Shielded Support for Ledger Hardware Wallets (NanoS+, NanoX)

Title:

Shielded Support for Ledger Hadware Wallets (NanoS+, NanoX)

Applicant name:

hann

Pitch: A one-liner elevator pitch version of your proposal

Zcash Sapling and Orchard support in Ledger

Total Request (USD):

$300100.00 USD

Have you previously received a grant from Zcash Community Grants (formerly called ZOMG) or ZF?

Yes

Please provide details:

Cold Wallet

BTCPayServer Integration

YWallet

Are you seeking or have you received funding from other sources for this proposed project?

No

Applicant background:

I am the author of YWallet and the creator of Warp Sync. Previously I worked as a Senior Software Engineer at Microsoft and was the CTO of a Hedge Fund in Asia.

Description of Problem or Opportunity:

Shielded pools are not usable in hardware wallets. There is an ongoing effort to make Trezor work (Orchard only) and Ledger (Sapling only). But not both.

This proposal would bring shielded pools (Sapling & Orchard) to Ledger popular series of Hardware Wallets (NanoS+ and above). These wallets are popular, affordable and have a secure element chip making them a highly secure solution for storing zcash.

Proposed Solution: Describe the solution at a high level.

1. Integrate Zondax zcash-ledger into YWallet

2. Extend zcash-ledger with Orchard & UA

3. Integrate with YWallet

Solution Format: What is the exact form of the final deliverable you’re creating?

YWallet will have a new type of account backed by a Ledger. During account creation, the user will have the option to connect to a Ledger. Then Ywallet will take care of synchronization and note maintenance. As such the account behaves as a watch-only wallet.

Signing will require plugging in the device and user authorization.

Technical Approach: Dive into the how of your project. Describe your approaches, components, workflows, methodology, etc. Bullet points and diagrams are appreciated!

Working with Zondax, we’ll complete the work on the Ledger app for Sapling.

Then, we will need to do:

• Orchard curves for Pedersen Hash and Signatures,

• UA

• Transaction V5

Dependencies: What external entities is your project dependent on? What involvement is required from ZF, ECC, and/or other external organizations? Who would have to incorporate your work in order for it to be usable?

This project requires close cooperation with the Zondax team. They have shown keen interest in delivering their solution and were blocked by the lack of wallet support.

Execution risks: What obstacles do you expect? What is most likely to go wrong? Which unknown factors could jeopardize success? Who would have to incorporate your work in order for it to be usable?

The highest risk probably comes from Ledger certification process. Apps need to be tested, validated and signed off by them.

Unintended Consequences: What are the negative ramifications if your project is successful? Consider usability, stability, privacy, integrity, availability, decentralization, interoperability, maintainability, technical debt, requisite education, etc.

None

Evaluation plan: What metrics for success will you share with the community once you’re done? In addition to quantitative metrics, what qualitative metrics will you commit to report?

At each phase, there is a clear deliverable

1. YWallet + Ledger z-addr

2. Ledger app with Orchard/UA PR

3. YWallet + Ledger UA

Hardware/Software total budget:

$100.00 USD

Please provide justification for the total hardware/software budget:

A dedicated Ledger S+ device

Services total budget (cloud, hosting, etc.):

$0.00 USD

Please provide justification for the total services budget:

N/A

Compensation total budget:

$300100.00 USD

Please provide justification for the total compensation budget:

Based on the duration, complexity and value of the project.

Do you require startup funding?

No

Milestone 1 - estimated completion date:

05/01/2023

Milestone 1 - USD value of payout upon completion of deliverables:

$100000.00

Deliverable 1.1

YWallet + taddr/zaddr in Ledger

Milestone 2 - estimated completion date:

08/01/2023

Milestone 2 - USD value of payout upon completion of deliverables:

$100000.00

Deliverable 2.1

Ledger app with Orchard & UA support

Milestone 3 - USD value of payout upon completion of deliverables:

$100000.00

Milestone 3 - estimated completion date:

10/01/2023

Deliverable 3.1

YWallet + Ledger UA (Transparent + Sapling + Orchard)

Total proposed USD value of grant:

$300100.00 USD

How was the project timeline determined?

Based on the history of development ledger app and shielded wallets

Application submission date:

02/28/2023

Way to step up, @hanh

I fully support this grant.

This is so important, please make it happen!

There will be no mass adoption without shielded hardware support. No one in their right mind will leave a substantial portion of their net worth in a hot wallet, whether mobile or desktop. I still don’t understand why this topic has such little emphasis in the community.

At least ZEC has transparent addresses that are supported by hardware wallets. Otherwise, there would currently be no secure way to safely store your coins in cold storage via self custody. Sad!

I’m posting this in a personal matter and my view does not represent ECC or ZCAP views.

I don’t doubt the capabilities of the developer of completing the grant. But I think that it is a mistake to pursue any developments without a written and legally binding commitment of the Ledger Company of certifying the shielded support once its audited with high priority and in a reasonable timing.

Ledger support developments have been done before by other teams and it was a failure because hardware wallet companies wouldn’t make the development available to their users.

The grant should be conditionally approved to that legal contract being obtained. Even grant more money for legal support to achieve that if needed.

There’s no point on spending valuable developer time and Grant Funds into a project that a company can thumb down and ban without any consequences.

I propose that ZF and ZCG should find and foster Open Hardware and open source software hardware wallets that decentralize and offer a free (as in freedom) alternative to hardware wallets.

In light of this announcement from Trezor, I think we need to be careful with assuming Ledger will prioritize Zcash shielded transaction support. Since NU5, Ledger has been a disappointing experience for Zcash users. Trezor has been much better but still, they are not prioritizing Zcash support.

Last time I check, Ledger users still cannot access their ZEC for more than 6 months. And we’re talking about transparent support here. Now I would imagine shielded support will get integrated at a much longer timeline, if ever.

I second this opinion. We have to, as a community, support open-source efforts in this area.

There are two apps for zcash. The one that runs on Ledger live and is having issues, is written by Ledger based on the bitcoin app. It has trouble with NU-5 and TX v5.
This proposal is about the app by Zondax. It is specifically written for sapling shielded zcash but also supports transparent zec. It is compatible with the Ledger zcash app. Therefore Ledger Live can use it but without the zaddr.

The certification by Ledger will be driven by Zondax. They have extensive experience with the process. In fact, one of the requirements is to have a public wallet that supports the ledger app.

However, I agree it should be clarified with Zondax. I don’t think they said anything regarding orchard.

That’s a good clarification. I think that without expressed commitment to actually drive this to production on ledger’s side, it’s the same thing. No matter what the grantees do, even if they excel at every arbitrary ask by ledger, they can still veto it.

That’s why I mean that without expressed legally binding agreement by the hardware wallet manufacturers to include the shielded support development in their production releases, it’s mostly gambling at their “good will”. We won’t have any better results that the ones previous grants had.

And I don’t mean this in any way to “boycott” or turn this down, on the contrary. I want you folks to be honored for your good work and that we can all benefit from it.

If the only. resort we end up having is telling Zcashers to reply “WHEN SHIELDED ZCASH” to every Ledger’s tweet, then I guess it’s better to invest your time and skills in other portions of the ecosystem until the deployment to production commitment can be sorted out.

I think it’s to every party’s mutual benefit to have Zcash on Ledger. Ledger wouldn’t be successful if not for 3rd party apps, but they need to ensure quality just like the Apple Store or the Google Store.

Agree, but Ledger has not prioritized Zcash integration for transparent transaction, so it’s safe to assume Zcash shielded integration will not be prioritized by Ledger any time soon.

I have sent them email regarding me having trouble accessing transparent ZEC on Ledger Live since September 2022. There has been no development on their side. Not that they try to fix this and then couldn't, it’s that Ledger haven't done anything on their Zcash app. So, how can we assume Ledger will gladly prioritize Zcash integration now?

Ledger Live and Zondax apps are two different apps. Ledger modified their Bitcoin app to make it work with Zcash. It was OK for a while but it stopped working after NU-5 because the change in the protocol affected the transparent side of zcash too.
This proposal is about the Zondax app and beyond. Ledger is not involved in its development.

Doesn’t Ledger have to approve any apps installed on their devices? I believe most people get their Ledger app through Ledger Live, which is gated by Ledger.

That is correct. They test the apps and sign them. It is pretty much the same as the Apple store and the Google store.

Yes, and there is no guarantee they will release the Zcash app even if the integration is done.

I support this proposal but Ledger approval is one dependency that needs to be cleared before commencing the work.

I don’t see why Apple & Google prior approval is not a concern but Ledger’s is, though. Why do you think they will deny it?

Because there has been precedent of Ledger not releasing previous Zcash app by Zondax?

That’s because there need to be a wallet that uses it. Exactly what this proposal includes

Didnt Zondax do a demo at Zcon3 was with a modified Zecwallet. What happened with that? What is blocking Zondax to get the Zcash app on Ledger?

There is a PR Add support for Ledger Hardware Wallet by becominginsane · Pull Request #106 · adityapk00/zecwallet-light-cli · GitHub. But it is not reviewed, merged, tested and released.

AFAIK, for certification, the wallet app has to be publicly usable.