Arborist Call is a bi-weekly call dedicated to developments in the Zcash
protocol. In it, developers from ECC, ZF and engineers from third-party wallets like yWallet, Zingo, etc. come together to go over all the recent progress made on their projects, answering questions and proving transparency.
This summary is focused on the last call that occurred on 02/22.
Check out the recent updates on the Zcash protocol and stay up to date with what’s to come.
Enjoy! 😊
ECC is fully focused in Mobile SDK. Their main objective right now is to release a Zcash client backend with Orchard support. After that release, they will focus on fully implementing such suppor into Zcash client SQL lite and Wallet SDK, so that Zashi 1.0 can be released with Orchard support. They hope to have this ready for March.
Together with that, the iOS layer is undergoing security audits, which will then extend to wallet SDKs and rust libraries that support these SDKs. They are sure they’ll have some time to respond to the results of such audits before Zashi 1.0 release.
ECC has been also working on ZIP 320, which details the alternatives for supporting Binance’s request for a transparent source address. They worked together with Jason McGee, @hanh, Pacu and other developers, and came up with a solution that is “basically ready to go for Zcash address”, and will then work on backend support.
They decided on alternative 1 of ZIP 320, TEX addresses. However, they might consider opening a new ZIP in the future to work on Alternative 2, which takes longer to implement but offers some interesting advantages over TEX addresses.
Still talking about addresses, they mentioned feedback they received about porting Zcash addresses to Java, Swift or Typescript native implementations, which would widen support for Zcash addresses.
Zebra Update - Zebra Scanning
@ZcashFoundation is finalizing with the Zebra scanner gRPC interface. It includes 6 gRPC methods to interact with the Zebra scanner. The team created a document on document functionality and documentation.
Right now, the scan interface can start a scanning process and send results back to the user in async mode. It still doesn’t support Orchard transactions and has some bugs that need to be sorted out, but they would like the community to test it and send any feedback that could help them improve their code.
They mentioned the release of Zebra 1.6.0, which was launched after the arborist call. It adds a new zebra-grpc crate with all the gRPC functionality they mentioned in the call. You can check their Github for details.
Zebra team mentioned the requests they have received from different organizations for adding a regtest mode to Zebra. They received some proposals from Qedit and Zingo! teams, but they still haven’t decided on which way to go.
The Zebra team also held a meeting with ECC to discuss what needs to be implemented in Zebra so it can replace Zcashd in the future. Although they will need some time and collaborative effort to decide whats next, they have a couple of interesting ideas.
One of those is the creation of a graphic user interface for Zebra, using a Rust tool called Tauri. They are also planning to work in restoring Windows support and Tor support. The last one using Arti, a Rust client for Tor.
Finally, they’re planning to launch a hackathon, so that developers can work on whatever fun ideas they want to see implemented in Zebra.
Conrado shared his excitement for the launch of FROST crates v1.0.0 stable release. He informed that this version is not very different from the previous release candidate, except for some methods they exposed based on user feedback.
However, he did inform about a bug fix coming from a vulnerability disclosure made by Trail of Bits, where a vulnerability in various multiple person, commitment based distributed key generation protocols, including FROST, allowed a malicious participant could generate key shares with higher threshold than originally intended. For example, a user might try to generate a 2/3 frost wallet, but the attacker could cause it to be 3/3 or even higher, rendering the wallet unusable.
This denial of service vulnerability was fixed by checking the length of the commitment, and the patch was included in the 1.0.0 stable release.
According to the team, since there’s no app deployment using this library just yet, there might no be any impact, although they advice anyone using their crates to update to stable.
Demos for FROST 1.0 are also ready for tinkering, and there’s even a readme file on how to run it, you might need to run a server people can connect to, so there’s that catch, but it works.
There was this interesting debate about how to treat experimental features when it comes to testing features in Zebra/Rust, so the teams can tag pieces of code that might change or disappear without notice and are not ready to become official features.
The debate is a bit long, but if you’re a developer maybe you want to jump in and read it all in the complete notes for this Arborist Call.