Skip to content

docs(zcash): clarify ZcashDisplayAddress verification scope #25

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
BitHighlander merged 1 commit into from
Mar 25, 2026
Merged

docs(zcash): clarify ZcashDisplayAddress verification scope #25

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
27 changes: 19 additions & 8 deletions messages-zcash.proto
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -157,20 +157,31 @@ message ZcashTransparentSig {
* the FVK from the seed and verifies it matches the provided components
* before displaying the address with a QR code.
*
* Security: The device confirms the address belongs to the correct
* seed/account by verifying the FVK. The address itself is host-computed
* (full on-device UA derivation requires Sinsemilla/SWU not yet in firmware).
* VERIFICATION SCOPE: The device only verifies that the Orchard FVK
* (ak, nk, rivk) in this request matches what it derives from the seed
* at the given account. A Unified Address may bundle receivers from
* multiple pools (transparent, Sapling, Orchard). The device CANNOT
* verify non-Orchard receivers — the guarantee is limited to:
* "This UA contains an Orchard receiver from this account."
* It does NOT guarantee that transparent or Sapling receivers (if
* present) are also controlled by this device.
*
* Full on-device UA derivation (Sinsemilla + SWU hash-to-curve)
* is planned for a future firmware release.
*
* Either account or a complete address_n path is REQUIRED.
* The device will reject requests that omit both.
*
* @next ZcashAddress
* @next Failure
*/
message ZcashDisplayAddress {
repeated uint32 address_n = 1; // ZIP-32 derivation path [32', 133', account']
optional uint32 account = 2; // Account index (alternative to full path)
repeated uint32 address_n = 1; // ZIP-32 path [32', 133', account'] — required if account omitted
optional uint32 account = 2; // Account index — required if address_n omitted
optional string address = 3; // Host-computed unified address ("u1...")
optional bytes ak = 4; // 32-byte ak for FVK verification
optional bytes nk = 5; // 32-byte nk for FVK verification
optional bytes rivk = 6; // 32-byte rivk for FVK verification
optional bytes ak = 4; // 32-byte ak for Orchard FVK verification
optional bytes nk = 5; // 32-byte nk for Orchard FVK verification
optional bytes rivk = 6; // 32-byte rivk for Orchard FVK verification
}

/**
Expand Down