# librustzcash Upstream Note
This is a document summarizing the scope of token holder voting `librustzcash` upstream changes for the ZODL team.
## Pull Requests
### Group 1: Make PCZT/signing getters public
- [pczt: Add public getter for spend_auth_sig](https://github.com/zcash/librustzcash/pull/2281)
### Group 2: Expose APIs to enable note commitment tree snapshots
- [zcash_client_sqlite: Add historical height witness generation](https://github.com/zcash/librustzcash/pull/2283)
- [zcash_client_sqlite: Add WalletDb::get_orchard_notes_at_historical_height](https://github.com/zcash/librustzcash/pull/2284)
## Motivation
### Group 1: Make PCZT/signing getters public
The sighash is a 32-byte ZIP-244 digest over the entire transaction structure. In normal Zcash, signing it authorizes a spend.
The Keystone trick: we build a PCZT that is a dummy Zcash transaction whose rho is constrained to commit to all the governance data ([Vote Authority Note](https://valargroup.gitbook.io/shielded-vote-docs/userflow/delegating-your-vote#how-delegation-works), nullifiers, round ID). It will never be broadcast on Zcash.
Both signing paths produce a signature over the same sighash:
- **Software**: extracts it via shielded_sighash(), stores it, signs later with the derived key
- **Keystone**: receives the PCZT via QR, recomputes the sighash internally, signs it on-device
The [Cosmos voting chain](https://github.com/valargroup/vote-sdk) verifies the signature against rk to confirm the Zcash key holder authorized this specific delegation. Keystone doesn't know it's signing a governance action — it just sees a valid PCZT. The sighash is the bridge: because it commits to the governance-constrained rho, the Zcash spending key becomes a general-purpose authorization mechanism for the voting protocol.
### Group 2: Expose APIs to enable note commitment tree snapshots
These are used to generate witnesses at a snapshot height to delegate voting authority.
We use [get_unspent_orchard_notes_at_historical_height](https://github.com/zcash/librustzcash/pull/2284) to query the set of unspent Orchard notes held by a wallet at a governance voting snapshot height, so that the voting weight can be derived from on-chain balances without relying on current wallet state.
We then generate witnesses for these notes using [generate_orchard_witnesses_at_historical_height](https://github.com/zcash/librustzcash/pull/2283).
See comprehensive analysis of the design [here](https://valargroup.gitbook.io/shielded-vote-docs/appendices/membership-proofs-at-historical-heights).
## Separate `librustvoting`
We have separated a voting-specific Rust repository called [librustvoting](https://github.com/valargroup/librustvoting).
It consists of:
- The core library components for [ZKP delegation](https://valargroup.gitbook.io/shielded-vote-docs/zkp-specifications/zkp1-delegation-proof), [vote](https://valargroup.gitbook.io/shielded-vote-docs/zkp-specifications/zkp2-vote-proof])/[vote reveal](https://valargroup.gitbook.io/shielded-vote-docs/zkp-specifications/zkp3-vote-reveal-proof) proofs.
- El Gamal encryption
- Governance PCZT construction
- Merkle witness generation
- SQLite round-state persistence
- The client components for the [Vote Commitments](https://valargroup.gitbook.io/shielded-vote-docs/circuit-components/vote-commitment-integrity) and [Vote Authority ](https://valargroup.gitbook.io/shielded-vote-docs/data-types/data-types#vote-authority-note-van) Note Trees.
- [Nullifier Non-Membership](https://valargroup.gitbook.io/shielded-vote-docs/circuit-components/imt-non-membership#client-side-considerations) Private Information Retrieval Client.
Our goal is to upstream this to `zcash-swift-wallet-sdk`, pending ZODL's team approval. See [implementation](https://github.com/zcash/zcash-swift-wallet-sdk/pull/1687).
## Other System Components and Resources
- [Voting Circuts HackMD Summary](https://hackmd.io/kffpEC0hQcCtbP8ZlP0oJg)
- [Voting Protocol ZIP](https://github.com/zcash/zips/pull/1200)
- [Balance Proof ZIP](https://github.com/zcash/zips/pull/1199)
- [Nullifier Non-Membership Private Information Retrieval ZIP](https://github.com/zcash/zips/pull/1198)
- [Vote Cosmos SDK Cahin](https://github.com/valargroup/vote-sdk)
- [Nullifier Tree Non-Membership](https://github.com/valargroup/vote-nullifier-pir)
- [Client Side Voting Library](https://github.com/valargroup/librustvoting)
- [Gitbook](https://valargroup.gitbook.io/shielded-vote-docs)
Sign in via Google
Sign in via Facebook
Sign in via X(Twitter)
Sign in via GitHub
Sign in via Dropbox
Sign in with Wallet
Connect another wallet