Quick update on the last ~48 hours of Zcash Ironwood! 1. Protocol devs from across all the orgs met twice to discuss specification and implementation progress. Agreement on a couple additional changes: disabling Orchard pool bundles in coinbases, anchors as auth data for migration UX with hardware wallets, and the order that ZIPs and specs will be handled. 2. Ironwood circuit and ZIP 2005 integration drafts are going through the review process. @ValarGroup has already spun up testnets and his team has done a wonderful job scoping out and implementing some of the wallet-facing changes. We are beginning an Ironwood upgrade book for eventual consumption by auditors, wallets, protocol developers, etc.. 3. Formal verification work on Ironwood continues. A collection of different individuals who either have or will continue to work on formalization efforts will be meeting tomorrow where we'll settle on the specific strategy for getting the Ironwood SNARK formally verified. I'm hosting this and will post minutes and details after. Efforts from teams will be ideally combined where useful, existing approaches and progress unified and we'll figure out the easiest path for the next couple weeks. I've paused my own work on this to do Ironwood circuit stuff, but I'll be resuming on that tomorrow. These are the big pieces, there are also some major security auditing tasks taking place in the background -- at least three major firms are auditing Orchard currently, and multiple new AI auditing suites are hammering the codebases to ensure nothing else critical is sitting around anywhere. So far so good! Really proud of how much progress is being made every hour on this by all five of our major teams/orgs and our supporters inside and outside the community. Also love the general wartime vibe shift. Let's go!

Together with @zodl_co, @ZcashFoundation, @ValarGroup and @ShieldedLabs, we're advocating for a network upgrade that would make ZEC's circulating supply auditable, providing additional reassurance that no counterfeiting occurred in the Orchard pool before this week's bugfix. tachyon.z.cash/blog/auditing…

Really excited to audit the Orchard pool's supply with a very elegant and wonderful approach @ShieldedLabs suggested. More about that later today. But it's funny that the whole time we're fixing it I'm going be paying bills etc. with my Orchard funds! I love it. 😆

Shielded protocols give you privacy in exchange for placing supply integrity in the faith of cryptographic assumptions. This is true for all of these protocols, every one of them, without exception. There is no cheap trick that lets you get around this, like another technique that verifies what's "really happening" inside the pool. You will always find yourself just repeating what the SNARKs are already doing, using (possibly different) cryptographic assumptions. The only thing we can do is rely on safe assumptions, and make our code flawless. Prior to a few years ago neither of these were practical, but we're beyond this. We can formally verify our shielded protocols and their implementations so that their correctness mathematically reduces to these cryptographic assumptions. We may soon even do this with the current version of Orchard itself (there are at least three different teams competing to implement a fully verified proof of Orchard's circuit right now, for example). These proofs don't have to be checked by humans in their entirety, just the small theorems that describe the security notions and specifications. Perfect shielded pools.

RT @zooko: x.com/i/article/206264193687…

Late last year, we decided to use simpler and more conservative cryptography for Tachyon to reduce the chance of bugs. Earlier this year, we hired @zksecurityXYZ to help configure our circuits for formal verification. Zcash's future shielded pools will all be provably sound.

As we blogged about last month, the new shielded pool we're developing for Zcash will use formal verification, more conservative cryptography, a simple arithmetization, robust APIs, fuzzing, and extensive auditing from humans and AI. And much more: tachyon.z.cash/blog/folding-…

"Vitalik writes an article saying I'm not in charge anymore, don't look at me. And then everyone in Ethereum is like, oh my God, such a great article, I can't wait for him to write something next" David on why Vitalik can't escape being Ethereum's leader even if he wants to "It's a trap. Everyone just loves and follows Vitalik and he doesn't even want that. He just wants to be some guy who doesn't want this responsibility" "It's hard to stop being Jesus, I guess. Jesus is Jesus, dude"

Tachyon redesigns the architecture of shielded payments by separating cryptographic state from payment logic. One layer focuses purely on SNARKs, encryption, and recursive proofs, the other evolves around addresses, UX, and key exchange. @MariusMargulus on why that matters.

Here we have @MariusMargulus's talk detailing Project @TachyonZcash at #zk14, a significant scalability upgrade for Zcash, implementing recursive composition to overcome performance limits in existing shielded pools. @Zcash youtu.be/D51JV1ItMGE?si=9Pal…

NU7 code ready to play with 🫡 Feel the win of 3x faster blocks

Zcash Quantum Recoverability ZIP 2005 merged as Proposed. Our first major buffer against quantum soundness problems is now headed toward wallet integration. As wallets update to support the ZIP, user funds will migrate. No network upgrade necessary for this step.

Here are the full five minutes from @zooko's talk at @ns, including the private conversation with his friend Hal Finney shortly before Hal passed away. Our earlier clip missed context. That's on us.

Zcash wouldn't exist without @zooko. He seeded the technical and cultural values of the project that have kept us vigilant in defense of its integrity. Much of Zcash's recent success has been because Zooko plays a less central role in the project, and it has decentralized and grown to transcend him. I think he would agree! But he is still a major spiritual force of the project, and an ally that wants it to succeed. Let's be mindful of the signal we send our next generation of risk takers, by how we treat his legacy. Zcash has a long road ahead of it, and no single one of us can carry it across the finish line. We're all liable to end up in @zooko's shoes one day. You do not want to be on the receiving end of the poetic justice served for the things you said when you were once on the winning team.

Zcash Quantum Recoverability security proofs got agreed upon Wednesday, and now the PR's are in. Whose going to be first to test out quantum recoverability on mainnet 👀

Tal (@MariusMargulus) gave a talk on Project Tachyon and Ragu at zkSummit in Rome. The presentation explored recursive proving, oblivious synchronization, shielded aggregation, and the architectural primitives designed to scale shielded Zcash toward planetary scale privacy.