Zchat - Shielded Messenger Retroactive Grant

Hi everyone,

I’m submitting ZChat for the Coinholder-Directed Retroactive Grants Program Q1 2026. ZChat is the only working Zcash-native private messenger — every message is a shielded transaction. No phone number, no email, no servers storing your messages. Just Zcash.

GitHub proposal: ZChat — Retroactive Grant Application (Issue #18)

Requesting: $5,000 for completed, publicly verifiable work.

What We Built (All Complete & Verifiable)

Android messenger on Zcash mainnet:

  • Native Android app (APK v2.8.1, stable) with self-custody wallet, seed phrase backup, and QR code contact sharing
  • Direct messages and group messaging via encrypted Zcash memos
  • Long message chunking for messages exceeding the 512-byte memo field
  • Payment requests (ZIP-321), reactions, read receipts, reply threading

We initially prototyped a web-based interface, but it proved unreliable for real-world use -transaction handling and wallet management were not robust enough in the browser environment. We made the decision to go all-in on native Android, which gave us proper key management, background sync, and a real mobile messaging experience. That pivot was the right call.

Production security hardening:

  • HKDF key derivation (RFC 5869) with proper domain separation

  • Authenticated key exchange (ECDSA-signed) to prevent MITM attacks

  • ECIES group key distribution with forward secrecy

  • Type-safe sealed class message hierarchy, Result type error handling

Ecosystem recognition:

  • Won a prize at the Zypherpunk Hackathon 2025

  • Monthly forum updates since January 2026

  • Community engagement with forum members and X privacy enthusiasts and journalists

Why This Matters

There is no other working Zcash messenger. Zingo 2.0 shipped wallet features in July 2025 - no messaging. NU7 memo bundles remain delayed with no activation date. ZChat works today, without memo bundles, using our chunking protocol.

Messaging brings daily active users to Zcash, not just occasional transactions. “Your messages are literally Zcash transactions” is a powerful demonstration of what shielded technology can do beyond payments.

All of this was self-funded. The $600 hackathon prize is the only funding we’ve received. This $5,000 retroactive grant recognizes work that already exists and already benefits the Zcash ecosystem.

Links


I’m happy to answer any questions. We’re continuing to build regardless - this grant helps validate that independent builders shipping real products on Zcash mainnet is valued by the community.

Thanks for considering. — Alex (decentrathai)

7 Likes

Weekly Development Update - Feb 6-12, 2026

Community Recognition

Two milestones this week:

  • Zcash Brasil featured ZChat in Shielded Magazine #05
  • Zooko liked our post on X - recognition from the Zcash founder

What Was Done (v2.8.3 → v2.8.5)

5 commits, 104 files changed, ~4,000 lines of new code

1. Full Notification System (v2.8.5)

  • Custom cyberpunk notification sound + double-pulse vibration
  • 4 privacy levels: Full Preview / Sender Only / New Message Only / Silent
  • Lock screen: “ZCHAT - New message” only (zero content leaks)
  • Aggressive background sync with Android Doze fallback
  • Per-conversation mute toggle
  • In-app slide-in banners (auto-dismiss 4s)

2. Chat Reliability (v2.8.3)

  • Fixed false “Insufficient ZEC” on rapid messages
  • Fixed duplicate messages + inverted order
  • Fixed chat list wrong preview

3. QR Scanner & Restore

  • 5 QR scanning bugs fixed (camera + gallery)
  • Seed recovery grid alignment fix

4. Theme Cleanup (v2.8.4)

  • Consolidated to 3 themes: Light, Dark, Zypherpunk

5. Diversified Address Handling (v2.8.4)

  • Same wallet, different addresses → now correctly routes to one chat

Testing

All features verified on multiple Android devices via ADB, 8 structured test cases passing. Currently waiting for feedback from testers.

What’s Next

  • Cross-device notification testing
  • Group messaging (Sprint 4)
  • E2E key exchange completion
  • ChatViewModel refactor (2900+ lines)

GitHub: GitHub - decentrathai/zchat-android: ZCHAT - Privacy-first messaging app built on Zcash blockchain
Download: https://zsend.xyz

ZCHAT Development Update — Week of March 2, 2026

Hey everyone, here’s our latest progress update on ZCHAT: the encrypted messenger built on Zcash shielded transactions where every message is a real on-chain transaction. No servers, no metadata.


The Big One: New Visual Identity

ZCHAT finally has its own face. Until now the app looked like a wallet with a chat feature bolted on. This update introduces a complete visual redesign with a dark cypherpunk aesthetic that makes it clear - this is a messenger first.

What changed: The entire UI has been rebuilt around a new design system. Dark navy backgrounds, cyan accents for interactive elements, custom typography (Rajdhani for headings, JetBrains Mono for addresses). Every screen from the chat list to the conversation view to the QR address screen has been redesigned.

Chat list now feels like a proper messenger - clean rows with avatars, message previews, timestamps, and a bottom navigation bar preparing for Wallet and Settings tabs down the road.

Conversations got the biggest overhaul. Message bubbles have proper styling with subtle borders, date separators between days, a “SHIELDED” banner reminding you of the privacy guarantee, and a cleaner input bar where the send button only appears when you’re actually typing.

My Address / QR screen now has a clear shielded vs transparent toggle, copy + share buttons, and info cards explaining when to use which address type.


In-App Updates

Users no longer need to manually check for new versions. The app now checks automatically on launch and shows a prompt when a new version is available. There’s also a manual “Check for Updates” option in the menu. Dismissed prompts won’t nag you again until a new version drops.


Security Audit

We ran a full 3-cycle security review and fixed every finding:

  • Hardened encryption pipeline (proper key derivation, chunk integrity validation)
  • Fixed message corruption that could occur with emoji and special characters
  • Tightened file access permissions: the app can no longer read outside its own secure directory
  • Fixed battery drain from sync holding a wake lock too long
  • Resolved a race condition in the notification service
  • Removed all personally identifiable information from logs

29 issues found and resolved total.


Bug Fixes

  • Send All now correctly sends the intended amount (was sending roughly half due to a math error)
  • Notifications sound and vibration work reliably on Android 14+
  • Messages display in the correct order and no longer split into duplicate conversations when contacts use diversified addresses
  • Multi-part messages (longer than 512 bytes) no longer occasionally lose chunks

Current Status

Version: 2.10 — available for download at zsend.xyz for whitelisted users. We’re still distributing debug builds for testing. Production builds with minification are on the roadmap and will significantly reduce the download size.


What’s Next

  • Wallet tab with balance and transaction history
  • Payment bubbles with structured amount display and transaction links
  • First-time user onboarding for the message cost model
  • Group chats
  • Near-Intents multi-assets swap
  • Stripe? (We need a solution for normal users who don’t have ZEC experience)
  • Production-ready build pipeline

Thanks to the Zcash community for the continued support. If you want to try ZCHAT, grab the APK from zsend.xyz and send a test message — it costs less than a thousandth of a cent.

Feedback welcome here or on our GitHub.

3 Likes

Posted our feedback on PR #1192 regarding memo pruning impact on ZChat, as discussed at LCWG #111. [ZIP 231] Updates related to the Defuse Security audit. by nuttycom · Pull Request #1192 · zcash/zips · GitHub

ZChat Update — Engineering Office Hours #4

Attended yesterday’s Office Hours where Kris presented on memo bundles and on-chain storage economics.

Quick summary of what matters for ZChat:

Memo bundles (ZIP-231) would be a major improvement for us. Currently we chunk messages across multiple 512-byte outputs. With 16KB memo bundles, most messages fit in a single transaction - fewer txs, lower cost per message, simpler code.

Pruning is our main concern. If nodes prune old memos aggressively, users who restore from seed lose conversation history. We posted our position on this in PR #1192 last week - suggesting pruning be opt-in via node configuration with the default being to retain full data.

Tiered storage (cheap/temporary vs. permanent memos at higher fee) was discussed. Interesting concept - let’s wait for specific fee numbers.

We also opened a GitHub issue tracking a security improvement to our ZMSG Protocol based on feedback from str4d regarding sender identification. We’re investigating increasing the senderHash length short-term and migrating to Authenticated Reply Addresses when memo bundles ship.

ZChat continues to build on Zcash regardless of NU7 outcomes, but we strongly hope memo bundles stay in scope.

— Alex (decentrathai)

ZChat Update: Browser Integration

ZChat has been added to the Zcash blockchain profile in Hero Browser (hero.io) and Chatoshi Browser (chatoshi.ai).

Both browsers are rolling out dedicated blockchain profile for Zcash and other chains. Each profile includes a curated sidebar panel with ecosystem tools: wallets, DEXs (THORSwap, SideShift.ai), explorers (Blockchair, Zcash Explorer), and ZChat under DeFi tools.

Worth noting - the ZChat team actively advocated for the Zcash profile to be included in these browsers. This wasn’t just about getting ZChat listed - it was about making sure Zcash has a proper, well-curated presence in crypto-native browsers.

Users enable ZChat from the panel - one toggle, and it’s accessible from the sidebar alongside other Zcash tools. A direct path for browser users already in the ecosystem to discover shielded messaging.

Memo Pruning as HNDL Mitigation — Application-Layer Perspective from ZChat

The recent quantum HNDL discussion and ongoing ZIP-231 memo bundle review raised something worth exploring: memo pruning isn’t just about compliance and storage - it’s an additional layer of protection against mass harvesting before post-quantum note encryption ships.

The reality today:

  • Memo encryption uses ECC-based key agreement - not quantum-resistant
  • Every memo ciphertext persists on-chain indefinitely - harvestable for future decryption
  • This applies to financial metadata and application-layer data like messages

Tachyon / post-quantum note encryption is the long-term answer. But it’s in research, not deployment. Until then, every day that encrypted memos accumulate is another day of harvestable ciphertext.

Pruning as HNDL mitigation:

The HNDL angle strengthens the motivation for age-based pruning beyond compliance and storage efficiency. Data that no longer exists on the network can’t be decrypted regardless of future compute capability. This doesn’t stop adversaries already archiving full blocks - state-level actors are likely doing this. But it reduces the network-wide harvest surface over time, making bulk collection from live nodes progressively harder.

The principle: pruning is an additional layer of protection against mass harvesting.

How ZChat is adapting (research direction, not shipped):

Our job as a messaging app is to work within whatever pruning mechanisms the protocol provides, not dictate them. We’re researching a design that treats pruning as a feature:

  • On-device persistence - message history remains on the user’s device regardless of on-chain pruning. The device is the primary store; blockchain serves as transport.

  • Self-destruct timer per chat - a visible indicator showing when on-chain memo data will be pruned, so users have clear expectations about the on-chain lifecycle of their messages. Similar to ephemeral messaging in Signal/Telegram, but driven by protocol-level data removal rather than app-level deletion.

  • Re-broadcast before device migration - if users need history available for wallet restore on a new device, they can re-broadcast their local archive as self-addressed shielded notes. The new device restores the wallet, syncs, and recovers full conversation history via normal chain scan. After sync, those fresh memos follow their own pruning schedule.

This depends entirely on ZIP-231 memo bundles being accepted and pruning mechanisms being implemented by node developers. We’re researching the direction so ZChat is ready to adapt when the protocol supports it.