Shielded Support for Ledger Hardware Wallets (NanoS+, NanoX)

Great news!!!

I think it’s fair to the community to have an organizational support over the ledger app, besides bureaucratic requirements, I can think of a few good arguments:

• for a long term thing as HW wallet storage, if it’s community funded, it makes sense that it should be “community owned” or at least have an organization that is resilient to mundane human life events to keep things running long term.
• In addition to the point above, I don’t think it’s fair for people to tie up individuals to such a long-term things. People have the right to move on, step away, retire, or whatever they want to do with their life. It feels like ‘too much to ask’ to someone to be in charge of this solely.
• I don’t have concerns about Hahn having an Org himself to comply with ledger he’s proven that he’s capable of delivering and responding to any events that might come up, but having a Zcash branded developer registered in ledger app ecosystem is a easy way to recognize a legit app developer for the common people.
• Zondax is a good actor, but as a zcasher I feel safer if HW wallet B2B relationships are handled by a Zcash focused org like @ZcashFoundation or ZCG, Zondax might pivot to other interests and we will be having this discussion plus a ton of other difficult paperwork problems to solve.

The code is open sourced. Both ledger app and ywallet are on GitHub.

I know. I wish that would have been enough for Ledger to let you publish the app on their platform, but it isn’t

The positive note is that it seems to be a path forward to get it released

I was replying to this section. I don’t know how it can be more community owned than having it open sourced on github.

I agree, but I’m not referring only to the code itself. Unfortunately, the code being open source, is not enough for them, otherwise your ledger app would have been published already, since it’s proven to work, been audited and all the technical etceteras on can think of.

I’m specifically referring to the organizational requirements that have been explained in @aquietinvestor’s post. From what I understand, Ledger has requirements on legal structure of publishers, that are independent from code the they ship.

A decision will have to be made to appoint the publisher of the ledger app. And it’s my belief that the appointed org should be

[…] “community owned” or at least have an organization that is resilient to mundane human life events to keep things running long term.

Zcash Community Grants (ZCG) would like to provide the community an update on the status of the Ledger app development for Zcash shielded transactions. At present, we find ourselves at an impasse because we are unable to identify an organization willing to co-apply with Hanh. This circumstance is due to Ledger’s preference for having an organizational entity, and not an individual developer, as a partner for the development and maintenance of the app as well as ongoing support and updates.

We’ve discussed this issue with both the Zcash Foundation and the Electric Coin Company (ECC). Unfortunately, neither organization is willing to submit the application on Hanh’s behalf. While this outcome is less than ideal, we understand and respect their concerns. Ledger’s terms and conditions [1] require the submitting entity to make specific representations and warranties to ensure the app’s functionality, security, and ongoing maintenance. Neither the Foundation nor ECC is comfortable making these representations on behalf of an individual developer.

ZCG firmly believes that Hanh possesses the skills and dedication needed to deliver this app, and we know that the Zcash community shares this belief as well. If Hanh were to walk away from the project, ZCG has the resources needed to recruit and fund another development team to continue to provide ongoing development and support of the app. However, since ZCG is a committee under the Foundation, and not an independent organization, it lacks the autonomy to enter into legally-binding agreements and cannot submit the app on behalf of Hanh.

ZCG will continue to take proactive steps to move this project forward. The ideal outcome is to find a qualified organization that the Foundation or ECC is comfortable sponsoring, if necessary, that can adopt Hanh’s codebase, take over development, and ensure the app’s ongoing support and maintenance. The feasibility of this approach is uncertain at this stage; however, we’re actively reaching out to development organizations to explore their willingness to assist. Additionally, we will contact Zondax to discuss the possibility of them taking over this project. Zondax has significant experience developing apps for Ledger devices and may be best suited to deliver an app that meets Ledger’s requirements.

We apologize for the complexities and delays surrounding the Ledger app development and understand the community’s anticipation for Zcash shielded transactions on Ledger devices. Ledger’s preference for individual developers to co-apply with an organization was an unforeseen circumstance that we did not anticipate. We are dedicated to resolving this matter in a timely manner and will continue to provide updates as the situation evolves.

[1] I have pasted the relevant section from Ledger’s Terms and Conditions below:

As an App developer, you assume total responsibility and risks for your use of the Service and any damage that your application may cause to third parties or to Ledger. This responsibility includes, but is not limited to, all the necessary steps to maintain the continuity of the availability and the performance of the App you have developed and submitted to the Service. You shall, at all times and at your own cost, regularly test and update the App you have developed in order for your App to be fully functional with the latest Ledger updates and plugins, as well as, mitigate all risks and incidents that may affect your App, or the use of your App by any third party.

By submitting the App to the Service, you warrant that your App will not cause any fault or malfunction in any software, firmware, hardware or network and information system, nor shall introduce any viruses or vulnerabilities onto the Services. You warrant that the App will operate in accordance with Ledger and user expectations and that the maintenance of your App will be of satisfactory quality and conform to the requirements to function with the Service, Ledger software, firmware and hardware.

Jason, I don’t understand the part of the ledger app treated as sent “on behalf of Hahn”? I have some thoughts and questions. These might have been already discussed. So I apologize if that’s the case.

Given that grantees are independent developers working on tasks that are approved by ZCG (and therefore ZF as controlling entity), wouldn’t it be possible to think of Hahn (or any other developer willing to work and maintain on that code) as contractors that work on code that will belong to ZF?

Ultimately these are “nuances” because someone that obtains a grant to develop a piece of code, has to prove that has delivered the proposed milestones. Same works for software contractors. They engage in a contract for a given piece of work, etc, etc etc.

So would it be possible that the Foundation takes ownership of the code produces from the grant, evaluates it, and ship accordingly when it considers that it has been tested and there is confidence that complies with Ledger’s requirements?

We can’t have a situation in which ZCG imposes contractual obligations on ZF without consent.

Are ECC and/or ZF working with you to find a viable path forward?

We have a meeting with ZF tonight to discuss how to move forward.

I would love for ECC or ZF to make this happen but I understand both probably don’t have the resources necessary to take this responsibility

(to be clear not speaking on behalf of ZF, I don’t make this decision)

What a mess.

when a grant is funded, it should be fully thought out. why are we funding projects that have no ability to be fully realized? for some important development projects, consent was granted when the grant was approved and zec holders should own the code for all core development.

since we are funding the development. and ledger seems like an important way to hold zec, the entity that approved the funding should take ownership. when these grants are funded the long term total cost should be considered. if the entity that funds is not willing to support it, why approve the grant to begin with?

the foundation seems to be handing out money for minor grants. but they won’t take ownership of ledger ongoing maintenance?

asking questions about how our money is spent is now considered a complaint?

i want to see zec realize and get the benefit of every dollar spent. and i want the majority funding to go to developers who are creating the blockchain.

i hate seeing wasteful and not well thought out spending….maybe we are just not on the same team.

Maybe he wouldn’t if there wasn’t anything to complain about!

Plenty of weak spots in this entire project and they should be rightfully exposed.

Don’t act like you want decentralized money if you just want to follow the status-quo and stay passive. Closed mouths don’t get fed etc etc.

And what do you get out of that? A badge that says “Nice Reply” on some discourse forum?

This has nothing to do with “bleeding edge tech” or whatever narrative you’re attached to. It’s simply terrible planning and execution from the treasury and organization that supports it.

Maybe it does? We don’t know that. This grant has been in progress for way too long. And at the same time you’ve got the ECC and all other “powers-that-be” claim to want to increase shielded adoption? How do you expect to do that without any hardware wallet support for it?

unfortunately this is a competition. we need to be focused and diligent to win. you might be kind to some people, but it’s clearly not to everyone. you’re putting yourself on a pedestal when we need to be out competing paypal, monero, bitcoin and others. the one complaining is going to be you when big corporations figure this stuff out because they understand customer products and managing people and processes.

Hi folks! ECC’s current understanding is that Ledger needs an organization (not an individual) to sign a document committing to ensuring the following:

ZCG contacted us and we thought about this. We would love for Ledger to implement full shielding support! Many of us use Ledger hardware wallet devices to protect our crypto from bugs and hacks in software, and it would be perfect if when doing so you could also protect your ZEC from prying eyes!

Having thought about it, we decided that ECC cannot commit to this at this time, because we are a small (but mighty) team with limited resources. As such, we need to focus all of our efforts on delivering tangible results as soon as possible in each of our four focus areas:

• Deploying Zashi wallet — contact me if you want to be a beta tester and if you have a strong stomach for finding bugs and reporting them in great detail!
• Our SDKs and Zcash Core Libs which are used by Nighthawk, Edge, Unstoppable, and now Brave (in addition to Zashi, and in addition to several other users of our code) — see our recent release of ECC SDK 2.0.
• Policy advocacy to ensure that self-custody, privacy, and staking remain legal and remain reputable. These are virtuous things that good people do in the United States of America. See the upcoming Global Encryption Day congressional briefing in Washington D.C. that our Head of U.S. Public Policy and Strategic Advocacy, Paul Brigner, is organising.
• Making it possible for Zcash users to transition to Proof-of-Stake — see our current work on designing, security-analyzing, and prototyping the Zcash Trailing Finality Layer. (Which would fix the issue with lack-of-finality that has caused Coinbase to recently limit its support for Zcash.)

Inasmuch as we can do so, we would definitely like to support the Zcash community in solving this so that we have sustainable, supported, shielded Zcash in Ledger. It sounds like to me that what the Zcash community needs is an organization willing to step up and take on that responsibility, and then I’m guessing that Ledger probably needs to vet that organization and achieve a certain level of confidence in its sustainability and professionalism.

One thing that I can potentially do to help is to continue to introduce to ZCG any such candidate organizations who reach out to me. Off the top of my head, here is a quick brainstorm of potential candidates: Zcash Foundation, Nighthawk Apps, Equilibrium, Shielded Labs, Zondax, Red Dev, Qedit, and finally… Ledger itself! If Ledger values this unique feature for its users, and wants to take on the responsibility of maintaining the code, that could be a perfect solution in which Ledger effectively becomes a part of the Zcash support ecosystem!

@zooko this may be a scenario or situation why gas/fees are so important. when i move my ERC tokens out of ledger, i get charged for gas. those charges are what helps to support the ecosystem and valuable use cases like ledger support.

it only makes sense ledger wants an organization because organizations last into perpetuity whereas people don’t. and the fee structure is what helps ensure the longevity of the organization so that all people can count on zec ledger support indefinitely.

To illustrate, i move some money from ledger to coinbase. i was charged around $1 gas.

is there a fee structure in place so that an organization who takes over this responsibility gets paid per transaction to maintain the code or do they have to ask for grants or how do they make money for supporting the ledger code in this use case?

Since I am one of the parties closely involved in this, please allow me to chip in.

We all know that the price of ZEC has greatly dropped over the years. It is but a fraction of what it used to be. This clearly puts a lot of pressure on the entities that depend on the devfund. Therefore I understand the position of the ECC and the ZF. If they didn’t have the resources to promote Ywallet a year ago, then for sure they don’t have the resources to maintain the Ledger integration now.

However, isn’t it what the Major Grants are designed to do? Take on major projects that neither the ECC nor the ZF would? If so, then what is happening? Why can’t they be the contact point for Ledger?

In my opinion, there is an issue with the corporate setup.

The ZCG receive more funding from the community than the ECC or the ZF, but it does not have the ability to enter legal contracts. Hence, it does not only rely on the ZF for administration support but the ZF practically has veto.

I think it is paramount that the ZCG, or any future organization in charge of independent projects, becomes a legal entity with the reputation to represent Zcash holders.

Unfortunately, I feel that the current situation is greatly detrimental to the decentralization of Zcash. It is yet another example of the gatekeeping that prevents third-party developers from contributing. Obviously, I am disappointed.
Even more so because I believe that Zcash faces difficult times, but instead of working together, it appears we are working against each other.

In my opinion, the setup of the devfund and the corporate structure of the devfund recipients are partly responsible. I think we should keep this project in mind when we vote on this.

On a positive note, if all that Ledger needs is a legal entity to work with, I am currently in discussion to have a company submit the app on my behalf. Even though, on paper, it would have no track record, it would have the advantage of having expertise on the subject matter. The ZCG/ZF/ECC could just vouch for it informally.

Also, it could be time to pursue the Trezor integration. Having a direct competitor implement shielded transactions could be the commercial incentive we need. I haven’t looked at their implementation but it may be possible to integrate it in Ywallet too.

you are 100% correct.

now maybe i just don’t get it; but i don’t see how the organization taking over this role gets paid without permission or the risk of ZCG or other centralized entity saying no in the future.

this is why i keep saying zcash is highly centralized. a decentralized framework would allow you to take a fee on all zec ledger transactions. no lobbying with polls or consensus or centralized funding that is maybe yes today maybe no tomorrow.

if people actually want to use zec on ledger, the fees will be more than enough to pay the organization in an decentralized permissionless manner. no voting required. it’s in the protocol.

with trevor we probably have the same issue long term. ledger is just thinking ahead. we should be learning something from ledger. it’s about a lot more than just having a legal entity, it’s about long term support.