Zipher

Zcash has world-class cryptographic privacy. Zipher extends it by eliminating timing metadata and enabling entirely new transfer channels.

Zipher brings back true bearer instruments with capsules.

A capsule packages value into an encrypted file that moves off-chain via Bluetooth and iMessage. Only two transactions ever hit the chain: mint (funding) and sweep (settlement). Everyone in between is invisible.

Alice → Bob → Carol → Dave, all off-chain. The chain sees two unrelated transactions, hours apart. No timing correlation. No pattern to analyze.

Send via iMessage like Venmo. Hand it off over Bluetooth like a $20 bill. No address exchange, no QR scanning, works offline.

The UX of cash, the privacy of Zcash.

The core challenge is double-spend prevention. Bearer instruments mean the sender still has access to all capsule keys after sending. What prevents them from restoring and sweeping before the recipient does?

The solution I landed on (for now) is a restore timelock. Restoring from seed locks capsule operations for 7 days, giving recipients time to sweep first. This also required making recovery phrases incompatible with other Zcash wallets, since if you could import into Zashi, you could sweep externally. A custom derivation salt prevents this.

Zcash SDK integration is currently stubbed. The crypto layer (aes-256-gcm, zip-32 derivation, capsule file format) is real, but broadcasting transactions needs lightwalletd which isn’t wired up yet. Works end-to-end with mock data.

iMessage extension was tricky. App groups for sharing state between main app and extension, marking capsules as sent when you return. That part works.

Please see https://zipher.app/articles/litepaper for additional details.