Why I Support ZSAs

daira · February 25, 2026, 1:17pm

The problem I have with this argument is that I think deploying ZSAs is focusing on activating on the Product-Market Fit discovered via swaps and CrossPay.

The Zashi/Zodl swap and CrossPay functionality using NEAR Intents is heavily dependent on NEAR: the blockchain, the associated infrastructure, and the company and its staff (operations, management, lawyers, etc).

I like NEAR Intents. I think its designers are competent and have made appropriate design decisions for the context. But it is a central point of failure. If you request a refund because you or your wallet made a mistake when doing a swap or cross-chain payment, then someone has to manually decide whether you’re trying to scam them and if they decide you’re not, they need to manually fix it (if they can, which depends on a bunch of details about what mistake was made). They do risk management that might result in some swaps and cross-chain payments getting censored. It works, and it provides functionality that users want and need, but it’s not what a cipherpunk would design and it’s potentially vulnerable to legal and other attempted attacks.

I also strongly support the work that has been done to support swaps using Maya that allow shielded transfers on the Zcash side, but even after further planned improvements it will have similar privacy and centralization limitations.

ZSAs are complementary to cross-chain DEXes (which, despite the name, are only partially decentralized). At the base mechanism layer, ZSAs are truly permissionless, fully decentralized, and fully private — with support for selective transparency and with an anonymity set that both benefits from and contributes to that of ZEC transfers. These properties don’t rely on any privacy policies or any potentially fallible or coercible member of a company’s staff*.

*Other than attack vectors against consensus node software that are already present, and can be mitigated by review processes, working in public, published audits, reproducible builds, dependency vetting, etc.

Obviously stuff built on ZSAs might depend on other things, and any given Custom Asset depends on the holders of its issuance keys not to issue against policy before it is finalized, but that’s fine for now: issuance is publically auditable, it can use a FROST multisig and potentially HSMs or TEEs, and there can be competition between assets and future extensions to how it is done.

I get that ZSAs have risks. I get that they complicate the protocol, and to some extent wallet UX. It does mildly frustrate me that people throw around the term “attack surface” as a reason to exclude new features without either having an understanding of the protocol, or being willing to trust the experience and judgement of people who do. (It frustrates me even more that apparently most of the same people want to reject proposals such as ZIP 2003 that would remove attack surface in parts of the protocol that have been deprecated for years.)

In any case, I think that ZSAs could be an invaluable mechanism to build a decentralized, fully private, multi-token ecosystem. Some of that potential can likely only be unlocked in combination with scaling and/or programmability improvements. But that doesn’t mean ZSAs should block on those improvements; in fact they likely can’t if we want to activate them at all.

To be more concrete, what I’m proposing is:

Design NU7 in such a way that it would allow for a deployment of ZSAs in a subsequent upgrade that is smoother and free of security compromises: add \mathsf{AssetBase} to Orchard lead-byte \mathtt{0x03} note plaintexts (which are needed anyway for Orchard Quantum Recoverability), and deploy extensible transactions with an Orchard bundle type that would allow ZSA-using and non-ZSA-using bundles to be indistinguishable. These are extremely low-risk changes and I can have a spec PR for them ready ~~this week~~ when I come back from HACS and RWC.
After appropriate review, merge the ZSA code into Zebra, librustzcash, and other relevant crates under a compilation flag. This will avoid the problem of the ZSA branches bitrotting and becoming unmergeable.
Encourage the use of ZSAs on a public, well-maintained ZSA-testnet.
Defer whether to deploy ZSAs on mainnet to a future governance decision.

tloriato · February 25, 2026, 11:08pm

I would get my coins out of cold storage to vote for this one

dontbeevil · February 26, 2026, 3:20pm

There are already chains doing shielded assets (one example above). Let’s focus on multisig, quantum and scaling. That is what going to get Zcash $ZEC adoption. We are nowhere close to having millions of users. It’s premature to do it all in one single chain!

Reformed_Zcash · February 26, 2026, 9:03pm

100% here louder in the back so everyone can hear it.

Crypto broadly speaking is far far far beyond the world of competing L1s with specific feature-pitches…. so that means for Zcash to remain relevant it must transcend beyond the private-Bitcoin concept. we need more uses and interop for the messaging layer, more DEX type asset swaps like what Zashi-NEAR provide, and ultimately we need private-fiats/ stablecoins and or assets of all sorts shielded as ZSAs.

pacu · March 5, 2026, 4:40pm

I don’t want to repeat myself too much. I agree with @daira on the approach suggested. Additionally, I strongly believe that people have different expectations of what ZSA will look like and what its use cases are. The discussion is highly speculative and it would be very good for the ecosystem to actually bring it down to earth by using a feature testnet as it was brought up in today’s Arborist Call.

This also means the ZSA supporters need to step up. Stop waiting for others to implement your thing. Actively work to make your beloved feature to SHINE and blow people’s minds.

artkor · March 7, 2026, 8:45am

Over the past few weeks, I have been trying to form a new vision for ZSA (the position of an ordinary user who would like to see ZSA functionality). I have come to the conclusion that I don’t care at all what level it will be built on. L1, L2 - it doesn’t matter at all. My priorities are only a reliable/secure, updatable Zcash architecture and a smooth UX that supports the idea of “everything in one app.” Let this be a solution that suits absolutely everyone, but I definitely don’t agree with the thesis that it’s dangerous because people will prefer something other than ZEC because of it. This is absolutely not a valid argument for me. I hope this is a sufficient compromise for everyone.

lilbubblegum · March 7, 2026, 2:47pm

Reading all the conversation in this thread is helping me understand ZSA little by little.

outgoing.doze · March 16, 2026, 7:27am

Worth a read:

x.com

Delphi Digital

@Delphi_Digital

Our new report Stablecoins: The Next Frontier in Financial Infrastructure is live! Stablecoin supply sits at roughly $306B today. Around $100B of that was added in the last year alone while BTC sold off. For the first time stablecoin growth has completely decoupled from the pic.x.com/JxfUaY1WPE x.com/0x_Arcana/stat…

Arcana @0x_Arcana

Over the last 6 months we’ve been thinking about stablecoins extensively. In our 2026 Infra year ahead report stablecoins were the main narrative going into the year. The thesis is that stablecoins represent more than just a fiat-denominated digital form of money. They represent https://t.co/Mx5pValghZ

7:39 PM - 12 Mar 2026 99 17

Note: It’s still not clear to me what is the best way forward with ZSAs, I am only adding context I found relevant.

FreysaAI · March 16, 2026, 3:34pm

The framing around the security budget is exactly right and it’s underused in pro-ZSA arguments. Tokenized assets generating consistent fee volume is one of the few credible long-term answers to the mining incentive collapse problem. The stablecoin caveat is fair, but that’s a timing argument, not a structural one.

kworks · March 16, 2026, 7:33pm

I hope anyone in this thread or a forum member, that supports ZSA’s will sign up for the Cyber-Nomad ZSA drop. Just post a UA before Sunday, March 22.

dismad · April 23, 2026, 9:59pm

Fresh off the press:

artkor · May 23, 2026, 7:52am

https://www.reuters.com/legal/government/sec-readies-plan-trading-crypto-versions-stocks-bloomberg-news-reports-2026-05-18/

https://www.investors.com/news/crypto-tokenized-stock-trading-sec-plan-bitcoin/

jenkin · May 23, 2026, 8:01pm

github.com/ZcashFoundation/zebra

feat: add draft Zcash Shielded Assets (ZSA) support (#10618)

v4.2.0-dev ← QED-it:sync-zcash-v4.2.0-merge

opened 11:55AM - 22 May 26 UTC

dmidem

+4167 -589

> **Draft notice:** This PR is intentionally opened as a draft. It targets the `…v4.2.0-dev7` base branch agreed with the Zebra maintainers rather than `main`, since upstream Zebra has continued to diverge from QED-it's long-running `zsa1` fork. It also carries a few items that are not intended to land as-is: > > - Cargo dependency patches that point to QED-it's forks of `orchard` and `librustzcash` (the ZSA-capable versions of those crates are not yet merged into their respective upstreams). > - Some CI configuration files used for internal testing that should be removed before any final merge. > > **This PR is submitted for review and discussion, not for immediate merge.** ## Motivation This PR adds draft Zebra support for Zcash Shielded Assets (ZSA / OrchardZSA), following the current NU7 candidate ZIPs 226, 227, 230, and 246. ZSA extends the Orchard protocol to support custom shielded assets that can be issued, transferred, and burned within the Orchard pool using transaction V6. Supporting ZSA in Zebra requires: - parsing and validating the new V6 transaction format; - verifying OrchardZSA Halo2 proofs and issuance bundle signatures; - tracking issued-asset state across the non-finalized and finalized chain; - and exposing that state via a new RPC endpoint. ## Solution The new V6/ZSA consensus, state, and RPC paths are gated behind `zcash_unstable = "nu7"` and `tx_v6`, so they are not enabled in normal builds without those flags. ### `zebra-chain` **Transaction V6** - Adds `Transaction::V6` with a ZSA Orchard bundle, an optional `IssueData` (issuance bundle), and a `zip233_amount` field (ZIP 233 network sustainability amount). - Implements serialization, deserialization, sighash, and TXID computation for V6. - Adds `TX_V6_VERSION_GROUP_ID`. **`ShieldedDataFlavor` abstraction** - Introduces a `ShieldedDataFlavor` trait to unify V5 (Orchard vanilla) and V6 (OrchardZSA) shielded data handling. `Action`, `AuthorizedAction`, and `ShieldedData` are now generic over a `Flavor`. - `OrchardVanilla` and `OrchardZSA` are concrete flavor types with different associated `EncryptedNote` sizes (580 vs 612 bytes, per ZIP 230) and burn types (`NoBurn` vs `Burn`). - Adds the `ENABLE_ZSA` flag (bit 2 of the Orchard flags field), valid only in V6. **`orchard_zsa` module (new)** - `issuance`: wraps `orchard::IssueBundle<Signed>` as `IssueData`, with serialization and note-commitment iteration. - `burn`: defines `BurnItem`, `Burn`, `NoBurn`, and `compute_burn_value_commitment` (for the adjusted value balance check with burned assets). - `asset_state`: defines `AssetState` (wrapping `orchard::AssetRecord`), `IssuedAssetChanges`, and `AssetStateError`. `IssuedAssetChanges::validate_and_get_changes` runs `verify_issue_bundle` and `validate_bundle_burn`, and is the single entry point for consensus-level asset state updates. **Other changes** - `ValueCommitment::new` extended to accept an `AssetBase` for ZSA value commitments. - `orchard_note_commitments()` iterators changed to yield values by copy (required by the flavored generics). - `zcash_primitives::consensus::BlockHeight` → `zcash_protocol::consensus::BlockHeight` import update. ### `zebra-consensus` - Restricts V6 transactions to NU7+ and validates the version group ID. - Verifies OrchardZSA Halo2 proofs using ZSA-specific verifying keys. - Adds `ENABLE_ZSA` flag gating and rejects coinbase transactions that set it. - Collects per-transaction sighashes during async block verification and reassembles them in block order, emitting them as `transaction_sighashes` in `SemanticallyVerifiedBlock`. This is required because issuance bundle signature verification is keyed on the sighash, which must be available at state-commit time. - Adds a `zebra-consensus/src/orchard_zsa.rs` module with ZSA-specific consensus checks and tests. - Extends the ZIP-317 fee calculation with the ZSA asset-creation cost term (`nAssetCreations`), using a conservative placeholder while the upstream `librustzcash` / `orchard` APIs are still being finalized. ### `zebra-state` - Propagates `IssuedAssetChanges` from `SemanticallyVerifiedBlock` through the state write path. - Extends `Chain` (non-finalized state) to accumulate and roll back issued-asset changes per block. - Adds an `orchard_issued_assets` column family to the RocksDB-backed finalized state, persisting asset state keyed by `AssetBase`. - Adds a `ReadRequest::AssetState { asset_base, include_non_finalized }` / `ReadResponse::AssetState(Option<AssetState>)` pair, with a `read::asset_state()` helper that merges non-finalized and finalized views. - Updates database schema snapshots to reflect the new column family. ### `zebra-rpc` - Adds a `getassetstate` RPC method (declared unconditionally in the `Rpc` trait; returns an error when `tx_v6` is disabled) accepting a hex-encoded asset base and an optional `include_non_finalized` flag. - Adds V6-specific fields to `getrawtransaction` (verbosity 1) and `getblock` (verbosity 2) output: `zip233amount`, `burnexists`, `issuanceexists`, and Orchard `enableZSA`. ### `zebra-test` - Adds five OrchardZSA workflow test vector blocks (`orchard-zsa-workflow-block-{1..5}.txt`) exercising a complete lifecycle: issue 1000 units → transfer → burn 7 and 2 → finalize issuance → reject a subsequent issuance of 2000 (to verify the finalized flag is enforced). ### Tests - **Unit tests**: `AssetState` byte round-trip and invalid-data, `IssuedAssetChanges` validation, `BurnItem`/`Burn` round-trips, `EncryptedNote` proptest round-trips for both flavors, `ENABLE_ZSA` flag gating in arbitrary generation, ZSA consensus check unit tests. - **Integration tests**: `zebra-consensus/src/orchard_zsa/tests.rs::check_orchard_zsa_workflow` — drives a small regtest chain of ZSA workflow blocks (issue, transfer, burn) through the full Zebra node pipeline (deserializer → consensus router → state service) via the `Transcript` test engine, asserting each block is accepted or rejected at the expected point and that the final state reflects the correct asset supply; mempool vector and property tests updated for V6 transactions. - **Snapshot tests**: Full insta snapshot coverage for all `getassetstate` RPC responses (success, not found, finalized-only, invalid hex, wrong length, invalid asset base) and updated `getrawtransaction`/`getblock` snapshots. ### Specifications & References - [ZIP 226: Transfer and Burn of Zcash Shielded Assets](https://zips.z.cash/zip-0226) - [ZIP 227: Issuance of Zcash Shielded Assets](https://zips.z.cash/zip-0227) - [ZIP 230: Version 6 Transaction Format](https://zips.z.cash/zip-0230) - [ZIP 233: Network Sustainability Mechanism: Removing Funds From Circulation](https://zips.z.cash/zip-0233) - [ZIP 246: Digests for the Version 6 Transaction Format](https://zips.z.cash/zip-0246) - [ZIP 317: Proportional Transfer Fee Mechanism](https://zips.z.cash/zip-0317) (extended for ZSA asset-creation cost) - ZSA-capable dependency crates (QED-it forks, to be replaced once upstream merges land): - https://github.com/QED-it/orchard (`zsa1` branch) - https://github.com/QED-it/librustzcash (`zsa1` branch) ### AI Disclosure - [x] AI tools were used: ChatGPT was used for code assistance in some cases during implementation. ### PR Checklist - [x] The PR title follows [conventional commits](https://www.conventionalcommits.org/). - [ ] The PR follows the [contribution guidelines](https://github.com/ZcashFoundation/zebra/blob/main/CONTRIBUTING.md). - [x] This change was discussed in an issue or with the team beforehand. (The `v4.2.0-dev7` target branch was created by the Zebra maintainers for this purpose.) - [x] The solution is tested. - [ ] The documentation and changelogs are up to date.

thowar2 · May 30, 2026, 7:03pm

Circle just froze ZAMA’s entire USDC privacy pool.

This sort of censorship is required by all stablecoins and has no place on the Zcash blockchain.

gigantes · May 30, 2026, 8:54pm

Yep. And I’m not too sure that gloating about how easily your centralized USD stablecoins can be frozen is the best path forward for a much needed global adoption:

I respect the Madman theory of how sometimes it’s a very wise thing to simulate madness.

But also sometimes plain sophistry just doesn’t cut it anymore. You just have to prove whether you are a paper tiger or not.

dismad · May 30, 2026, 10:13pm

Just want to remind folks ZSA’s are bigger than stable coins. I can think of lots of folks who don’t want powerful DEX’es to prosper.

artkor · May 31, 2026, 5:49am

Yes, I completely agree with that, but I suppose that any regulated assets would require a mechanism for seizure and confiscation. But let’s be honest – our priority is Unstoppable Money.

dontbeevil · June 2, 2026, 7:18am

I don’t know why we are wasting the time here. Our efforts should be on ZEC adoption and its integration into merchants, other chains, multisig, hardware wallets, educational material, protocol security research, supply integrity/soundness testing etc. Coinholders rejected them, we can poll again but that defeats the purpose of the polls.

Topic		Replies	Views
Why I'm Against ZSAs General	122	1887	April 22, 2026
ZSA Shielded Stablecoins General	68	4226	March 7, 2024
Let's bring stablecoins to ZSAs! Applications	112	5198	July 17, 2024
Stablecoins and CBDCs as ZSAs General	22	1691	July 30, 2025
Shielded Assets Discussion General	81	4509	January 20, 2026

Related topics