Official Shielded Support for Zcash In Ledger HW Wallet

having this merged is a great step forward!

I’ve been using my Nano S with ZecWallet and I notice that the Zcash app actually asks the user to verify a lot more of information that no Zcash wallet actually shows, like the Nullifier. I assume this is a requirement from Ledger. Is there a way to avoid asking the user to “approve” a nullifier? can we skip this? If not, well, I guess that we’ll have to give in and make wallets show the nullifiers on screen to make the users be able to truthfully approve them.

The user is not supposed to trust the wallet because it could have been compromised. That would defeat the purpose of user validation.

I think you are missing my point. I’m wondering why we have to and what is the purpose of showing a piece of information on the hardware wallet that the user can’t actually verify anywhere?

Has anyone seen a nullifier in their lives ? (Core Devs and @hanh answers don’t count )

I don’t think I am missing your point. I am saying that the “workaround” is not acceptable.

Even if I know what a nullified is, there is no way for me to know that it is the right value.

Oh! That’s what I’m saying!

What’s the point of it being there? Is ledger asking for it ? Or is something that can be changed without being kicked out of their walled garden ?

It shouldn’t be a requirement. Bitcoin users are not required to verify their tx inputs. Why should we?

Once again here I am asking for an update? FFS the ledger team need to take a serious look at how Keystone wallet operate.

Where are things at with the Ledger app?

Hi @zkPete sure, let me give you an overview and general update to the community where things are.

Address Derivation Challenges and Solutions

Over the past month, we have been assisting Ledger with testing, primarily addressing issues related to the wallet (zec wallet) rather than the Ledger app itself. Ledger has specifically requested that we ensure the following scenario is thoroughly covered:

• Current scenario: If someone sent some ZEC from a shielded address (z-address), to a t-address generated from a Ledger account in Ledger Live, Ledger users can’t spend the funds.
• Objective of the Zcash Shielded app : With the Zcash Shielded app, a Ledger user should be able to spend the funds that he received on his t-address from a z-address.

This scenario specifically involves users who received z-to-t transactions using the old Zcash Ledger app that does not support shielded transactions. Our adaptation of Zecwallet appears to support this use case, as we have successfully tested it multiple times. However, the issue lies in how zecwallet and Ledger Live derive new accounts:

• In zecwallet: The account value changes based on user requests.
• In Ledger Live: The account value changes with each new account, and the address value changes with each new transaction per account.

We have tried a test modifying zec wallet to derive new addresses like
xx/xx/account/xx/address
account 0 - address 0
account 0 - address 1
account 0 - address 2
account 0 - address 3
account 0 - address 4
account 0 - address 5
account 1 - address 0
account 1 - address 1
account 1 - address 2
account 1 - address 3
account 1 - address 4
account 1 - address 5
account 2 - address 0
and so on…

We managed to locate the same address that Ledger Live derived. However, it’s not straightforward to find any Ledger Live-derived address because a new address is generated for each transaction. This makes the process of identifying specific addresses very complex.

To facilitate this particular use case, we added a textbox in zecwallet. This feature allows users to:

• Enter a Custom Derivation Path: Users can input the exact path they want to use.
• Generate Multiple Addresses Sequentially: Users can add multiple addresses in a row, such as 10 or 20 new addresses at once.

This change was well-received ; however, Ledger’s testing team reported significant delays during scanning, with some scans taking up to five hours. Unfortunately, this is a limitation we cannot address, and in such cases, rescanning from birthday is the only solution.

In other testing scenarios, the issues were server-related. To address this, we advised Ledger to switch to a different Zcash server.

Screenshot 2024-09-24 at 11.16.49920×400 19.8 KB

Screenshot 2024-09-24 at 11.14.03702×321 18 KB

Overall, the main issue Ledger is encountering is that zecwallet is not inherently user-friendly. While we have successfully adapted it to work with the new Ledger app, it can still be buggy at times and may require restarts or resynchronizations.

Nano X issues
Ongoing issues with the Nano X unfortunately persist, and as a result, it has been decided to release the app initially without support for this device. However, testing with newer devices like the Flex and Stax has been successful.

New Security Delta Audit
A new Security Delta Audit was requested due to the numerous changes made to the Ledger app since the initial audit. We received the delta audit report yesterday, which identified only minor fixes and clean-up tasks. A new pull request (PR) addressing these issues will be submitted to Ledger this week for a new deployment and final testing. Once this audit is validated, and assuming they can successfully run the flow with ZecWallet, the app will be ready for release.

Overall, we are hopeful that there will be no further blockers this time. As long as the flow can be successfully validated, Ledger should be ready to proceed with publishing.

Hi Zcash community,

Quick update from our side:

The latest security audit has been successfully completed , and our most recent post-audit changes have been merged by Ledger: PR #7.

Everything is now deployed on Ledger’s testing environment, featuring a brand new logo!

zcash718×1424 73.9 KB

We’ve also released a new version of ZecWallet Lite: v1.9.0-ledger-rc5. We’re hoping other modern wallets will soon support the new Ledger app as well.

In our tests with locked funds, using ZecWallet and the new Zcash Shielded app, we successfully were able to transfer those funds.

Ledger did express concerns about displaying IVK/OVK on the device, as it might not align with their security guidelines. However, after careful explanation of the purpose, we believe this is no longer an issue.

At the moment, the only delay is due to Ledger running tests with a very old wallet, and ZecWallet Lite getting sync issues with LightWallet ID servers. We are working to assist them and hope that soon are able to run tests on their end that will lead to the application release (for good).

image (73)2124×1226 229 KB

Congrats! Based on how Ledger has acted all these years though, I still think Keystone will release their app first before Ledger. Let’s go Keystone!

The wallet would at least need a custom-fee field as well, to have minimal support for zip317, unless they’re automatically calculated.

I would presume that the fee would be computed on the networked device (which would also be responsible for the proofs), and that the Ledger is just creating the signatures?

That’s pretty much how Ywallet ledger app works. The view-only wallet creates the transaction, sends it to the stick, signs it, sends it back to be broadcast. I don’t think zwl ever got the new base fee.

Great news @ainhoa-zondax !

some comments:

I guess I agree with Ledger in this case. I’m a user of their brand and I find the IVK / OVK display not helpful to me as a “power/expert user”. I don’t think it would make sense to others since there’s no straightforward way to make a sense of that information from the wallet UI.

Usually when the ledger device shows you information, you double-check it on the screen of the wallet app and see that it’s the same. Obviously the source of truth is the HW wallet and the user just verifies that the APP’s UI is not giving them bs, but that flow doesn’t hold for Zcash as it does on all the rest of the coins supported by Ledger. How can we make this better?

Same applies to nullifiers (at least on the previous version of the Zcash app). When spend is about to be authorized, the ledger device would show me a nullifier. Which, as a user, is something I can’t easiliy make a sense of. I imagine that a user has no information to knowingly be able to verify or contrast that information on the ledger screen with something else. They would accept taking a leap of faith when the press the two buttons on the ledger to approve.

We do have zip317 support. We have adapted zec wallet lite

Hey pacu, we improved already the nullifier UI, and moved those fields into expert mode, so they won’t be showed by default.

@ainhoa-zondax and rest of the Zondax folks please be aware of the NU6 changes. Specifically the consensus Branch ID. If your fork for ZecWalletLite does not point to the NU6 Branch ID your wallet will stop working.

Please refer to the Zcash R&D discord for any further questions

Thanks @pacu we will be looking into NU6 changes to see what needs to be adapted into the wallet.

Mid-term, our goal is to eliminate the need to maintain our ZEC wallet fork by encouraging more wallets to support Ledger integration.

Hi what is the official update on this? I saw some people on twitter had been using the new shielded app already?

You can test it out, but be advised, it’s still early and should expect errors. The app is in Ledger Live called Zcash Shielded. It requires the Zondax fork of Zecwallet Light.