Context - Ledger HW Wallet App with shielded support
Zondax developed a Ledger app with Sapling z-address support as part of a Zcash Foundation grant. More recently Zondax upgraded the app, improving its application structure, refactoring it and adding support for new Ledger Devices (Ledger Nano S plus) and completed integration with the Zecwallet Lite Desktop wallet.
We presented at the Zcon3 conference our complete Ledger support for the shielded Zcash transaction in Zecwallet Lite Desktop (Zondax).
Unfortunately, because Zecwallet Lite Desktop is part of a different organization we were not able to ensure that our PR was accepted or released in that repository. The lack of desktop wallet support resulted in our deliverable not being accessible to users or published by Ledger SAS.
This is the PR that was submitted: Add support for Ledger Hardware Wallet by becominginsane · Pull Request #106 · adityapk00/zecwallet-light-cli · GitHub
Our primary objective is to get the Zcash Ledger app with shielded support approved and released by Ledger publicly.
In a second phase, we plan to upgrade the app to include Orchard and unified addresses. Orchard is a new protocol that improves the privacy and efficiency of Zcash transactions, while unified addresses simplify the sending and receiving of funds. Finally, we will integrate the app with Ledger Live, which is Ledger’s companion software that allows users to manage their cryptocurrency holdings from a single interface.
Once we have completed this integration we will concentrate on documenting the process via blogs to allow other developers to understand the integration process. This will facilitate further integrations in the ecosystem.
M1 - Enabling Web-Wallet support and submission to Ledger
Our plan is to create a fork of Zecwallet Lite Desktop and make the necessary changes to support the Ledger Nano App that we have developed, which includes Sapling support.
To ensure the security of the Ledger App modifications, we will have them audited by an external audit firm approved by Ledger. This audit will review the modifications and ensure that they meet the necessary security standards required for public release by Ledger.
M1 Scope Summary:
Zecwallet Lite Desktop fork with integration of Ledger HW Wallet app with Sapling support
External security audit of the Ledger App
Submission to Ledger and coordination
Budget for this Milestone: 55’700 $
M2 - Maintenance of Zecwallet Lite Desktop fork + Ledger App
We will take responsibility for maintaining this fork, including the necessary infrastructure (i.e. Zcash node and lightwalletd server) and operations, for 12 months after we submit the application to Ledger. While our team would be interested in continuing to maintain the fork beyond this period, that is not within the scope of this grant. By maintaining the fork for 12 months, the team is committing to ensuring that the modified version of Zecwallet Lite Desktop continues to work properly and can be used with the Ledger Nano App during that time.
During this period we will also maintain the Ledger App covering the following areas:
Ledger SDK or firmware upgrades that affect the application
Device support for Ledger Nano, Nano Plus, Nano X and Stax
Security fixes related to Ledger SDK layers
Repository and issue monitoring and triage
Resource availability (ensure internal training in your chain, rotation of resources, etc.)
Analysis and early warnings in the case of known security issues that may affect the application
Early warnings and prioritization in the case of urgent issues or vulnerabilities
Periodic coordination with Ledger
Note* This does not include development of new features or upgrades to new protocols.
M2 Scope Summary:
- 12 months of operations + maintenance of Zecwallet Lite Desktop fork
- 12 months of basic maintenance of Zcash Ledger App
Budget for this Milestone: 58’800 $
M3 Upgrade to Orchard and Unified Addresses
During this milestone, our team intends to make the necessary modifications to the Zcash Ledger app to add support for both Orchard addresses and Unified Addresses. This will make the app more efficient and user-friendly, while still maintaining the privacy and security features that make Zcash unique.
M3 Scope Summary:
- Adaptation of the Ledger App (all devices) to support Orchard and Unified Addresses
- Integration into Zecwallet Lite Desktop fork maintained by Zondax
- Submission to Ledger and coordination
- External security audit of the Ledger App
Budget for this Milestone: 62’800 $
M4 Ledger Live Integration (w/Shielded support)
This milestone will involve integrating the new Ledger application with Shielded support into Ledger Live, and providing infrastructure and DevOps support for 24 months
M4 Scope Summary:
Ledger Live Initial Integration:
Review and verify required data (ticker, coin, logos, etc.)
Verify, develop or migrate typescript integration library
Common Lib support
CLI Bot test cases
- Provide dedicated servers to run infrastructure, nodes, APIs, etc. for 24 months.
- DevOps support
- Preparation and coordination of the submission
- Corrections and review support
Budget for this Milestone: 105’600 $
- M1: Enabling Web-Wallet support and submission to Ledger: 55’700 $
- M2: Maintenance of Zecwallet Lite Desktop fork + Ledger App: 58’800 $
- M3: Upgrade to Orchard and Unified Addresses: 62’800 $
- M4 Ledger Live Integration (w/Shielded support) : 105’600 $
Total Budget requested: 282’900 $
About Zondax Team
Experience and Repositories
Zondax is a growing and distributed team with experience and projects for more than 50 blockchains. Zondax has been contributing to the Blockchain ecosystem since 2018-2019. The team has received and completed a large number of grants and currently maintains most Ledger apps for the ecosystem (+30). Our team includes experts in most blockchain aspects, cryptography and programming languages.
Most of our contributions to the blockchain ecosystem can be found in our GitHub organization: github(dot)com/zondax
We have experience in the review and release process by Ledger and have a streamlined workflow to simplify this. Zondax has successfully delivered over 30 Ledger Nano App projects/docs(dot)zondax.ch/ledger-apps/overview and 4 Ledger Live integrations that are either publicly released (eg. zondax(dot)ch/blog/zondax-delivers-full-ledger-live-integration-for-filecoin)) or currently under security review.
License: Zondax source code will be delivered under Apache 2.0 License and/or MIT License (this is also required by Ledger). Deliverables will include source code, unit tests, continuous integration, and integration tests.
Here link to official proposal: Gallery View: Zcash Community Grants Program