to fully verify your device and code. There is no shame in that, almost no one in the world as the time and knowledge to do so, I (developer relations at Ledger) surely don’t. So I don’t think any word from myself will or should convince you to believe that Ledger is safe but I strongly encourage you to exercise critical thinking and listen to technically supported takes when it comes to security/cryptography it will blow away 99% of the noise.

One good way to assess the security of a security product if you don’t have the technical knowledge is to assess the track record, Is there an ongoing bounty program ? For how long as is it running, what are the results of those ? donjon.ledger(dot)com/bounty/
does the report from those bounty look serious ? donjon.ledger(dot)com/lsb/

Ledger exists for a long time now and sold millions of hardware. So Ledger devices are probably securing a good part of the coins that exist today. So any vulnerability such as the one described (an application running away with your seed ) would put all the funds at risk. So we are talking mutli billions at risk, have you heard of a multi billion hack due to a vulnerability on a Ledger app ? No and you very likely never will and if you do we can probably all pack our bags anyway (Ledger the company would collapse in blink) because the market impact would be insane. So yes from time to time you’ll read that a mistake has been made at Ledger or Trezor or that a third party email provider has been compromised and so on. But it has nothing to do with the architecture / security of the Ledger devices themselves, if it had ever been the case Ledger would be bankrupt and I wouldn’t be typing this. Even if a track record isn’t a proof but it certainly is an indicator. There is no such thing as perfect security and that’s why our security/firmware team are always working hard to improve the system in place. Then it’s up to you to exercise your judgement with all the information available to you to assess if you are comfortable using a a security solution (notice that this work with any security product that you don’t have knowledge or time to fully verify software or hardware). Considering Ledger’s app, I’m personally very fine with that risk that I assess to be very close to the risk of the protocol itself being broken so for Zcash I’d say millions of times less likely than me being hit by an asteroid today.

Also please know that we hear the community loud and clear on the need to be more verifiable and we are working on ways to improve this. A brilliant bitcoin guy already showed steps in that directions with miniscript Towards a trustless Bitcoin wallet with miniscript | Ledger

For anyone interested to dig Ledger’s architecture and open source choices I’d suggest Secure Hardware and Open Source | Ledger

Best,

Thanks for the acknowledgment.

Yep I get you, this is a different thing and I am sorry to hear that those situations happen. However I want to highlight that apps are submitted by third party are audited and the report is always reviewed by our security team. We work a lot with Zondax and we are very grateful for their work, especially in this case. However we will always not trust & verify !

Indeed looking forward to see all those issues behind us

Hi @nicolas-ledger , if you are indeed an inside person at ledger, can you please shed some light for the community as to the release date for the zcash app?

Everything looks ok for the app and audit.
It’s now being tested with the wallet, I can’t commit on a date as we are still testing if there is no issue with those test it should in the coming week.

how’s the progress @nicolas-ledger any news or updates?

@nicolas-ledger any updates?

4-8 weeks away

Hello Zcash community, apologies for the recent silence, we’ve been actively engaged behind the scenes. I’m excited to share an update on the Zcash-shielded Ledger App with you all.

1. Ledger Official Review: this process is in progress, Ledger is committed to put resources to review this integration. Ledger is actively reviewing the app and it’s going well except for the support on the Nano X device. See point below.

2. Issues on Nano X: Nano X device is not a development device and it’s not possible to test on this device until Ledger has deployed the app on a testing environment. We have been recently able to test through this testing environment and we have encounter some issues due to computation time. On the Nano X device there is a watchdog which causes a reboot after 30 seconds of device “inactivity”. This issue is not specifically related to Bluetooth connectivity, neither on how the information is processed. We are confident to be able to find a solution for this. However, debugging on this device takes more time because every time we do changes we need to wait Ledger to deploy those changes on their testing environment.

3. Engagement in Collaborative Efforts we have been active in collaborating with other teams, such as Zingo, to facilitate the integration of this new app. We have also recently spoken to ECC and are really looking forward to have integration of Ledger wallet support in their upcoming wallet, Zashi. We are committed to offering our support and expertise to address any queries that may emerge during this integration process.

4. Wallet integration Guide: Based on the experience collected, we have been working on a generic high level integration guide, and are happy to share the first version here