Zcash Shielded News | Vol.14
Paul Brigner back at ECC, Zcash Turkey: Roadmap, Security Audit of Orchard ZSA, Sam Smith is a New Core Engineer & Special 2y ZK AV Club
Zcash Shielded News is a community article format based on the weekly Zcash Ecosystem Digest Newsletter.
Providing insight on current events and informing the community about important news in the Zcash ecosystem.
Check out the best Highlights below
After several months Paul Brigner made his transition to Coinbase (Head of Coinbase) & Bootstrap, we got an amazing news this week which probably put a smile on many faces.π
Paul will be working on Zcash-related policy, education and our alliances in Washington DC, re-assuming the role of Vice President of Strategic Alliances at ECC, continuing serving on the board of Bootstrap, a parent company. The transition to Coinbase provided good collaborations and partnerships on the PGP Breakfast.
Other good news is that Paul will be working closely with Project Glitch to host the PGP Breakfast series, the DC Privacy Summit, and other special events.
Welcome back, Paul π
ποΈ| Full Note
Zcash Turkey arrived in the community in 2024 and had been proving themself along the months, getting intensive support of the community. After facing several challenges, the proposal was accepted. Weβre excited to work with them and share their roadmap with you.
For a better understanding of who is the folks behind Zcash Turkey we start with Batuhan, the Turkish Ambassador.
Batuhan has 4-5 years of experience in the cryptocurrency field, during these years, he had a undertaken extensive work, particularly in privacy-focused projects, also having led numerous initiatives in Turkey and have been actively working to raise awareness about Zcash for the last past 3 months.
Batuhanβs expertise include community management, developing social media strategies, content creation and organizing targeted campaigns to enhance brand visibility.
Responsibilities of Zcash Turkey:
Increasing Zcash Awareness in Turkey: Conducting activities to enhance brand representation and raise awareness of Zcash in Turkey.
Ensuring Access to Reliable Resources: Creating videos and social media content to help people access accurate and trustworthy information about Zcash.
Expanding the Community: Developing and implementing strategic plans to grow and engage the Turkish Zcash community.
Providing Timely Updates: Regularly and consistently sharing updates and developments about Zcash with the Turkish community.
Two new members were introduced to the proposal:
π€| TuAmoRee
TuAmoRee will lead with Community Management on Telegram & Discord.
Ahmet has two years of experience in the cryptocurrency industry, specializing in event organization, conference participation, and community building. His expertise includes creating engaging social media content, managing online communities, and fostering audience engagement. Ahmet has successfully built connections within the crypto ecosystem, promoted projects, and supported the growth and development of local communities.
π€| A.bulut7777
ABullut will lead with Community Management & Social Media
His main profession is Computer Programming but he has a high level of performance in the organization of many events that Batuhan have realized in Turkey in the last 2-3 years. Responsible, able to work actively in the field and has experience in creating content on social media & creating Youtube videos.
The project will consist in 3 milestone, 600$ each:
Milestone Details π
Milestone:
1 Amount (USD): 1900
Expected Completion Date: 10-02-2025
Deliverables: Management report and metrics -Milestone: 2
Amount (USD): 1900
Expected Completion Date: 10-03-2025
Deliverables: Management report and metricsMilestone: 3
Amount (USD): 0
Expected Completion Date: 10-04-2025
As part of a member of the community, we are very happy to see the development of Zcash in Turkey, specially in the days that weβre living atm.
Zcash Turkey will be a good partner along their workflow and weβre looking forward to work with them closely. Congratulations, team. π
As the Zcash Ecosystem Security Lead, ZCG has requested that Least Authority perform a security audit of the OrchardZSA Protocol by the Qedit team.
π
| Project Dates
β October 28, 2024 - December 10, 2024: Initial Code Review (Completed)
β December 12, 2024: Delivery of Initial Audit Report (Completed)
β 3 January, 2025: Verication Review (Completed)
β 3 January, 2025: Delivery of Final Audit Report (Completed)
The OrchardZSA Protocol, an extension of the Zcash Orchard protocol, enables shielded custom assets (ZSAs) while maintaining backward compatibility with the original Orchard protocol for native ZEC assets. This extension allows interoperability with assets on other blockchains through changes such as introducing custom assets, split input notes, updated value commitments, value balancing mechanisms, and asset burning.
Audit Scope:
The audit focused on the following areas:
Security Properties: The OrchardZSA protocol was evaluated for balance, spendability, privacy, non-malleability, and diversifier address unlinkability. Specific tests included checks for vulnerabilities like the Faerie Gold attack and roadblock attack, with no issues identified.
Protocol Extensions: Code updates were reviewed against ZIP 226 and ZIP 227, including ZSA circuit extensions and assumptions of correctness in the original Orchard protocol and circuits. No vulnerabilities or deviations were found.
Halo2 Gadgets and Circuits: Changes were examined for deviations from specifications and missing constraints, with no issues discovered.
Non-Circuit Improvements: Cryptographic best practices and standards were reviewed, with no concerns identified.
π¬| General Comments
Your team conducted a security audit of the OrchardZSA Protocol, an extension of the Zcash Orchard protocol introduced in Network Upgrade 5. This extension enables shielded custom assets (ZSA), which allow Zcash to interoperate with other blockchain assets while maintaining compatibility with the original Orchard protocol for native ZEC transactions.
The audit focused on the protocol's security properties β balance, spendability, privacy, non-malleability, and diversifier address unlinkability β and included:
Key Findings:
No vulnerabilities were found related to the Faerie Gold attack or roadblock attack.
The ZSA circuit extensions and their implementation align with the Zcash Improvement Proposals (ZIP 226 and ZIP 227) under the assumption that these proposals and the original Orchard circuit are correct.
Halo2 gadget and circuit updates showed no issues or deviations from specifications.
Additional Observations:
Non-circuit-related changes were reviewed against cryptographic best practices, with no concerns identified.
The system is well-designed, thoroughly documented, and emphasizes security.
π‘| Conclusion:
The OrchardZSA Protocol was found to be well-designed, clearly documented, and strongly focused on security, with no vulnerabilities or issues identified during the audit.
π§βπ»| Code Quality
The repositories in scope, as well as the original Orchard and Halo2 codebase, are well-organized and of high quality, in that they adhere closely to development best practices
β οΈ| Areas of Concern
Least Authorityβs investigation focused on the following areas:
β Correctness of the implementation;
β Vulnerabilities within each component and whether the interaction between the components is secure;
β Key management, including secure private key storage and management of encryption and signing keys;
β Denial of Service (DoS) and other security exploits that would impact the intended use or disrupt the execution;
β Protection against malicious attacks and other ways to exploit;
β Inappropriate permissions and excess authority;
β Data privacy, data leaking, and information integrity; and
β Anything else as identified during the initial analysis phase.
π| Read the full audit here
Shielded Labs has announced that Sam H. Smith is joining as a Core Engineer. Sam will collaborate with Zooko Wilcox and Nate to develop the first implementation of Crosslink and help transition Zcash to a Hybrid Proof of Stake (PoS) system. He will also participate in bi-weekly ZIP Sync Meetings, working toward becoming a ZIP Editor.
Based in Sweden, Sam has a diverse technical background, including rewriting the Byzantine Fault Tolerant consensus algorithm for Hyperledger Iroha 2. He is the creator of Serenum, a custom-built operating system, and Brevis, a programming language specifically designed for Serenum.
To enhance performance, he re-engineered the Brevis compiler using a sea of nodes architecture, akin to those used in Chromeβs V8 engine and Oracleβs HotSpot. Sam also has expertise in low-level game engine programming, physics engines, rendering, and Data-Oriented Design.
Sam expressed his enthusiasm for joining Shielded Labs, stating his passion for advancing Zcash, which he regards as a crucial private and fungible digital currency. Shielded Labs looks forward to his contributions to Crosslink and the future of Zcash.
π| Link
The ZK Av Club is celebrating its anniversary this month with a special AMA featuring its creator and leader, Adjy Leak, joined by @MadBitcoins. This event offers a chance for the community to connect, ask questions about the club's journey, upcoming events planned for 2025, and topics like technology, apps, cryptocurrencies, decentralization, and current events.
The AMA will serve as the final episode (s00e05) of the club's warm-up season, marking a transition to exciting new plans ahead. It will be streamed on the @WorldCryptoNet Twitter (X) account, and the ZK Av Club invites everyone to join, celebrate, and support them by following @ZKAV_Club.