Skip to content

Frontier-Compute/zec-pay

BranchesTags

Repository files navigation

zec-pay

Zcash payment receiver with on-chain ownership attestation.

Built for Nordic Shield — privacy-shielded mining infrastructure operated by Frontier Compute.

What it does

  • Payment receiver: Creates unique Orchard shielded addresses per invoice. Detects payments via trial decryption against a Zebra full node. ZIP-321 QR codes. Signal notifications.
  • On-chain attestation: Every program entry and hardware assignment is committed to a BLAKE2b Merkle tree. The root is periodically anchored on Zcash via a shielded memo transaction. Anyone can verify ownership without trusting the operator.
  • Verification: /verify/{leaf_hash} renders a proof page showing the Merkle proof path, root, anchor txid, and block height. An independent Python verifier (verify_proof.py) can recompute and confirm proofs offline.

Protocol

Three memo types (NSM1 format):

Type Name Trigger
0x01 PROGRAM_ENTRY Starter pack payment confirmed
0x02 OWNERSHIP_ATTEST Machine serial assigned to wallet
0x09 MERKLE_ROOT Periodic anchor to Zcash

All hashes use BLAKE2b-256 with NordicShield_ personalization. Merkle nodes use NordicShield_MRK. Full spec: ONCHAIN_PROTOCOL.md.

First mainnet proof

Anchored on Zcash mainnet block 3,286,631 on March 27, 2026.

  • Anchor txid: 98e1d6a01614c464c237f982d9dc2138c5f8aa08342f67b867a18a4ce998af9a
  • Root: 024e36515ea30efc15a0a7962dd8f677455938079430b9eab174f46a4328a07a
  • Details: E2E_PROOF_20260327.md

Stack

  • Rust (axum, rusqlite, zcash_client_backend, blake2b_simd, qrcode)
  • Zebra 4.3.0 for RPC (getblock, getrawtransaction, getrawmempool)
  • SQLite for invoices, Merkle leaves, Merkle roots, payment records
  • Docker for deployment

Setup

cp .env.example .env.mainnet
# Edit .env.mainnet with your UFVK, API_KEY, etc.
docker compose -f docker-compose.mainnet.yml build
docker compose -f docker-compose.mainnet.yml up -d

API

Method Route Auth Description
POST /invoice Bearer Create payment invoice
GET /pay/{id} Payment page with QR
GET /invoice/{id} Invoice status JSON
POST /assign Bearer Assign serial to wallet
GET /miner/{wallet_hash} Miner dashboard
GET /verify/{leaf_hash} Ownership proof page
GET /health Scanner health JSON

Independent verification

python3 verify_proof.py \
  --wallet-hash <wallet_hash> \
  --serial <serial_number> \
  --proof proof.json \
  --root <expected_root_hex>

Tests

docker build --target builder -t zec-pay-test .
docker run --rm zec-pay-test cargo test --release --test memo_merkle_test

23 tests covering memo encode/decode, hash determinism, Merkle tree computation, proof generation, and proof verification.

License

MIT

About

Zcash payment receiver with on-chain ownership attestation. BLAKE2b Merkle tree, shielded memo anchoring, Orchard trial decryption. Built for Nordic Shield.

Topics

rust privacy mining blake2b merkle-tree zcash orchard shielded

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages