ZSAs in NU7

Hello Zcash community!

It’s finally happening… the NU7 upgrade is planned for 2025, the Zcash Shielded Assets ZIPs have been earmarked as being viable for inclusion, we just got a positive protocol audit from Least Authority. All teams have been working in sync to allow the Zebra project and the cryptography crates to include ZSA functionality into their official branches.

Everyone at QEDIT is very excited we reached this point, this has been a major focus of our efforts! For those who didn’t see the ZSA demo, check out our talk on how to issue, transfer and burn ZSA assets on Zebra:

The work to integrate ZSA to NU7 is planned to be supported by a monthly grant proposal, here are the main points:

We will provide a team of 7 engineers and architects working on:

• Implementing new requirements across whole stack, starting from the ZIPs
• Interactions with other NU7 components
• Support with reviewing OrchardZSA with ECC
• Maintain and adjust zcash_tx_tool to support new requirements and upstream changes

We’re budgeting a monthly cost of 105k USD for 7 engineers, with 2 months covering work already performed in November and December, and 6 months ahead of work planned, until July 1st.

QEDIT is coordinating with all Zcash teams

The Zcash Shielded Asset functionality is one of the most ambitious additions to the Zcash protocol, and one that is poised to transform the use cases of the network. Commensurate with the magnitude of this addition, our work has involved development across the entire stack of repositories that Zcash depends on, from the node (first zcashd and then Zebra), to the transaction level libraries (librustzcash and zcash_note_encryption), to the Orchard protocol and Orchard circuit (which also required additions to Halo2 functionality).

These different libraries are maintained by both the ECC and ZF, and therefore the integration of the ZSA functionality requires close co-ordination with both engineering teams. This coordination and integration also must happen in parallel with the ongoing development from the core teams. It is important that QEDIT efficiently and quickly resolves implementation questions and technical decisions along with the core teams as we keep up the NU7 momentum.

The functionality works on QEDIT’s version of Zebra node

• As shown in the demo, we have a working version of the ZSA changes for Zebra
• Since Zebra is not a wallet, we have created a standalone tool for V5 and V6 transaction generation - this is the zcash_tx_tool repository.
• The circuit structure and implementation in Halo2 and the specific Orchard files, is stable and finalized.
• The ZIPs are in good shape, with only minor changes occurring based on ZIP Editor reviews.
• A successful external audit was conducted on the circuit and Orchard changes.

What we will need to work on next

• We are working on the asset supply and state management within the Zebra node, along with verification of transactions in consensus.
• We are continuing to actively maintain our zcash_tx_tool repository, which supports V6 transactions and the OrchardZSA protocol
• We have to merge in the commits from the core team on the librustzcash crate (significant upstream changes), along with changes to zebra and orchard crates.
• We need to implement a few of the most recent changes to the ZIPs, which have been added based on forward-looking changes, and issues raised in ZIP review.
• We need to ensure our development works alongside the changes that are needed to incorporate the other changes and ZIPs that are also being included in NU7, such as:
  • PCZTs
  • Memo bundles
  • NSM (minor interaction)
  • Changes in the fee mechanism
  • Other potential changes
• While being externally audited, most of our code is still being reviewed by ECC and ZF. We need to make sure all comments by the reviewers are fixed once reviewed.

The successful integration of ZSA into NU7 requires sustained effort and close collaboration between teams. Our proposal ensures we can maintain the necessary momentum and quickly address technical challenges as they arise.

We’re committed to working closely with ECC, ZF, and the broader Zcash community to make ZSAs a reality!

Best,
The QEDIT Team.

@vivek at the most recent meeting, the @ZcashGrants Committee voted to approve this proposal. Congratulations!

ZCG requests that you provide monthly updates via the forum in this thread.

Dear Zcash community,

We’re excited to share with you an update on what we have been working on towards getting ZSAs ready for NU7!

zcash_note_encryption

We are very happy to share that the pull request with our changes to the zcash_note_encryption crate was reviewed and merged into the main repository by the ECC team last week! This involved changes to generalize the note encryption to support the OrchardZSA use case while maintaining backward compatibility for vanilla Orchard and Sapling encryption. You can check out the commit here.

ZIPs

• The ZIP Editors reviewed our PR#960 to the ZIPs repository, we responded to their comments, and this PR has been merged into the repository as well.
• We have a few further changes regarding the positioning of the burn information within the transaction format that is currently under discussion with the ZIP editors.
• These changes are now tracked in a new PR#976 to the zcash/zips repository.

Zebra Node

• Our development of the asset supply and state management functionality in Zebra is progressing well.
• Work is also ongoing related to implementation of the new consensus rules and transaction structure for Zebra. These details can be explored in our PR#37.

zcash_tx_tool, testnet and demo

We have set up a persistent Zebra node on an ECS instance, as a step towards setting up a dedicated ZSA testnet. We are close to having a complete Github Actions setup to run a Docker image that will be able to set all this up for a user to use as a testnet. The pull request tracking this work, in the zcash_tx_tool repository, is PR#13.

Changes to the librustzcash

We have completed the changes that correspond to the ZIP changes in the PR#960 merged above, through all the relevant crates, viz. librustzcash, orchard, and zcash-test-vectors. We are in the process of finalizing the builder to support TXv6, details of which can be seen in PR#78.

Changes to the orchard crate

• Changes were done to support reference notes (PR#124) and the deterministic Rho computation for Issue Notes (PR#131).
• We also implemented changes to support consensus validation and global state managment for Zebra. This is in PR#138.

Changes to zcash-test-vectors

The Python reference implementation that is used for testing the implementation in librustzcash and orchard also required an update in order to support the changes to the transaction format to support Action Groups, and the corresponding changes to the TxID digest and authorizing data commitment.

We have completed these changes in our PR#24 to the zcash-test-vectors repository.

OrchardZSA Audit

We completed the changes suggested in the audit report for the OrchardZSA Protocol from Least Authority, and have received an updated audit report that confirms the same. You can access the final audit report here.

Open Implementation PRs

We have submitted PR#823 to the halo2 repository and PR#429 to the orchard repository to support the halo2 gadget changes, as described in the previous update. We will be submitting further PRs after the initial review of this PR, since they build on this base.

Best,

The QEDIT Team.

Dear Zcash community,

We’re excited to share with you an update on what we have been working on towards getting ZSAs ready for NU7!

ZIPs

• Our changes regarding the positioning of the burn information within the transaction format are currently under discussion with the ZIP editors.
• These changes are now tracked in a new PR#976 to the zcash/zips repository.
• The ZIP Editors have updated the Asset Identifier to contain a hash of the Asset Description string instead of the entire string, in PR#975. We are in the process of propagating these changes through our implementations.
• They have also created a new ZIP 246 (in PR#987) for our updates to the SIGHASH computation (and other NU7 changes such as memo bundles). We have reviewed these changes as well.

Changes to the librustzcash crate

• We have updated the builder to support TXv6 with reduced redundancy via the use of an OrchardBundle enum that includes both the OrchardVanilla and OrchardZSA bundles, details of which can be seen in PR#78.

Zebra Node

• Our development of the asset supply and state management functionality in Zebra is progressing well.
• Work is also continuing (see PR#37) related to implementation of the new consensus rules and transaction structure for Zebra.
• We have also propagated our Action Groups change (which was in the merge of the zips/#960 PR merged last month) all the way up to Zebra, allowing it to work with the changes made in librustzcash. This work is tracked in PR#42.

Testnet and demo

• We have a Github Actions flow ready to run a Docker image that will be able to set the transaction tool up for a user to use as a testnet.
• We are in the process of generalizing the work to allow a user to more easily create their own scenarios for testing.
• We have also updated the demo to the latest combination of Zebra and the tx_tool. As for Zebra, this involves using the latest versions of librustzcash and orchard — handling reference notes during first issuance, and the updated serialization with Action Groups. This is tracked in PR#17.

Changes to the orchard crate

• We are working on pulling the changes from upstream into our working tree — the biggest chunk here is the addition of partially constructed Zcash transactions (PCZTs), which has various overlaps with our work.

PRs ready for review

• We have submitted PR#823 to the halo2 repository and PR#429 to the orchard repository to support the halo2 gadget changes, as described in the previous update. We will be submitting further PRs after the initial review of this PR, since they build on this base.
• We also have the suggested changes to the ZIPs for the V6 serialization format open for discussion in PR#976.

Best,

The QEDIT Team.

Dear Zcash community,

We’d like to share with you our update on what we have been working on towards getting ZSAs ready for NU7

ZIPs

• We opened a new pull request (PR#991) to the zcash/zips repository to the movement of the burn fields into the Action Groups in the V6 transaction format. We have received the green light from the ZIP Editors for this change. We have also responded to all current comments on this PR.
• Note that the PR targets the draft PR#987 that has been opened by the ZIP Editors to create a new ZIP for the updated SIGHASH computation, instead of the main branch. This is because it causes less redundancy to make the changes on top of this branch.

Changes to the orchard crate

• As mentioned in our previous update, the PCZT changes required various updates to allow support in the OrchardZSA protocol. We completed the support for the PCZT changes (in PR#143).
• We also updated our implementation to reflect the changes to the ZIPs in PR#975 (replacing the asset description with a hash) in PR#150.

Changes to the halo2 and sinsemilla crates

• We have pulled upstream changes to the halo2 crate and made them compatible with our fork (in PR#38). These changes mainly correspond to the shift of code from halo2_gadgets into separate sinsemilla and halo2_poseidon crates.
• We have also submitted an upstream pull request (PR#2) to the new sinsemilla crate providing the changes needed to support the OrchardZSA protocol.

Changes to the librustzcash crate

• We have propagated the changes mentioned in the updates to the orchard crate to librustzcash (such as PR#103).
• We have also made the changes to support the move of the burn fields into the Action Groups (as in the ZIPs PR#991).

Changes to the Python reference implementation

• We updated the zcash_test_vectors repository to generate the test vectors for the changes in PR#150 of the orchard crate (the move from the asset description string to an asset description hash).
• We are in the process of merging the upstream changes that were made to remove the use of the std library in the generated Rust vectors.

Zebra Node

• Our development of the asset supply and state management functionality in Zebra is progressing.
• We have prepared the changes needed for the move to Action Groups in this crate as well. These include both serialization and consensus changes. This can be seen in PR#42 and PR#46.

Updates to zcash_tx_tool

• We have deployed a CI to the repository that will confirm the usage of a compatible Zebra version, helping automate our updates better.
• We are creating ways to allow a user to more easily create their own scenarios for testing, this is in review at present.

PRs ready for review

• We have submitted PR#823 to the halo2 repository and PR#429 to the orchard repository to support the halo2 gadget changes, as described in the previous update. We will be submitting further PRs after the initial review of this PR, since they build on this base.
• We also have the suggested changes to the ZIPs for the V6 serialization format open for discussion in PR#991 of the zips repository.
• We have opened PR#2 to the sinsemilla crate for changes needed to support OrchardZSA in that repository.

Best,

The QEDIT Team.

Dear Zcash community,

We’d like to share with you our update on what we have been working on towards getting ZSAs ready for NU7.

ZIPs

• The ZIP Editors merged our pull request (PR#991) to the zcash/zips repository for the movement of the burn fields into the Action Groups in the V6 transaction format. This is now included as a part of the PR#987 opened by the ZIP Editors for transaction format and digest changes for NU7.
• We have also opened an independent pull request (PR#1009) that performs some rearrangements to the Asset Identifier section of ZIP 227 (the Issuance ZIP) to make the flow of the section more linear.

Changes to the halo2 and sinsemilla crates

• The ECC merged our upstream pull request (PR#2) to the sinsemilla crate providing the changes needed to support the OrchardZSA protocol! We have updated our dependencies to start pointing to the zcash/sinsemilla crate instead of our fork.
• We had submitted a pull request to the halo2 repository (PR#823). The ECC reviewed this PR and requested some changes, which we have discussed and incorporated. This is now ready for review again.

Changes to the orchard crate

• We have completed all the changes that have arisen from ZIP changes to the ZSA ZIPs (such as the movement of the burn fields into the Action Group, and the replacement of the Asset Description string with its hash).
• We have also merged in the upstream changes to the orchard crate, so our crate is currently completely caught up to upstream! This would make review and merging less complicated. (OrchardZSA commits)
• We are in the process of discussing some of the ZSA changes to orchard with the ECC, as a precursor to a formal review.

Changes to the librustzcash crate

• Just as in orchard, we have completed all the changes arising from the updates to the ZSA ZIPs in the librustzcash crate (for example, PR#105, PR#109, PR#110).
• We are in the process of merging in the changes from upstream into our work.

Changes to the Python reference implementation

• We have similarly updated the zcash_test_vectors repository to generate the test vectors after incorporating all the changes arising from the ZSA ZIP updates as well (see PR#25 and PR#28).
• We have also created a PR to merge the upstream changes to this repository, which is being reviewed internally (PR#26).

Zebra

• Our development of the asset supply and state management functionality in Zebra is progressing well, and we are getting ready for internal review of this critical code.
• We are reviewing the changes needed for the move to Action Groups in this crate as well, along with the other ZSA ZIP changes mentioned above. This can be seen in PR#42 and PR#46.
• We are in the process of internal review for the infrastructure required to introduce OrchardZSA (extending shieldedData) and TxV6 in Zebra (PR#37).

Updates to zcash_tx_tool

• We have updated our tool to include the ZSA ZIP changes that we have implemented elsewhere in the other repositories (as mentioned above).
• We have deployed a CI to the repository that will confirm the usage of a compatible Zebra version, helping automate our updates better.
• We are creating ways to allow a user to more easily create their own scenarios for testing, this is in the later stages of review, and we will share more about this soon!

PRs ready for review

• We have submitted PR#823 to the halo2 repository (and PR#429 to the orchard repository as a reference to support the halo2 gadget changes), as described in the previous update. We will be submitting further PRs after the initial review of this PR, since they build on this base.
• We also have suggested rearrangement of ZIP 227 for better flow of text in PR#1009 of the zips repository.
• The orchard crate changes for ZSA are in PR#372.

Best,
The QEDIT Team.

Dear Zcash Community,

As we reach the midway mark of 2025, we wanted to share a summary of the progress we have made towards getting ZSAs ready for NU7. We also wanted to share our view on where we see ourselves busy over the rest of the year, given the NU7 roadmap.

This work will engage all the QEDIT team for the second half of 2025, at $118k per month, until Zcash has deployed ZSA. We’re looking forward to land this for the community, and are working with first issuers to make sure ZSA is useful on day 1!

H1 2025: Zcash is integrating ZSA

• We have co-ordinated with the ZIP Editors from ECC and ZF towards merging the ZSA-related ZIPs, namely ZIP 226 and ZIP 227. These have achieved general stability over the last few months. We have also co-ordinated with them on the general NU7 related ZIPs such as ZIP 230 and ZIP 246 (related to the transaction format and sighash generation).
• We have been working with the Zcash Foundation on updates to the zebra crate to support ZSAs.
• We have been working with the ECC on the updates to various crates:
  • The ZSA additions to the sinsemilla and zcash_note_encryption crates have been merged.
  • The changes to the halo2 crate are currently under review.
  • The changes to the orchard crate, which are much more far-reaching, are also under review.
  • We have changes prepared for the librustzcash crate, and also the zcash-test-vectors repository, though the review for these is in the pipeline.
• We have been developing the zcash_tx_tool to allow us to generate transactions to submit to a zebra node for our testing and development.
• We have also prepared a testnet with ZSA support and are running a zebra node on a server for interested parties to connect to.
• We have recently also been reviewing the first draft of the design aimed at making changes to the Zcash protocol to achieve smoother future resilience against post-quantum attacks.

More details about all of this progress can be found on previous replies on this thread!

Proposed plans for H2 2025 to get NU7 out

• We would like to continue working with the ECC and ZF to get the ZSA implementations reviewed and merged into the upstream main branches.
• We will continue syncing with ECC, ZF, and Shielded Labs as necessary towards deployment of the NU7 pieces and their interactions with ZSAs.
• Once our changes are merged, we will continue to provide support for ZSA-related changes or changes affecting the ZSA parts of the code — either via pull requests or code reviews.
• We will be analyzing the operation of the deployed testnet, keeping an eye out for issues and possible room for improvement, and implementing any such updates.
• We will also continue development of the zcash_tx_tool so that we can continue to support transactions for the testnet.
• We want to ensure existence of the appropriate API to allow wallets to support ZSAs.
• We will also help handle any unforeseen challenges towards the NU7 integration of ZSAs.
• We would also like to continue to support the Zcash post-quantum resilience effort, including review of the design, implementation support across orchard, librustzcash, zebra and zcash_tx_tool, as necessary.

Best,
The QEDIT Team.

Thank you for providing this detailed update, Vivek. We’re excited to see ZSAs progressing toward activation on mainnet and appreciate the continued collaboration with the core engineering teams.

When you have a moment, could you please (1) create a separate forum thread for the new grant request and (2) post the full proposal on GitHub?

Regarding the $118,000 monthly budget, our understanding is that this reflects a team of eight engineers at a cost of $14,750 per engineer per month. In your proposal, it would be helpful to include a detailed breakdown of how those resources will be allocated and utilized in H2 2025 to support ZSA integration into NU7.

Thanks!