Skip to content

Draft: Add PIR-based spendability checking and witness fetching#15

Draft
p0mvn wants to merge 1 commit into
mainfrom
roman/spendability-pir
Draft

Draft: Add PIR-based spendability checking and witness fetching#15
p0mvn wants to merge 1 commit into
mainfrom
roman/spendability-pir

Conversation

@p0mvn

@p0mvn p0mvn commented Apr 10, 2026
edited
Loading

Copy link
Copy Markdown

Use Private Information Retrieval to detect spent notes and fetch witnesses before sync completes, giving users early visibility into pending spends. Adds the full data flow (SDK synchronizer interface, Root reducer orchestration, shared state), a PIR setup screen in Advanced Settings with a persisted user toggle, and pending-spend UI treatment in transaction rows.

Motivation

During normal wallet sync, Orchard notes are not spendable until the
shard-tree scanner has processed enough blocks to construct a Merkle
authentication path for each note. For wallets that are catching up after
being offline, this can mean a significant delay before funds become
available.

Nullifier PIR (Private Information Retrieval) sidesteps this by querying
an external server for two pieces of information:

  1. Nullifier inclusion — has a note been spent on-chain? This lets the
    wallet mark notes as spent before the scanner confirms it.
  2. Merkle authentication paths — the server provides the witness data
    needed to spend a note, so the wallet does not need to wait for its
    local shard to be fully scanned.

Together, these allow the wallet to display accurate spendable balances
and build transactions within seconds of startup, rather than waiting for
a full scan.

Design Assumptions

  • Spendability check is triggered when the user opens the app for all notes in the wallet at the time
  • Keystone / PCZT path is kept out of the initial scope
  • The only new UI components are configuration in Advanced Settings (screenshots attached)
  • The main user-facing side-effect is immediate spendability (sub 10 seconds for 2 notes) when starting up
  • When spending, all notes must reference the same anchor height. The anchor height is refreshed right before confirmation and chosen for spending.
  • There is an automated retry mechanism if the broadcasting fails due to invalid anchor height

Video Demo

https://screen.studio/share/tm6q8yUz

Related PRs

This code review checklist is intended to serve as a starting point for the author and reviewer, although it may not be appropriate for all types of changes (e.g. fixing a spelling typo in documentation). For more in-depth discussion of how we think about code review, please see Code Review Guidelines.

Author

  • Self-review: Did you review your own code in GitHub's web interface? Code often looks different when reviewing the diff in a browser, making it easier to spot potential bugs.
  • Automated tests: Did you add appropriate automated tests for any code changes?
  • Code coverage: Did you check the code coverage report for the automated tests? While we are not looking for perfect coverage, the tool can point out potential cases that have been missed.
  • Documentation: Did you update Docs as appropiate? (E.g README.md, etc.)
  • Run the app: Did you run the app and try the changes?
  • Did you provide Screenshots of what the App looks like before and after your changes as part of the description of this PR? (only applicable to UI Changes)
  • Rebase and squash: Did you pull in the latest changes from the main branch and squash your commits before assigning a reviewer? Having your code up to date and squashed will make it easier for others to review. Use best judgement when squashing commits, as some changes (such as refactoring) might be easier to review as a separate commit.

Reviewer

  • Checklist review: Did you go through the code with the Code Review Guidelines checklist?
  • Ad hoc review: Did you perform an ad hoc review? In addition to a first pass using the code review guidelines, do a second pass using your best judgement and experience which may identify additional questions or comments. Research shows that code review is most effective when done in multiple passes, where reviewers look for different things through each pass.
  • Automated tests: Did you review the automated tests?
  • Manual tests: Did you review the manual tests?You will find manual testing guidelines under our manual testing section
  • How is Code Coverage affected by this PR? We encourage you to compare coverage befor and after your changes and when possible, leave it in a better place. Learn More...
  • Documentation: Did you review Docs, README.md, LICENSE.md, and Architecture.md as appropriate?
  • Run the app: Did you run the app and try the changes? While the CI server runs the app to look for build failures or crashes, humans running the app are more likely to notice unexpected log messages, UI inconsistencies, or bad output data.

@p0mvn
Add PIR-based spendability checking and witness fetching
d5146ec 
Orchard notes are not spendable until the shard-tree scanner catches up
to the block that contains them. For wallets restoring from seed or
lagging behind the chain tip, this can mean waiting hours before funds
are usable.

Private Information Retrieval lets the wallet query a server to (1)
learn which notes have been spent and (2) obtain note commitment tree
witnesses — all without revealing which notes belong to the wallet. This
makes funds spendable before the scanner completes, dramatically
improving the restore experience.

Made-with: Cursor
@p0mvn p0mvn changed the title Add PIR-based spendability checking and witness fetching Draft: Add PIR-based spendability checking and witness fetching Apr 10, 2026
This was referenced Apr 10, 2026
Draft
Closed
p0mvn
p0mvn commented Apr 10, 2026
View reviewed changes
Comment thread Sources/ZcashLightClientKit/Synchronizer/SDKSynchronizer.swift
spendingKey: spendingKey
)
} catch {
logger.info("[PIR-DEBUG] createProposedTransactions: status=\(isSyncing), usePIRWitnesses=\(proposal.pirWitnessConfig?.usePIRWitnesses ?? false), pirServerURL=\(proposal.pirWitnessConfig?.serverURL ?? "nil")")

@p0mvn p0mvn Apr 10, 2026

Copy link
Copy Markdown
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Note: logs are intentionally left for now for ease of retesting. Tracking to remove before opening up in the upstream

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@p0mvn