Zcash Shielded Escrow
Argus uses Zcash shielded transactions for maximum-privacy HUMINT payments. This document covers the escrow system architecture.
Overview
For high-risk sources, transparent blockchain payments create a dangerous paper trail. Even if we don't know who the source is, an adversary can see "someone received payment from Argus" and investigate further.
Zcash shielded transactions (z-addresses) solve this by hiding:
- Sender (Argus escrow pool)
- Receiver (source's z-address)
- Amount (payment size)
Architecture
Consumer pays (USDC/NEAR/etc)
↓
1Click API
↓
Transparent ZEC → Argus t-address
↓
Shield operation (t→z)
↓
Shielded escrow pool (z-address)
↓
z→z payout to source
Flow Details
- Consumer Payment: Consumer pays for bounty/subscription in any supported currency
- 1Click Conversion: NEAR Intents converts to ZEC, deposited to our transparent address
- Shielding: We move ZEC from t-address to our z-address (shielded pool)
- Escrow Hold: Funds held in shielded pool until release conditions met
- Shielded Payout: z→z transfer to source's z-address - completely private
Addresses
| Type | Address | Purpose |
|---|---|---|
| Transparent (t-addr) | t1L5D4HtBGFgkKQGL7AMH8613sUPd4Mt6ek | Receiving 1Click deposits |
| Shielded (z-addr) | zs1e0jxyugqem4sg... | Escrow pool for payouts |
Bounty Escrow
When a bounty is posted:
- Creator deposits funds (converted to ZEC via 1Click)
- ZEC is shielded into escrow pool
- Bounty status:
open→ funds locked
When bounty is fulfilled:
- Source submits intel that satisfies bounty
- Creator (or crowd) verifies submission
- If accepted: escrow releases z→z to source
- If rejected: escrow returns to creator
// Example bounty payout
const result = await processBountyPayout(bountyId);
// Returns: { success: true, operationId: 'opid-xxx' }
Subscription Escrow
For recurring subscriptions:
- Subscriber pays monthly fee
- Converted to ZEC and shielded
- Released to source at end of billing period
- Automatic renewal or cancellation
Privacy Levels
| Method | Privacy | Use Case |
|---|---|---|
| z→z (shielded) | Maximum | High-risk sources |
| t→z (shielding) | High | Incoming deposits |
| t→t (transparent) | Low | Not used |
Operational Security
For Sources
- Always use z-addresses (start with
zs1) - Never reuse addresses - generate new for each source
- Create offline if in hostile environment
- Don't mix with personal wallet activity
For Argus
- Shield incoming funds promptly
- Batch shield operations when possible
- Monitor escrow balance
- Rotate addresses periodically
API Endpoints
# Get escrow status
GET /api/escrow/status
# Shield incoming ZEC (admin)
POST /api/escrow/shield
# Process bounty payout (admin)
POST /api/escrow/bounty/:id/release
Configuration
Required environment variables:
ZCASH_RPC_URL=http://127.0.0.1:8232
ZCASH_RPC_USER=argus_zcash
ZCASH_RPC_PASS=<secret>
ZCASH_T_ADDRESS=t1L5D4HtBGFgkKQGL7AMH8613sUPd4Mt6ek
ZCASH_Z_ADDRESS=zs1e0jxyugqem4sg...
Node Requirements
- zcashd v6.x or later
- ~30GB disk for blockchain
- 4GB RAM recommended
- Sapling parameters downloaded
Recovery
The wallet recovery phrase is stored securely. In case of server loss:
- Install zcashd on new server
- Restore from 24-word phrase
- Rescan blockchain
- Resume operations
⚠️ Never share the recovery phrase. It controls all escrow funds.