OneKey Zcash Hardware Support with Unified Wallet Architecture (Transparent + Shielded)

Jenny0115 · February 28, 2026, 6:24am

OneKey envisions a future where all cryptocurrency users can prioritize privacy and security without compromise. We aim to drive broader adoption of the Zcash network by providing the most robust, secure, and user-friendly solution for managing ZEC’s unique features.

Proposed Problem

This proposal funds full Zcash support (transparent and shielded, post-NU6) within the OneKey hardware ecosystem to address a distribution and resilience gap in Zcash’s privacy stack.

Zcash’s long-term success depends on broad hardware-level shielded access. Today, shielded functionality remains unavailable across meaningful segments of the global hardware wallet market, limiting adoption among security-focused self-custody users.

OneKey serves 300K+ monthly active users and nearly 1 million users globally. Enabling shielded Zcash within this ecosystem immediately expands privacy-capable distribution across 166 countries.

This grant diversifies Zcash’s hardware implementations, reducing vendor concentration risk while strengthening privacy accessibility at the device level.

This is a targeted ecosystem investment: expanding hardware-level privacy reach, increasing distribution efficiency, and reinforcing Zcash’s core mission where it matters most — secure self-custody.

Proposed Solution

We propose to release a new firmware with transparent and Orchard support, which will allow users to securely manage shielded ZEC from OneKey Wallet Desktop.

Please check the full proposal here: OneKey Zcash Hardware Support with Unified Wallet Architecture (Transparent + Shielded) · Issue #228 · ZcashCommunityGrants/zcashcommunitygrants · GitHub

Requested Grant Amount (USD): $45,000

Solution Format

The solution consists of:

Firmware-level Zcash implementation covering transparent and Orchard transaction signing
PCZT format parsing and on-device transaction validation
Clear signing implementation displaying transaction details (addresses, amounts, memo, fees) on the hardware screen before user confirmation
Automated regression testing
External security audit
Production release with documented derivation paths
Licensing
- OneKey’s firmware is fully open source. The license terms are available at: https://github.com/OneKeyHQ/firmware-pro/blob/main/LICENSE.md All Zcash-specific code produced under this grant will be released under the same license and publicly available in OneKey’s existing open-source repositories.

Success Metrics

Successful on-device signing of all four transaction types (transparent, shielding, deshielding, fully shielded) via PCZT workflow
Clear Signing correctly displays all transaction details including memo content before user confirmation
No key material exposure during the entire transaction lifecycle
No asset migration blockers (contrast with Ledger history)
Recovery works via standard BIP-39 seed with correct ZIP-32 Orchard derivation
Regression tests pass across firmware versions without breaking existing chain support
External security audit passes with no critical vulnerabilities

Milestone Details

Milestone: 1

Core Zcash Hardware Support (Transparent + Orchard with PCZT & Clear Signing)

Amount (USD): 25K

Expected Completion Date: 2026-07-30

Deliverables:

OneKey hardware firmware implementation:

Add Pallas and Vesta curve support to the cryptographic stack
ZIP-32 Orchard key derivation
Transparent address generation and transaction signing
Orchard address generation (Unified Addresses with transparent + Orchard receivers)
UFVK export
PCZT parsing engine: validate transaction structure, extract outputs, fees, and memo fields
Clear Signing implementation: on-device display of recipient addresses, amounts, fees, memo content, and transaction type before user confirmation
Memo field parsing and display for shielded outputs
Support for all four transaction types: transparent, shielding, deshielding, fully shielded
Unified firmware implementation (no per-asset firmware splitting)
Documentation of derivation paths, PCZT integration protocol, and signing model

Acceptance Criteria:

Device correctly derives Orchard keys and generates Unified Addresses from BIP-39 seed
All four transaction types can be signed on-device via PCZT workflow
Clear Signing UI displays complete transaction details (addresses, amounts, fee, memo, type) and requires physical confirmation
ZEC transactions are signed exclusively by hardware; no key material leaves the device
Recovery via standard BIP-39 seed produces identical addresses
No firmware splitting introduced for Zcash
Independent testers complete end-to-end transactions without key exposure

Milestone 2

Security Hardening and Maintainability

Amount (USD): 10K

Expected Completion Date: 2026-09-30

Deliverables

Modular Zcash transaction components separated from hardware-specific code

Internal security review covering:

Orchard signing flows (Pallas correctness, randomness quality)
ZIP-32 key derivation (path isolation, key material handling)
PCZT parsing (input validation, buffer overflow prevention, malformed transaction rejection)
Clear Signing integrity (display-what-you-sign guarantee)

External security audit focused on:

Orchard cryptographic implementation
PCZT parsing attack surface
Key isolation within device

Regression test suite covering:

All four transaction types
PCZT edge cases (malformed data, oversized memos, maximum input/output counts)
Firmware upgrade compatibility testing

Public maintenance documentation

Acceptance Criteria

No critical vulnerabilities found in external audit
Regression tests pass across firmware versions
Orchard transaction signing is stable under stress testing
PCZT parser correctly rejects all malformed or invalid transaction data
Firmware upgrades do not break existing ZEC accounts or other chain support
Display-what-you-sign property verified: signed transaction matches what was shown on screen

Milestone 3

Production Stability and Migration Safety

Amount (USD): free

Expected Completion Date: -