ZSAs in NU7

Community Grants Applications
1

Hello Zcash community!

It’s finally happening… the NU7 upgrade is planned for 2025, the Zcash Shielded Assets ZIPs have been earmarked as being viable for inclusion, we just got a positive protocol audit from Least Authority. All teams have been working in sync to allow the Zebra project and the cryptography crates to include ZSA functionality into their official branches.

Everyone at QEDIT is very excited we reached this point, this has been a major focus of our efforts! For those who didn’t see the ZSA demo, check out our talk on how to issue, transfer and burn ZSA assets on Zebra:

The work to integrate ZSA to NU7 is planned to be supported by a monthly grant proposal, here are the main points:

We will provide a team of 7 engineers and architects working on:

  • Implementing new requirements across whole stack, starting from the ZIPs
  • Interactions with other NU7 components
  • Support with reviewing OrchardZSA with ECC
  • Maintain and adjust zcash_tx_tool to support new requirements and upstream changes

We’re budgeting a monthly cost of 105k USD for 7 engineers, with 2 months covering work already performed in November and December, and 6 months ahead of work planned, until July 1st.

QEDIT is coordinating with all Zcash teams

The Zcash Shielded Asset functionality is one of the most ambitious additions to the Zcash protocol, and one that is poised to transform the use cases of the network. Commensurate with the magnitude of this addition, our work has involved development across the entire stack of repositories that Zcash depends on, from the node (first zcashd and then Zebra), to the transaction level libraries (librustzcash and zcash_note_encryption), to the Orchard protocol and Orchard circuit (which also required additions to Halo2 functionality).

These different libraries are maintained by both the ECC and ZF, and therefore the integration of the ZSA functionality requires close co-ordination with both engineering teams. This coordination and integration also must happen in parallel with the ongoing development from the core teams. It is important that QEDIT efficiently and quickly resolves implementation questions and technical decisions along with the core teams as we keep up the NU7 momentum.

The functionality works on QEDIT’s version of Zebra node

  • As shown in the demo, we have a working version of the ZSA changes for Zebra
  • Since Zebra is not a wallet, we have created a standalone tool for V5 and V6 transaction generation - this is the zcash_tx_tool repository.
  • The circuit structure and implementation in Halo2 and the specific Orchard files, is stable and finalized.
  • The ZIPs are in good shape, with only minor changes occurring based on ZIP Editor reviews.
  • A successful external audit was conducted on the circuit and Orchard changes.

What we will need to work on next

  • We are working on the asset supply and state management within the Zebra node, along with verification of transactions in consensus.
  • We are continuing to actively maintain our zcash_tx_tool repository, which supports V6 transactions and the OrchardZSA protocol
  • We have to merge in the commits from the core team on the librustzcash crate (significant upstream changes), along with changes to zebra and orchard crates.
  • We need to implement a few of the most recent changes to the ZIPs, which have been added based on forward-looking changes, and issues raised in ZIP review.
  • We need to ensure our development works alongside the changes that are needed to incorporate the other changes and ZIPs that are also being included in NU7, such as:
    • PCZTs
    • Memo bundles
    • NSM (minor interaction)
    • Changes in the fee mechanism
    • Other potential changes
  • While being externally audited, most of our code is still being reviewed by ECC and ZF. We need to make sure all comments by the reviewers are fixed once reviewed.

The successful integration of ZSA into NU7 requires sustained effort and close collaboration between teams. Our proposal ensures we can maintain the necessary momentum and quickly address technical challenges as they arise.

We’re committed to working closely with ECC, ZF, and the broader Zcash community to make ZSAs a reality!

Best,
The QEDIT Team.

30 Likes
2

@vivek at the most recent meeting, the @ZcashGrants Committee voted to approve this proposal. Congratulations!

ZCG requests that you provide monthly updates via the forum in this thread.

7 Likes
3

Dear Zcash community,

We’re excited to share with you an update on what we have been working on towards getting ZSAs ready for NU7!

zcash_note_encryption

We are very happy to share that the pull request with our changes to the zcash_note_encryption crate was reviewed and merged into the main repository by the ECC team last week! This involved changes to generalize the note encryption to support the OrchardZSA use case while maintaining backward compatibility for vanilla Orchard and Sapling encryption. You can check out the commit here.

ZIPs

  • The ZIP Editors reviewed our PR#960 to the ZIPs repository, we responded to their comments, and this PR has been merged into the repository as well.
  • We have a few further changes regarding the positioning of the burn information within the transaction format that is currently under discussion with the ZIP editors.
  • These changes are now tracked in a new PR#976 to the zcash/zips repository.

Zebra Node

  • Our development of the asset supply and state management functionality in Zebra is progressing well.
  • Work is also ongoing related to implementation of the new consensus rules and transaction structure for Zebra. These details can be explored in our PR#37.

zcash_tx_tool, testnet and demo

We have set up a persistent Zebra node on an ECS instance, as a step towards setting up a dedicated ZSA testnet. We are close to having a complete Github Actions setup to run a Docker image that will be able to set all this up for a user to use as a testnet. The pull request tracking this work, in the zcash_tx_tool repository, is PR#13.

Changes to the librustzcash

We have completed the changes that correspond to the ZIP changes in the PR#960 merged above, through all the relevant crates, viz. librustzcash, orchard, and zcash-test-vectors. We are in the process of finalizing the builder to support TXv6, details of which can be seen in PR#78.

Changes to the orchard crate

  • Changes were done to support reference notes (PR#124) and the deterministic Rho computation for Issue Notes (PR#131).
  • We also implemented changes to support consensus validation and global state managment for Zebra. This is in PR#138.

Changes to zcash-test-vectors

The Python reference implementation that is used for testing the implementation in librustzcash and orchard also required an update in order to support the changes to the transaction format to support Action Groups, and the corresponding changes to the TxID digest and authorizing data commitment.

We have completed these changes in our PR#24 to the zcash-test-vectors repository.

OrchardZSA Audit

We completed the changes suggested in the audit report for the OrchardZSA Protocol from Least Authority, and have received an updated audit report that confirms the same. You can access the final audit report here.

Open Implementation PRs

We have submitted PR#823 to the halo2 repository and PR#429 to the orchard repository to support the halo2 gadget changes, as described in the previous update. We will be submitting further PRs after the initial review of this PR, since they build on this base.

Best,

The QEDIT Team.

13 Likes
4

Dear Zcash community,

We’re excited to share with you an update on what we have been working on towards getting ZSAs ready for NU7!

ZIPs

  • Our changes regarding the positioning of the burn information within the transaction format are currently under discussion with the ZIP editors.
  • These changes are now tracked in a new PR#976 to the zcash/zips repository.
  • The ZIP Editors have updated the Asset Identifier to contain a hash of the Asset Description string instead of the entire string, in PR#975. We are in the process of propagating these changes through our implementations.
  • They have also created a new ZIP 246 (in PR#987) for our updates to the SIGHASH computation (and other NU7 changes such as memo bundles). We have reviewed these changes as well.

Changes to the librustzcash crate

  • We have updated the builder to support TXv6 with reduced redundancy via the use of an OrchardBundle enum that includes both the OrchardVanilla and OrchardZSA bundles, details of which can be seen in PR#78.

Zebra Node

  • Our development of the asset supply and state management functionality in Zebra is progressing well.
  • Work is also continuing (see PR#37) related to implementation of the new consensus rules and transaction structure for Zebra.
  • We have also propagated our Action Groups change (which was in the merge of the zips/#960 PR merged last month) all the way up to Zebra, allowing it to work with the changes made in librustzcash. This work is tracked in PR#42.

Testnet and demo

  • We have a Github Actions flow ready to run a Docker image that will be able to set the transaction tool up for a user to use as a testnet.
  • We are in the process of generalizing the work to allow a user to more easily create their own scenarios for testing.
  • We have also updated the demo to the latest combination of Zebra and the tx_tool. As for Zebra, this involves using the latest versions of librustzcash and orchard — handling reference notes during first issuance, and the updated serialization with Action Groups. This is tracked in PR#17.

Changes to the orchard crate

  • We are working on pulling the changes from upstream into our working tree — the biggest chunk here is the addition of partially constructed Zcash transactions (PCZTs), which has various overlaps with our work.

PRs ready for review

  • We have submitted PR#823 to the halo2 repository and PR#429 to the orchard repository to support the halo2 gadget changes, as described in the previous update. We will be submitting further PRs after the initial review of this PR, since they build on this base.
  • We also have the suggested changes to the ZIPs for the V6 serialization format open for discussion in PR#976.

Best,

The QEDIT Team.

9 Likes
5

Dear Zcash community,

We’d like to share with you our update on what we have been working on towards getting ZSAs ready for NU7 :slight_smile:

ZIPs

  • We opened a new pull request (PR#991) to the zcash/zips repository to the movement of the burn fields into the Action Groups in the V6 transaction format. We have received the green light from the ZIP Editors for this change. We have also responded to all current comments on this PR.
  • Note that the PR targets the draft PR#987 that has been opened by the ZIP Editors to create a new ZIP for the updated SIGHASH computation, instead of the main branch. This is because it causes less redundancy to make the changes on top of this branch.

Changes to the orchard crate

  • As mentioned in our previous update, the PCZT changes required various updates to allow support in the OrchardZSA protocol. We completed the support for the PCZT changes (in PR#143).
  • We also updated our implementation to reflect the changes to the ZIPs in PR#975 (replacing the asset description with a hash) in PR#150.

Changes to the halo2 and sinsemilla crates

  • We have pulled upstream changes to the halo2 crate and made them compatible with our fork (in PR#38). These changes mainly correspond to the shift of code from halo2_gadgets into separate sinsemilla and halo2_poseidon crates.
  • We have also submitted an upstream pull request (PR#2) to the new sinsemilla crate providing the changes needed to support the OrchardZSA protocol.

Changes to the librustzcash crate

  • We have propagated the changes mentioned in the updates to the orchard crate to librustzcash (such as PR#103).
  • We have also made the changes to support the move of the burn fields into the Action Groups (as in the ZIPs PR#991).

Changes to the Python reference implementation

  • We updated the zcash_test_vectors repository to generate the test vectors for the changes in PR#150 of the orchard crate (the move from the asset description string to an asset description hash).
  • We are in the process of merging the upstream changes that were made to remove the use of the std library in the generated Rust vectors.

Zebra Node

  • Our development of the asset supply and state management functionality in Zebra is progressing.
  • We have prepared the changes needed for the move to Action Groups in this crate as well. These include both serialization and consensus changes. This can be seen in PR#42 and PR#46.

Updates to zcash_tx_tool

  • We have deployed a CI to the repository that will confirm the usage of a compatible Zebra version, helping automate our updates better.
  • We are creating ways to allow a user to more easily create their own scenarios for testing, this is in review at present.

PRs ready for review

  • We have submitted PR#823 to the halo2 repository and PR#429 to the orchard repository to support the halo2 gadget changes, as described in the previous update. We will be submitting further PRs after the initial review of this PR, since they build on this base.
  • We also have the suggested changes to the ZIPs for the V6 serialization format open for discussion in PR#991 of the zips repository.
  • We have opened PR#2 to the sinsemilla crate for changes needed to support OrchardZSA in that repository.

Best,

The QEDIT Team.

12 Likes
6

Dear Zcash community,

We’d like to share with you our update on what we have been working on towards getting ZSAs ready for NU7.

ZIPs

  • The ZIP Editors merged our pull request (PR#991) to the zcash/zips repository for the movement of the burn fields into the Action Groups in the V6 transaction format. This is now included as a part of the PR#987 opened by the ZIP Editors for transaction format and digest changes for NU7.
  • We have also opened an independent pull request (PR#1009) that performs some rearrangements to the Asset Identifier section of ZIP 227 (the Issuance ZIP) to make the flow of the section more linear.

Changes to the halo2 and sinsemilla crates

  • The ECC merged our upstream pull request (PR#2) to the sinsemilla crate providing the changes needed to support the OrchardZSA protocol! We have updated our dependencies to start pointing to the zcash/sinsemilla crate instead of our fork.
  • We had submitted a pull request to the halo2 repository (PR#823). The ECC reviewed this PR and requested some changes, which we have discussed and incorporated. This is now ready for review again.

Changes to the orchard crate

  • We have completed all the changes that have arisen from ZIP changes to the ZSA ZIPs (such as the movement of the burn fields into the Action Group, and the replacement of the Asset Description string with its hash).
  • We have also merged in the upstream changes to the orchard crate, so our crate is currently completely caught up to upstream! This would make review and merging less complicated. (OrchardZSA commits)
  • We are in the process of discussing some of the ZSA changes to orchard with the ECC, as a precursor to a formal review.

Changes to the librustzcash crate

  • Just as in orchard, we have completed all the changes arising from the updates to the ZSA ZIPs in the librustzcash crate (for example, PR#105, PR#109, PR#110).
  • We are in the process of merging in the changes from upstream into our work.

Changes to the Python reference implementation

  • We have similarly updated the zcash_test_vectors repository to generate the test vectors after incorporating all the changes arising from the ZSA ZIP updates as well (see PR#25 and PR#28).
  • We have also created a PR to merge the upstream changes to this repository, which is being reviewed internally (PR#26).

Zebra

  • Our development of the asset supply and state management functionality in Zebra is progressing well, and we are getting ready for internal review of this critical code.
  • We are reviewing the changes needed for the move to Action Groups in this crate as well, along with the other ZSA ZIP changes mentioned above. This can be seen in PR#42 and PR#46.
  • We are in the process of internal review for the infrastructure required to introduce OrchardZSA (extending shieldedData) and TxV6 in Zebra (PR#37).

Updates to zcash_tx_tool

  • We have updated our tool to include the ZSA ZIP changes that we have implemented elsewhere in the other repositories (as mentioned above).
  • We have deployed a CI to the repository that will confirm the usage of a compatible Zebra version, helping automate our updates better.
  • We are creating ways to allow a user to more easily create their own scenarios for testing, this is in the later stages of review, and we will share more about this soon!

PRs ready for review

  • We have submitted PR#823 to the halo2 repository (and PR#429 to the orchard repository as a reference to support the halo2 gadget changes), as described in the previous update. We will be submitting further PRs after the initial review of this PR, since they build on this base.
  • We also have suggested rearrangement of ZIP 227 for better flow of text in PR#1009 of the zips repository.
  • The orchard crate changes for ZSA are in PR#372.

Best,
The QEDIT Team.

12 Likes
7

Dear Zcash Community,

As we reach the midway mark of 2025, we wanted to share a summary of the progress we have made towards getting ZSAs ready for NU7. We also wanted to share our view on where we see ourselves busy over the rest of the year, given the NU7 roadmap.

This work will engage all the QEDIT team for the second half of 2025, at $118k per month, until Zcash has deployed ZSA. We’re looking forward to land this for the community, and are working with first issuers to make sure ZSA is useful on day 1!

H1 2025: Zcash is integrating ZSA

  • We have co-ordinated with the ZIP Editors from ECC and ZF towards merging the ZSA-related ZIPs, namely ZIP 226 and ZIP 227. These have achieved general stability over the last few months. We have also co-ordinated with them on the general NU7 related ZIPs such as ZIP 230 and ZIP 246 (related to the transaction format and sighash generation).
  • We have been working with the Zcash Foundation on updates to the zebra crate to support ZSAs.
  • We have been working with the ECC on the updates to various crates:
    • The ZSA additions to the sinsemilla and zcash_note_encryption crates have been merged.
    • The changes to the halo2 crate are currently under review.
    • The changes to the orchard crate, which are much more far-reaching, are also under review.
    • We have changes prepared for the librustzcash crate, and also the zcash-test-vectors repository, though the review for these is in the pipeline.
  • We have been developing the zcash_tx_tool to allow us to generate transactions to submit to a zebra node for our testing and development.
  • We have also prepared a testnet with ZSA support and are running a zebra node on a server for interested parties to connect to.
  • We have recently also been reviewing the first draft of the design aimed at making changes to the Zcash protocol to achieve smoother future resilience against post-quantum attacks.

More details about all of this progress can be found on previous replies on this thread!

Proposed plans for H2 2025 to get NU7 out

  • We would like to continue working with the ECC and ZF to get the ZSA implementations reviewed and merged into the upstream main branches.
  • We will continue syncing with ECC, ZF, and Shielded Labs as necessary towards deployment of the NU7 pieces and their interactions with ZSAs.
  • Once our changes are merged, we will continue to provide support for ZSA-related changes or changes affecting the ZSA parts of the code — either via pull requests or code reviews.
  • We will be analyzing the operation of the deployed testnet, keeping an eye out for issues and possible room for improvement, and implementing any such updates.
  • We will also continue development of the zcash_tx_tool so that we can continue to support transactions for the testnet.
  • We want to ensure existence of the appropriate API to allow wallets to support ZSAs.
  • We will also help handle any unforeseen challenges towards the NU7 integration of ZSAs.
  • We would also like to continue to support the Zcash post-quantum resilience effort, including review of the design, implementation support across orchard, librustzcash, zebra and zcash_tx_tool, as necessary.

Best,
The QEDIT Team.

6 Likes
8

Thank you for providing this detailed update, Vivek. We’re excited to see ZSAs progressing toward activation on mainnet and appreciate the continued collaboration with the core engineering teams.

When you have a moment, could you please (1) create a separate forum thread for the new grant request and (2) post the full proposal on GitHub?

Regarding the $118,000 monthly budget, our understanding is that this reflects a team of eight engineers at a cost of $14,750 per engineer per month. In your proposal, it would be helpful to include a detailed breakdown of how those resources will be allocated and utilized in H2 2025 to support ZSA integration into NU7.

Thanks!

4 Likes
9

Dear Zcash community,

We’d like to share with you here our update on what we have been working on in the last few weeks!

ZIPs

  • The ZIP Editors merged our previous pull request (PR#1009) to the zcash/zips repository for the rearrangements to the Asset Identifier section of ZIP 227.
  • We have also opened a new pull request (PR#1033) that makes some minor changes to both the ZSA ZIPs in order to remove some ambiguities we spotted while parsing through the ZIPs.
  • Our internal PR#107 includes a draft of our resolutions to issues #1034 and #1036 raised by the ZIP Editors inside this PR. A link to the rendered version of the ZIPs and slides summarizing these changes are also present in comments on these issues.

Changes to the halo2 and crates

  • Our pull request to the halo2 repository (PR#823) has received initial approval from the ECC post our discussion and response to their comments. We are looking forward to the merging of this PR!

Changes to the orchard crate

  • Our changes to the orchard crate are in general caught up to upstream changes, and we have also completed the implementation updates to support ZSAs as of the current specification.
  • We are looking forward to receiving feedback from the ECC based on discussions we had about the ZSA changes to orchard.

Changes to the librustzcash crate

  • Just as in orchard, we have completed all the changes arising from the updates to the ZSA ZIPs in the librustzcash crate.
  • We are making progress with the merge of the changes from upstream into our work.

Zebra

  • We have completed the changes to make our version of Zebra support the ZSA changes made lower down the stack.
  • We have recently prepared a pull request (PR#9560) to the upstream repository that covers partial support for ZSAs, via parsing, (de)serialisation and validation of V6 transactions. This allows for a formal review to be done.
    • This PR uses ZSA capable forks of the various crates (such as orchard, librustzcash and others) down the stack, and therefore merging post review will depend on those forks being merged in those crates.
  • We also have the state management work being worked on at present, and we will submit a subsequent PR with those changes post the review of the current PR.

Updates to zcash_tx_tool

  • Our CI has been improved to check for compatibility with Zebra, and also takes advantage of caching to improve runtime.
  • We have also caught up to other changes down the stack such as the move of the Burn fields inside the Action Groups, and the switch to using a hash of the Asset Description.
  • Our improvements to the code to create different scenarios for testing have been completed.
  • We have also set up our testnet node, and you can see more details on how to connect to it and try it out here.
  • All these improvements have been released in a new version v0.3.0.

PRs ready for review

  • We have submitted PR#823 to the halo2 repository (and PR#429 to the orchard repository as a reference to support the halo2 gadget changes), as described in the previous update. We will be submitting further PRs after the initial review of this PR, since they build on this base.
  • We also have made some minor clarifying improvements to both ZIP 226 and ZIP 227 in PR#1033 of the zips repository.
  • The orchard crate changes for ZSA are in PR#372.
  • The initial ZSA changes for zebra are in PR#9560.

Best,
The QEDIT Team.

4 Likes
10

Dear Zcash community,

We’d like to share with you here our update on what we have been working on in the last few weeks:

ZIPs

  • The ZIP Editors merged our previous pull request (PR#1033) to the zcash/zips repository for the changes we made to remove some ambiguities we had spotted.
  • The ZIP Editors had raised issues issues #1034 and #1036 in order to make some encoding changes to the Issuance Bundle to make it easier to support key rotation in the future without requiring another transaction format change. We completed this work in PR#1042, which has been reviewed and merged.
  • On discussion with the ECC we also came up with some ways to remove ambiguities with the name for the public key of the issuer. We have prepared PR#1048 for the changes amounting from this discussion, which is open for review from the ZIP Editors.

Changes to the halo2 crate

  • The ECC merged our initial pull request to the halo2 repository (PR#823).
  • We have now opened a subsequent pull request, PR#845 that builds on that initial framework and adds in the chunk of changes that need to be made for ZSA support.
  • There was an initial discussion with the ECC regarding this PR, and we have taken into account the initial comments made regarding the lookup table optimization. We are waiting for their complete review on the PR.

Changes to the orchard crate

  • We are looking forward to receiving feedback from the ECC based on discussions we had about the ZSA changes to orchard. (Link to discussion)
  • A simplification and clean up of the overall changes we have made is also underway. Our focus currently is related more to the circuit and witness management. (PR Link)
  • The latest changes that have been made in the ZIPs (as mentioned above) are also being implemented. The specific change is the addition of an “algorithm specifying byte” to the ik and issueAuthSig , and renaming the issuance validating key to issuer as described in the ZIPs.
  • More changes to the PCZT section of the OrchardZSA protocol are required in order to better support the way PCZT is implemented in librustzcash. This work can be tracked in this PR.

Changes to the librustzcash crate

  • Just as in orchard, we are implementing the latest changes that have been made in the ZIPs, relating to the addition of an “algorithm specifying byte” to the ik and issueAuthSig and renaming the issuance validating key to issuer .
  • In parallel, we are continuing to progress with the merge of the changes from upstream into our work.
  • In order to keep up with the upstream changes, we need to analyze the changes to the newly added PCZT section in upstream and make the changes to correctly support the OrchardZSA changes. (PR Link)

Zebra

  • The current working version of Zebra supports the ZSA changes made lower down the stack, as demonstrated by its use with the zcash_tx_tool and testnet at https://dev.zebra.zsa-test.net.
  • Logs for the testnet Zebra node are populated online at https://logs.zebra.zsa-test.net/
  • We had prepared a pull request (PR#9560) to the upstream repository that covers partial support for ZSAs, via parsing, (de)serialisation and validation of V6 transactions. This allows for a formal review to be done. We have received some reviews on this PR, and we are discussing with the Zcash Foundation while making those changes.
    • This PR uses ZSA capable forks of the various crates (such as orchard, librustzcash and others) down the stack, and therefore merging post review will depend on those forks being merged in those crates.
  • The state management work continues to progress, and we will submit a subsequent PR with those changes post the review of the current PR. (PR Link)
  • Additional intergration and unit tests have been created for the ZSA version of Zebra, as can be seen in this PR. The tests utilize our ability to generate V6 transactions via the zcash_tx_tool.

Updates to zcash_tx_tool

  • The ability to pack the zcash_tx_tool as a Docker image was improved.
  • The Docker images are currently being published to ECR at gallery.ecr.aws/j7v0v6n9/tx-tool
  • Our CI has been improved to check for compatibility with Zebra, and also takes advantage of caching to improve runtime.

PRs ready for review

  • We have opened PR#1048 in the zips repository, with the changes mentioned above.
  • We have submitted PR#845 to the halo2 repository (and PR#429 to the orchard repository as a reference to support the halo2 gadget changes merged in PR#823).
  • The orchard crate changes for ZSA are in PR#372.
  • The initial ZSA changes for zebra are in PR#9560.

Best,

The QEDIT Team.

7 Likes