ZSAs in NU7

Hello Zcash community!

It’s finally happening… the NU7 upgrade is planned for 2025, the Zcash Shielded Assets ZIPs have been earmarked as being viable for inclusion, we just got a positive protocol audit from Least Authority. All teams have been working in sync to allow the Zebra project and the cryptography crates to include ZSA functionality into their official branches.

Everyone at QEDIT is very excited we reached this point, this has been a major focus of our efforts! For those who didn’t see the ZSA demo, check out our talk on how to issue, transfer and burn ZSA assets on Zebra:

The work to integrate ZSA to NU7 is planned to be supported by a monthly grant proposal, here are the main points:

We will provide a team of 7 engineers and architects working on:

• Implementing new requirements across whole stack, starting from the ZIPs
• Interactions with other NU7 components
• Support with reviewing OrchardZSA with ECC
• Maintain and adjust zcash_tx_tool to support new requirements and upstream changes

We’re budgeting a monthly cost of 105k USD for 7 engineers, with 2 months covering work already performed in November and December, and 6 months ahead of work planned, until July 1st.

QEDIT is coordinating with all Zcash teams

The Zcash Shielded Asset functionality is one of the most ambitious additions to the Zcash protocol, and one that is poised to transform the use cases of the network. Commensurate with the magnitude of this addition, our work has involved development across the entire stack of repositories that Zcash depends on, from the node (first zcashd and then Zebra), to the transaction level libraries (librustzcash and zcash_note_encryption), to the Orchard protocol and Orchard circuit (which also required additions to Halo2 functionality).

These different libraries are maintained by both the ECC and ZF, and therefore the integration of the ZSA functionality requires close co-ordination with both engineering teams. This coordination and integration also must happen in parallel with the ongoing development from the core teams. It is important that QEDIT efficiently and quickly resolves implementation questions and technical decisions along with the core teams as we keep up the NU7 momentum.

The functionality works on QEDIT’s version of Zebra node

• As shown in the demo, we have a working version of the ZSA changes for Zebra
• Since Zebra is not a wallet, we have created a standalone tool for V5 and V6 transaction generation - this is the zcash_tx_tool repository.
• The circuit structure and implementation in Halo2 and the specific Orchard files, is stable and finalized.
• The ZIPs are in good shape, with only minor changes occurring based on ZIP Editor reviews.
• A successful external audit was conducted on the circuit and Orchard changes.

What we will need to work on next

• We are working on the asset supply and state management within the Zebra node, along with verification of transactions in consensus.
• We are continuing to actively maintain our zcash_tx_tool repository, which supports V6 transactions and the OrchardZSA protocol
• We have to merge in the commits from the core team on the librustzcash crate (significant upstream changes), along with changes to zebra and orchard crates.
• We need to implement a few of the most recent changes to the ZIPs, which have been added based on forward-looking changes, and issues raised in ZIP review.
• We need to ensure our development works alongside the changes that are needed to incorporate the other changes and ZIPs that are also being included in NU7, such as:
  • PCZTs
  • Memo bundles
  • NSM (minor interaction)
  • Changes in the fee mechanism
  • Other potential changes
• While being externally audited, most of our code is still being reviewed by ECC and ZF. We need to make sure all comments by the reviewers are fixed once reviewed.

The successful integration of ZSA into NU7 requires sustained effort and close collaboration between teams. Our proposal ensures we can maintain the necessary momentum and quickly address technical challenges as they arise.

We’re committed to working closely with ECC, ZF, and the broader Zcash community to make ZSAs a reality!

Best,
The QEDIT Team.

@vivek at the most recent meeting, the @ZcashGrants Committee voted to approve this proposal. Congratulations!

ZCG requests that you provide monthly updates via the forum in this thread.

Dear Zcash community,

We’re excited to share with you an update on what we have been working on towards getting ZSAs ready for NU7!

zcash_note_encryption

We are very happy to share that the pull request with our changes to the zcash_note_encryption crate was reviewed and merged into the main repository by the ECC team last week! This involved changes to generalize the note encryption to support the OrchardZSA use case while maintaining backward compatibility for vanilla Orchard and Sapling encryption. You can check out the commit here.

ZIPs

• The ZIP Editors reviewed our PR#960 to the ZIPs repository, we responded to their comments, and this PR has been merged into the repository as well.
• We have a few further changes regarding the positioning of the burn information within the transaction format that is currently under discussion with the ZIP editors.
• These changes are now tracked in a new PR#976 to the zcash/zips repository.

Zebra Node

• Our development of the asset supply and state management functionality in Zebra is progressing well.
• Work is also ongoing related to implementation of the new consensus rules and transaction structure for Zebra. These details can be explored in our PR#37.

zcash_tx_tool, testnet and demo

We have set up a persistent Zebra node on an ECS instance, as a step towards setting up a dedicated ZSA testnet. We are close to having a complete Github Actions setup to run a Docker image that will be able to set all this up for a user to use as a testnet. The pull request tracking this work, in the zcash_tx_tool repository, is PR#13.

Changes to the librustzcash

We have completed the changes that correspond to the ZIP changes in the PR#960 merged above, through all the relevant crates, viz. librustzcash, orchard, and zcash-test-vectors. We are in the process of finalizing the builder to support TXv6, details of which can be seen in PR#78.

Changes to the orchard crate

• Changes were done to support reference notes (PR#124) and the deterministic Rho computation for Issue Notes (PR#131).
• We also implemented changes to support consensus validation and global state managment for Zebra. This is in PR#138.

Changes to zcash-test-vectors

The Python reference implementation that is used for testing the implementation in librustzcash and orchard also required an update in order to support the changes to the transaction format to support Action Groups, and the corresponding changes to the TxID digest and authorizing data commitment.

We have completed these changes in our PR#24 to the zcash-test-vectors repository.

OrchardZSA Audit

We completed the changes suggested in the audit report for the OrchardZSA Protocol from Least Authority, and have received an updated audit report that confirms the same. You can access the final audit report here.

Open Implementation PRs

We have submitted PR#823 to the halo2 repository and PR#429 to the orchard repository to support the halo2 gadget changes, as described in the previous update. We will be submitting further PRs after the initial review of this PR, since they build on this base.

Best,

The QEDIT Team.

Dear Zcash community,

We’re excited to share with you an update on what we have been working on towards getting ZSAs ready for NU7!

ZIPs

• Our changes regarding the positioning of the burn information within the transaction format are currently under discussion with the ZIP editors.
• These changes are now tracked in a new PR#976 to the zcash/zips repository.
• The ZIP Editors have updated the Asset Identifier to contain a hash of the Asset Description string instead of the entire string, in PR#975. We are in the process of propagating these changes through our implementations.
• They have also created a new ZIP 246 (in PR#987) for our updates to the SIGHASH computation (and other NU7 changes such as memo bundles). We have reviewed these changes as well.

Changes to the librustzcash crate

• We have updated the builder to support TXv6 with reduced redundancy via the use of an OrchardBundle enum that includes both the OrchardVanilla and OrchardZSA bundles, details of which can be seen in PR#78.

Zebra Node

• Our development of the asset supply and state management functionality in Zebra is progressing well.
• Work is also continuing (see PR#37) related to implementation of the new consensus rules and transaction structure for Zebra.
• We have also propagated our Action Groups change (which was in the merge of the zips/#960 PR merged last month) all the way up to Zebra, allowing it to work with the changes made in librustzcash. This work is tracked in PR#42.

Testnet and demo

• We have a Github Actions flow ready to run a Docker image that will be able to set the transaction tool up for a user to use as a testnet.
• We are in the process of generalizing the work to allow a user to more easily create their own scenarios for testing.
• We have also updated the demo to the latest combination of Zebra and the tx_tool. As for Zebra, this involves using the latest versions of librustzcash and orchard — handling reference notes during first issuance, and the updated serialization with Action Groups. This is tracked in PR#17.

Changes to the orchard crate

• We are working on pulling the changes from upstream into our working tree — the biggest chunk here is the addition of partially constructed Zcash transactions (PCZTs), which has various overlaps with our work.

PRs ready for review

• We have submitted PR#823 to the halo2 repository and PR#429 to the orchard repository to support the halo2 gadget changes, as described in the previous update. We will be submitting further PRs after the initial review of this PR, since they build on this base.
• We also have the suggested changes to the ZIPs for the V6 serialization format open for discussion in PR#976.

Best,

The QEDIT Team.