I have reviewed the grant proposal User-Control for ZSAs. To clarify, given the name of this thread, this proposal is just for the user transaction acceptance feature. It does not include the asset swap work which is covered by an existing approved USD 1.8m grant.
I have no objection to this feature on privacy or other technical grounds. There is only one line in the grant application about the proposed technical approach (requiring a receiving party to provide a signature in order to accept each payment), but that’s certainly feasible and can be done in a privacy and consent-respecting way, which would need to be opt-in (presumably per spend authority or address).
From a forward-looking cryptographic design perspective I believe we need to upgrade to post-quantum authentication in the medium term, but it’s fine to use DL-based signatures while the rest of the protocol uses them, and this feature needn’t be an obstacle to a post-quantum upgrade.
On the issue of value-for-money, the grant proposal is for USD 650,000, explained as follows:
The expected budget is roughly $85k per month of work, covering a team of about 4 full-time ZKP and protocol engineers.
That works out to 7.65 months’ work for 4 full-time engineers. My main negative comment is that I do not see that amount of work in this feature (even if “full-time” is interpreted to mean they are working full-time on this feature and asset swaps). It has been suggested informally that this feature might reuse some of the preliminary design work done in the context of the cancelled compliance grant, but even assuming ZCG considers it appropriate to retrospectively pay Qedit for any parts of that work that are reusable in this context and privacy/consent-respecting, I don’t see 7.65 months’ work for 4 full-time engineers here. I would recommend that the ZCG committee negotiate down the price.