2023-03-29 ZSA meeting.

# 2023-03-29 ZSA meeting. Previous meeting notes: https://hackmd.io/lrClwPxBTl-Fd-z6SqX6kw Participants: Daira(Zcash), Pablo(QEDIT). - We discussed a potential replay vulnerability for the issuance bundle. A potential replay can be performed if we allow transactions with only one bundle - the issuance bundle. Since the SIGHASH is created using only the information from the issue bundle, a duplicated bundle will have the same SIGHASH, and the IssueSig will remain valid for both transactions. **Mitigation using other inputs:** To achieve consensus, we will continue to require at least one other input, excluding the issuance bundle from the input count. Since inputs cannot be reused, the SIGHASH is guaranteed to change between transactions. The alternative considered: introduce a nonce into the issuance bundle and make sure the nonces are unique/incremental. Discarded due to the need to track the nonces similarly to how we track nullifiers. - We discussed Rust versions. Daira updated that several issues might affect the selection of the next Rust version (see posts starting from https://discord.com/channels/809218587167293450/809251050741170187/1090599284182880338). At the current state, it is possible to upgrade up to and including `1.64.0` without difficulty. The ZSA implementation currently uses version `1.61`, so we expect compatibility after an upgrade. - QEDIT will create a PR to `zcash/halo2` once https://github.com/QED-it/halo2/pull/5 is finalized. - For Issuance key derivation (working draft: https://deploy-preview-8--zcash-zips-qedit.netlify.app/zip-0227#issuance-key-derivation), we decided to remove the personalization `[0xa1]` and reuse the existing zip32 personalization. This section is not final and will be reviewed again by both Zcash and QEDIT. - We discussed UNICODE as described by Daira in https://github.com/zcash/zips/pull/649#discussion_r1122379412 and decided to follow option #1: not to force Unicode encoding by the protocol but publish a guideline for correct interpretation at the application layer. - Decided to start presenting changes to the circuit in the upcoming meetings (ideally, starting from the next meeting) - The meeting in two weeks falls on a holiday. We will move it to one week earlier.