Merge pull request #1146 from daira/protocol-2025.6.3

str4d · web-flow · commit 102c6ed3f9a2 · 2025-12-02T21:52:24.000Z
Protocol spec version 2025.6.3
diff --git a/.github/workflows/publish.yaml b/.github/workflows/publish.yaml
@@ -29,9 +29,19 @@ jobs:
         uses: actions/checkout@v5.0.1
         with:
           ref: publish
-          fetch-depth: 0
+          fetch-depth: 100
           ssh-key: ${{ secrets.DEPLOY_KEY }}
 
+      - name: Verify nonexistence of `base_ref`
+        shell: bash
+        run: |
+          if [ -e base_ref ]; then exit 1; fi
+
+      - name: Set base ref
+        run: |
+          git show --format=%H --no-notes --no-patch 'HEAD^' -- |tee base_ref
+          if ! ( grep -E '^[0-9a-f]{40}$' base_ref ); then exit 1; fi
+
       - name: Setup Pages
         uses: actions/configure-pages@v5
 
@@ -48,11 +58,6 @@ jobs:
           # won't find it. Any existing tag of the same name will be overwritten.
           git tag -f "${version}-auto"
 
-      - name: Set base ref
-        run: |
-          git show --format=%H --no-notes --no-patch 'HEAD^' -- |tee base_ref
-          if ! ( grep -E '^[0-9a-f]{40}$' base_ref ); then exit 1; fi
-
       - name: Compile ZIPs and Zcash Protocol Specification
         uses: ./.github/actions/render-protocol
 
diff --git a/.github/workflows/render.yml b/.github/workflows/render.yml
@@ -30,7 +30,7 @@ jobs:
       - name: Checkout repository
         uses: actions/checkout@v5.0.1
         with:
-          fetch-depth: 3
+          fetch-depth: 100
 
       - name: Verify nonexistence of `rendered` and `base_ref`
         shell: bash
diff --git a/README.rst b/README.rst
@@ -43,25 +43,24 @@ and double-check the generated ``rendered/draft-*.html`` file before filing a Pu
 See `here <protocol/README.rst>`__ for the project dependencies.
 
 
-NU6.1 Candidate ZIPs
---------------------
+Settled Mainnet Network Upgrade
+-------------------------------
 
-The following ZIPs are under consideration for inclusion in NU6.1:
+The most recent [settled](https://zips.z.cash/protocol/protocol.pdf#blockchain) Network Upgrade
+on Mainnet is NU6.1, which activated at Mainnet block height 3146400 on November 24, 2025, at
+19:56 UTC.
+
+NU6.1 is described in `ZIP 255: Deployment of the NU6.1 Network Upgrade <zips/zip-0255.md>`__.
+It deployed the following ZIPs:
 
 - `ZIP 1016: Community and Coinholder Funding Model <zips/zip-1016.md>`__
 - `ZIP 271: Deferred Dev Fund Lockbox Disbursement <zips/zip-0271.md>`__
 
-This list is only provided here for easy reference; no decision has been made
-on whether to include each of these ZIPs.
-
-`ZIP 255: Deployment of the NU6.1 Network Upgrade <zips/zip-0255.md>`__ will define which
-ZIPs are included in NU6.1.
-
 
 NU7 Candidate ZIPs
 ------------------
 
-The following ZIPs are under consideration for inclusion in NU7:
+The following ZIPs are under consideration for deployment in NU7:
 
 - `ZIP 226: Transfer and Burn of Zcash Shielded Assets <zips/zip-0226.rst>`__
 - `ZIP 227: Issuance of Zcash Shielded Assets <zips/zip-0227.rst>`__
diff --git a/README.template b/README.template
@@ -43,25 +43,24 @@ and double-check the generated ``rendered/draft-*.html`` file before filing a Pu
 See `here <protocol/README.rst>`__ for the project dependencies.
 
 
-NU6.1 Candidate ZIPs
---------------------
+Settled Mainnet Network Upgrade
+-------------------------------
 
-The following ZIPs are under consideration for inclusion in NU6.1:
+The most recent [settled](https://zips.z.cash/protocol/protocol.pdf#blockchain) Network Upgrade
+on Mainnet is NU6.1, which activated at Mainnet block height 3146400 on November 24, 2025, at
+19:56 UTC.
+
+NU6.1 is described in `ZIP 255: Deployment of the NU6.1 Network Upgrade <zips/zip-0255.md>`__.
+It deployed the following ZIPs:
 
 - `ZIP 1016: Community and Coinholder Funding Model <zips/zip-1016.md>`__
 - `ZIP 271: Deferred Dev Fund Lockbox Disbursement <zips/zip-0271.md>`__
 
-This list is only provided here for easy reference; no decision has been made
-on whether to include each of these ZIPs.
-
-`ZIP 255: Deployment of the NU6.1 Network Upgrade <zips/zip-0255.md>`__ will define which
-ZIPs are included in NU6.1.
-
 
 NU7 Candidate ZIPs
 ------------------
 
-The following ZIPs are under consideration for inclusion in NU7:
+The following ZIPs are under consideration for deployment in NU7:
 
 - `ZIP 226: Transfer and Burn of Zcash Shielded Assets <zips/zip-0226.rst>`__
 - `ZIP 227: Issuance of Zcash Shielded Assets <zips/zip-0227.rst>`__
diff --git a/protocol/Makefile b/protocol/Makefile
@@ -39,8 +39,7 @@ all: .Makefile.uptodate
 	# Note that in Makefiles, a dollar sign must be doubled to get a literal dollar sign in *any*
 	# context. Be very careful if refactoring this to ensure that the contents of `../base_ref`
 	# are only expanded if they are a hash.
-	if ( /bin/true ) || \
-	   ( ! [ -e ../base_ref ] ) || \
+	if ( ! [ -e ../base_ref ] ) || \
 	   ( git diff --name-only "$$(grep -E '^[0-9a-f]{40}$$' ../base_ref).." -- |grep '^protocol/' ) || \
 	   ( git status --porcelain=v1 |grep '^.[^ ] protocol/' ); then \
 	    $(MAKE) all-pdfs; fi
diff --git a/protocol/protocol.tex b/protocol/protocol.tex
@@ -2708,15 +2708,14 @@
 memory-hard \proofOfWork algorithm.
 
 \vspace{1.5ex}
-\newcommand{\thisspecdefines}[1]{This specification defines the \Zcash consensus protocol at launch, and after each of the upgrades codenamed {#1}.}
+\newcommand{\thisspecdefines}[1]{This specification defines the \Zcash consensus protocol at launch, and after each of the upgrades codenamed {#1}. }
 \noindent \notblossom{\sapling{\thisspecdefines{\Overwinter and \Sapling}}}%
 \notheartwood{\blossom{\thisspecdefines{\Overwinter, \Sapling, and \Blossom}}}%
 \notcanopy{\heartwood{\thisspecdefines{\Overwinter, \Sapling, \Blossom, and \Heartwood}}}%
 \notnufive{\canopy{\thisspecdefines{\Overwinter, \Sapling, \Blossom, \Heartwood, and \Canopy}}}%
 \notnusix{\nufive{\thisspecdefines{\Overwinter, \Sapling, \Blossom, \Heartwood, \Canopy, and \NUFive}}}%
 \notnusixone{\nusix{\thisspecdefines{\Overwinter, \Sapling, \Blossom, \Heartwood, \Canopy, \NUFive, and \NUSix}}}%
-\nusixone{This specification defines the \Zcash consensus protocol at launch; after each of the upgrades
-codenamed \Overwinter, \Sapling, \Blossom, \Heartwood, \Canopy, \NUFive, and \NUSix; and proposed changes for \NUSixOne.} %
+\nusixone{\thisspecdefines{\Overwinter, \Sapling, \Blossom, \Heartwood, \Canopy, \NUFive, \NUSix, and \NUSixOne}}%
 It is a work in progress. Protocol differences from \Zerocash and \Bitcoin are also explained.
 
 \vspace{2ex}
@@ -2790,12 +2789,12 @@
 \notbeforenusix{Changes specific to the \NUSix upgrade following \NUFive
 are highlighted in \nusix{\nusixcolorname}.}
 
-\notbeforenusixone{Changes specific to the proposed \NUSixOne upgrade following \NUSix
+\notbeforenusixone{Changes specific to the \NUSixOne upgrade following \NUSix
 are highlighted in \nusixone{\nusixonecolorname}.}
 
 All of these are also changes from \Zerocash.
-The name \Sprout is used for the \Zcash protocol prior to \Sapling
-(both before and after \Overwinter), and in particular its \shieldedProtocol.
+
+The name \Sprout is used for the \shieldedProtocol defined prior to the \Sapling upgrade.
 
 \vspace{1ex}
 \introlist
@@ -2890,9 +2889,11 @@
 
 In each \shieldedTransfer, the \nullifiers of the input \notes are revealed (preventing
 them from being spent again) and the commitments of the output \notes are revealed
-(allowing them to be spent in future). A \transaction also includes computationally sound
-\zkSNARK proofs and signatures, which prove that all of the following hold except
-with insignificant probability:
+(allowing them to be spent in future).
+
+\introlist
+A \transaction also includes computationally sound \zkSNARK proofs and signatures,
+which prove that all of the following hold except with insignificant probability:
 
 For each \shieldedInput,
 
@@ -3212,15 +3213,15 @@
 \end{center}}
 
 \sproutspecific{
-\defining{The \receivingKey $\TransmitPrivate$, \incomingViewingKey
+\defining{A \Sprout \receivingKey $\TransmitPrivate$, \incomingViewingKey
 $\InViewingKey = (\AuthPublic, \TransmitPrivate)$, and \shieldedPaymentAddress
 $\PaymentAddress = (\AuthPublic, \TransmitPublic)$ are derived from the
 \spendingKey $\AuthPrivate$, as described in \crossref{sproutkeycomponents}.}
 } %sproutspecific
 
 \vspace{1ex}
 \saplingonward{
-\defining{An \expandedSpendingKey is composed of a \authSigningKey $\AuthSignPrivate$,
+\defining{A \Sapling \expandedSpendingKey is composed of a \authSigningKey $\AuthSignPrivate$,
 a \authNullifierKey $\AuthProvePrivate$, and an \outgoingViewingKey $\OutViewingKey$.
 From these components we can derive a \authProvingKey $(\AuthSignPublic, \AuthProvePrivate)$,
 a \fullViewingKey $(\AuthSignPublic, \NullifierKey, \OutViewingKey)$,
@@ -3676,7 +3677,7 @@
 that potentially risks \Mainnet funds or displays \Mainnet \transaction information
 to a user \MUST do so only for a \blockChain that includes the \activationBlock of
 the most recent \settled \networkUpgrade, with the corresponding \activationBlock hash.
-Currently, there is social consensus that \NUSix has activated on the \Zcash \Mainnet
+Currently, there is social consensus that \NUSixOne has activated on the \Zcash \Mainnet
 and \Testnet with the \activationBlock hashes given in \crossref{networks}.
 
 A \fullValidator \MAY impose a limit on the number of \blocks it will ``roll back'' when
@@ -4025,17 +4026,19 @@
 
 \lsubsection{Mainnet and Testnet}{networks}
 
-The production \Zcash{} \defining{\network}, which supports the \ZEC token, is called \Mainnet. Governance of its
-protocol is by agreement between the Electric Coin Company and the Zcash Foundation \cite{ECCZF2019}.
-Subject to errors and omissions, each version of this document intends to describe some version
-(or planned version) of that agreed protocol.
+The production \Zcash{} \defining{\network}, which supports the \ZEC token, is called \Mainnet.
+Governance of its protocol is by social consensus on which \fullValidator implementations are
+considered to be faithful implementations of the intended \Mainnet consensus rules (currently,
+\zebra maintained by the Zcash Foundation, and \zcashd maintained by the Electric Coin Company),
+and on how those implementations should be modified. Subject to errors and omissions, each version
+of this document intends to describe some version (or planned version) of the \Zcash protocol.
 
 \defining{All \blockHashes given in this section are in \rpcByteOrder (that is, byte-reversed
 relative to the normal order for a $\SHAFull$ hash).}
 
 \Mainnet \genesisBlock: $\mathtt{00040fe8ec8471911baa1db1266ea15dd06b4a8a5c453883c000b031973dce08}$
 
-\Mainnet \NUSix \activationBlock: $\mathtt{000000000032935a403a29822df72549d9a201e08cfbd5b3c770bb0d66615247}$
+\Mainnet \NUSixOne \activationBlock: $\mathtt{0000000000b98a7d8f390793fa113bf6755935f0c14ea817af07d2c16f2c3ef4}$
 
 \introlist
 There is also a public test \network called \Testnet. It supports a \TAZ token which is intended to
@@ -4046,7 +4049,7 @@
 
 \Testnet \genesisBlock: $\mathtt{05a60a92d99d85997cce3b87616c089f6124d7342af37106edc76126334a2c38}$
 
-\Testnet \NUSix \activationBlock: $\mathtt{0017d56ed80077f45eb88f11d50f4306ee1fbf95892c9a9cb7a9538e72ceabc1}$
+\Testnet \NUSixOne \activationBlock: $\mathtt{01b947c7556b23040dc6840e9d3e4c6d9478c67a87b9737a83be848729d6e0af}$
 
 We call the smallest units of currency (on either \network) \zatoshi.\footnote{\definingquotedterm{tazoshi}
 may be used for the smallest units of currency on Testnet, but it is usually more convenient to use a
@@ -15285,6 +15288,16 @@
 \intropart
 \lsection{Change History}{changehistory}
 
+\historyentry{2025.6.3}{2025-12-02}
+
+\begin{itemize}
+\nusixone{
+    \item Specify in \crossref{blockchain} that \NUSixOne is the most recent \settled \networkUpgrade
+          on \Testnet and \Mainnet.
+} %nusixone
+    \item Update the description in \crossref{networks} of protocol governance.
+\end{itemize}
+
 
 \historyentry{2025.6.2}{2025-11-11}
 
@@ -16091,7 +16104,7 @@
     \item Add a caveat in \crossref{orchardkeycomponents} about reuse of $\CommitIvkRand$
           between $\PRFexpand{}$ and $\CommitIvk{}$.
     \item Expand the set of ZIPs associated with \NUFive in \crossref{networkupgrades}, and
-          reference \cite{Zcash-Orchard} and \cite{Zcash-halo2} there.
+          reference \cite{Zcash-halo2} and \cite{Zcash-Orchard} there.
     \item Section \crossref{concreteorchardkdf} should be in \nufivecolorname.
     \item Explicitly note that the end of the \cite{ZIP-212} grace period precedes \NUFive activation.
     \item Change the condition for presence of $\anchorField{Sapling}$ in a version 5 \transaction
@@ -16347,7 +16360,7 @@
     \item \textbf{Retrospective note:}
           Changing $\KAPublicPrimeOrder{Sapling}$ to $\KA{Sapling}\mathsf{.PublicPrimeSubgroup}$
           was a mistake and has since been reverted in specification version \historyref{2025.6.0}.
-          As discussed in notes added in \historyref{2023.4.0} at \crossref{decryptovk},
+          As discussed in notes added in version \historyref{2023.4.0} at \crossref{decryptovk},
           \librustzcash changed in \cite{librustzcash-109} to enforce that $\DiversifiedTransmitPublic$
           is not $\ZeroJ$. \zcashd also used a different implementation for a consensus check on \shielded
           coinbase outputs. The missing check on $\DiversifiedTransmitPublic$ for the latter was corrected
