The ECC Kitchen

Hey Zcash Community,

I am thrilled to kick off this new forum thread, which I’m fondly calling the ‘ECC Kitchen,’ inspired in part by one of Josh’s weekly updates back in April. It’s here that we’ll serve up fresh updates and insights directly from the minds and monitors of the ECC team working on the Zashi wallet and the Zcash protocol.

ECC Kitchen1600×900 178 KB

Inside the ECC Kitchen Think of this space as our kitchen table, where you’re invited to join us, peek into our pots, and watch as we meticulously mix the ingredients that go into building Zashi. We’re not just throwing things together; every feature, every line of code is like a carefully measured teaspoon of innovation, stirred with an unwavering commitment to privacy.

Understanding Our Process Why does a “simple” feature take weeks to roll out? What makes Zashi’s approach to privacy so robust? In this thread, we’ll unpack the complexities of development, the decisions that shape our work, and the challenges we conquer to deliver a secure, user-friendly product. It’s about transparency and trust, showing you how deeply these values are rooted in our process.

Building on Solid Ground The same team that builds and maintains the Zcash protocol is crafting the Zashi app. This continuity ensures that the high standards of privacy and security inherent to Zcash are embedded in every aspect of Zashi. We’re here to make Zashi the most reliable gateway to using ZEC, relentlessly moving towards the vision of digital cash, without cutting corners.

Vision for the Future Stay tuned as we unfold Zashi’s potential to transform ZEC into what it’s truly meant to be—true digital cash. Your feedback, questions, and engagement here will help us refine Zashi, making it not just a tool, but a testament to the power of privacy-focused innovation.

Join the conversation, ask questions, suggest features, and let us know how you use ZEC. Your input is invaluable as we cook up the future of digital transactions with Zashi.

Looking forward to many engaging discussions and lots of shared learning. Here’s to making Zashi a kitchen where we all contribute to the feast!

Cheers to private payments.

In this first release update of the thread, I’m highlighting the three new Zashi features that we introduced on iOS last month and that, starting today, are also available on Android.

Currency Conversion: Privacy-First Approach Our enhanced currency conversion feature in Zashi now leverages the Tor network to fetch the ZEC-USD exchange rate. This means you can view the exchange rate directly in your wallet while keeping your IP address private from the exchange servers that receive information requests and provide this data. Check out the infographic below, and stay tuned for a video with @str4d, where we’ll dive into the hard work and care that went into this seemingly simple feature, as well as its potential for future privacy enhancements.

1600×900 184 KB

Tex-Address Support: Seamless Transfers to Exchanges Requiring Transparent Senders. Next, let’s explore Zashi’s tex-address support feature. This feature is for those who want to send shielded ZEC to exchanges that require a transparent sender. For these transactions, Zashi will create a temporary transparent address, known as ephemeral t-address, minimizing friction. All you need to do to send funds stored in shielded pools to an exchange like Binance is use the new tex-address provided by that exchange as your “send to” address. Strad will talk more about this in an upcoming video, which we’ll share here.

1600×900 156 KB

Transparent History Zashi now supports recovering a fully transparent wallet history. If you’ve imported your seed phrase from another wallet that allows fully transparent transactions, those transactions will now appear in your Zashi wallet history. Look out for a video from @nuttycom later this week for more on this feature.

We’ll be rolling out more posts about each feature in this thread throughout the week. Your feedback is invaluable, so let us know your thoughts.

Happy transacting.

Currency conversion in Zashi using Tor(Arti) explainer video from @str4d

There is an API for that in Lightwalletd.

I thought shielded wallets do not directly connect to exchanges anyway. Am I wrong?

That API was only provided in the Zecwallet Lite fork of lightwalletd; it was never merged into upstream. And the returned price data had no source authentication and thus was manipulable by the lightwalletd operator, which is a risk that the approach we take in zcash_client_backend and Zashi does not have.

Indeed, which is why directly connecting to exchanges (in order to get source-authenticated price data) was also undesirable. Individual wallets might have other features that involve direct connections to exchanges (e.g. for onboarding), but those should be a result of conscious user interaction, whereas exchange rate fetching is automatic.

Right, but I was saying that they actually don’t connect to exchanges. They go through price aggregators (which arguably can be wrong).

That’s not the case here. The functionality in zcash_client_backend (used in Zashi) fetches data from the exchanges themselves, not from price aggregators.

Wouldn’t it be better if the ZecWallet Lite Pull Request got merged instead? Every LightWalletD client could use the API without a dependency on Librustzcash.

No, because as I said above:

The lightwalletd trust model is that it provides correct data about the Zcash chain. That model was considered acceptable because there are ways for the obtained data to be independently authenticated, via either cross-checking with data from other operators, or using ZIP 221 FlyClient proofs.

No such authentication pathway exists for exchange rate data fetched and cached by lightwalletd, so there is no way to detect a malicious lightwalletd operator that is serving different prices to different users. Cross-checking doesn’t work because prices can fluctuate and depend on precisely when and to where queries were made (unlike Zcash chain data, which has Merkle trees basically everywhere that can be used to constrain what data is considered valid). A few exchanges now offer “oracles” that provide authenticated price data, but none of them do so in their public API (they instead require logins or API keys), and AFAICT none of them include ZEC prices in their oracles.

The approach that I implemented in zcash_client_backend instead gains its source authentication via the WebPKI, because the wallet is making a direct TLS connection to the exchange server. That connection is made over Tor to prevent it being a direct TCP connection (instead of via lightwalletd as in the other approach).

As it happens, I actually started off trying to do this via lightwalletd, by implementing a TCP-over-gRPC tunnel that lightwalletd operators would run as part of normal lightwalletd operations; clients would then get the same source authentication via the WebPKI by making a TLS connection through the lightwalletd server. But that had a bunch of challenges (both technical and operational), and then I realised that Arti was in good enough shape that it could be bundled, so I switched to that. (Shortly after deploying the changes, Swift announced Oblivious HTTP support which would be another avenue, but just like the lightwalletd approach it would rely on another single trusted third party, whereas Tor does not).

In any case, what I implemented in zcash_client_backend isn’t special; it’s literally just “connect to exchanges over Tor, and take the median”. If someone doesn’t depend on zcash_client_backend, they can do the same thing themselves.

Ok. I’ll look into these price oracles you mentioned.
Thanks

Hey everyone,

We’re launching a video contest to celebrate the recent Coinbase-Zashi integration! This integration is all about making Zcash more accessible and promoting self-custody, and we want to see your creative takes on this big step forward.

Here’s the scoop on the contest:

We’re inviting you to create and submit short videos showcasing the new Coinbase onramp feature in Zashi. Whether you prefer to keep it straightforward with a demo-like walkthrough, record a video testimonial, or go wild with imaginative scenarios (Two Zebras gushing about self-custody? Yes, please!), we want to see it all!

Video Themes: Your videos should focus on one or more of the following core benefits of the Zashi-Coinbase integration:

1. Ease of Buying ZEC for Existing Coinbase Users: Show how simple it is to “Buy or transfer with Coinbase” directly within the Zashi wallet.
2. Ease of Onboarding New Users (this feature is available in the U.S. only): Highlight the “Buy with debit card” option that allows new users to buy up to $500 worth of ZEC per week without needing a crypto exchange account.
3. Importance of Self-Custody: Highlight how the Coinbase-Zashi integration supports the crucial practice of self-custody of ZEC by removing the extra steps required to move coins from exchanges to wallets. Go one step further by highlighting how Zashi encourages maximum security for outgoing transactions by requiring users to shield transparent funds received from Coinbase before they can be spent.

You can focus on one of these themes or cover all three of them.

Be as Silly or Serious as You Want! The tone of your video can be anything from serious and informative to silly and entertaining. Creativity and originality are what we’re looking for! (fingers crossed for Zepe cameos)

Prizes:

• 1st Place: $500 worth of ZEC
• Runner-Up Prizes: Depending on the number of standout entries, we will add a few more prizes to the list.

How to Enter:

• Create your video. The length of the video should not exceed 1 minute.
• Post your video on X and tag @zashi_app
• Update: please tag your videos with #zashivideocontest
• (x.com)
• Feel free to use these assets for branding and ideas.
• You can also use parts of our new promo video:

Contest Timeline:

• Submission Start Date: October 1, 2024
• Submission End Date: 11:59pm ET, October 17, 2024
• Winner Announcement: Oct 24, 2024

We can’t wait to see what you come up with!

It might be worthwhile to extract this to a separate crate, so that people can use it without having to pull in all of zcash_client_backend?

A little inspiration for the Zashi video contest. Took about 4 hours in Canva (AI-generated zebra video + design tools to add text, text animations, and sound). I promise, anyone can use that tool.

(looks grainy here, but better image quality on X)

Ok here’s my entry
Nothing much but i believe its informative

Hey everyone,

We’ve just rolled out new UX updates for the Zashi wallet on both iOS and Android. In our latest video, Andrea, ECC’s Product Manager and resident cat herder, highlights how crucial your feedback has been in shaping these updates. If you’re enjoying the fresh look and new features, you have @andrea and your own insights to thank!

To protect your privacy, we don’t use traditional analytics, instead relying directly on what you tell us. This means every update we make is aimed at creating a more intuitive and user-friendly experience that meets your needs without compromising your privacy.

Keep the feedback coming, as it’s vital for our ongoing improvements. Plus, stay tuned for more user research initiatives, including surveys and interviews, where you can contribute even more directly.

We’re excited to continue evolving Zashi with your help!

Happy transacting.

And we’ll be announcing the Zashi-Coinbase video contest winner tomorrow, so stay tuned for that.