adityapk00/zecwallet-light-cli

User should be able to send outgoing transactions via Stolon

holmesworcester opened this issue · 5 comments

Existing Zcash wallets (including zcashd) reveal a lot about a user in the process of sending to the network.

For example, a malicious node can use network activity to link all a user's separate transactions to some transaction that identifies them (a transaction with an exchange, for example.)

The Zcash Foundation's Stolon addresses this by sending transactions across a series of relay nodes, via Tor.

Stolon is designed to work in Zebra, but it provides a standalone version as well, designed to work with other Zcash full nodes or light wallets. This standalone version receives a freshly-created transaction and submits it to the network.

Stolon is the approach to private transaction transmission that has received the most attention, and the code is available and working. Zecwallet-light-cli should support it, to close the existing privacy leak when sending transactions. Options include:

  1. Bundling Tor and Stolon with zecwallet-light-cli
  2. Include Stolon but require that the user or the application bring their own Tor.
  3. Provide an API for creating transactions that does not send them to the network and simply returns the created transaction. Require the application (or user) to bring their own Stolon and Tor.

The third option is probably the simplest and the best place to start. Zbay and Zecwallet-light could find their own solutions, and that seems fine as a staring point. However, since the user's privacy hinges on all of this being done correctly, ideally all of this would be packaged up into a single off-the-shelf solution, since that avoids the risks involved in every wallet developer rolling their own solution.

Also relates to #59

gmale commented

Stolon looks very interesting. On a related note, I've been chatting with Henry a bit about leveraging the zebra_networking crate to enable p2p in mobile. In the process, implementing one of its intended use cases.

This part really resonates (and would add "Native iOS," "Native Android," "Web," and "React Native" to the list):

Zbay and Zecwallet-light could find their own solutions, and that seems fine as a staring point. However, since the user's privacy hinges on all of this being done correctly, ideally all of this would be packaged up into a single off-the-shelf solution, since that avoids the risks involved in every wallet developer rolling their own solution.

As such, I think this could be a primary interest of the light client working group because having one robust solution requires collaboration. Working together can result in something that's flexible enough to meet the needs of typical native, desktop and web developers.

Is Stolton ready for implementation?

There seems to be a reference implementation here: ZcashFoundation/zebra#1008, which would be cool to implement in zecwallet-light-cli as well. It definitely looks doable.

We should double check with @hdvalence!

I just pinged them.