Skip to content
R

Rime

A Privacy-hardened UA light client for Zcash.

110
Built at Zypherpunk

Created on 3rd December 2025

R

Rime

A Privacy-hardened UA light client for Zcash.

Carousel Gallery Item: 1
Carousel Gallery Item: 2
Carousel Gallery Item: 3

The problem Rime solves

Current zcash light clients leak metadata through multiple vectors - memo fetch patterns, block-range queries, timing differences, and network identifiers which can allow transaction graph reconstruction and timing correlation attacks, revealing which shielded outputs belong to a wallet, even though the underlying zcash transactions are private.
Rime solves this by providing a hardened, unified address light client that reduces these leaks on the client side. PIR, dummy traffic, full-memo retrieval, bucketing, constant-cost trial decryption, tor integration, and stateless/ephemeral modes make common wallet operations safer without requiring changes to consensus or lightwalletd.

Challenges I ran into

  • Receive only ufvk derivation (non-standard sapling path): zip 32 assumes spend authority, but rime is receive-only, sapling uses a custom all-hardened path (not zip-32 compatible) while orchard stays standard zip-32. Getting both to yield consistent ivks/ufvks and making trial decryption succeed in practice took careful path selection and validation because theres no clear reference for a receive-only ufvk pipeline.
  • PIR from scratch: built xor-pir client/server tooling with fixed-size buckets, two-server query shares, and bucket reconstruction back into valid CompactBlock structures. Ensuring bucket sizing, padding, and xor assembly didnt break witness positions, plus adding a constant-rate dummy scheduler, required several iterations to balance correctness, bandwidth, and sync performance.
  • Sync correctness across sapling/orchard: maintaining incremental witnesses/positions for both pools, handling reorgs (reset-to-birthday, block-hash checks), and checkpointing trees every 1000 blocks while keeping SQLite state consistent was a bit complex. Edge cases like replaying history after reorgs and aligning witnesses with block batches needed multiple redesigns.
  • Tor circuit isolation with arti: splitting RPC vs PIR isolation groups, jittering connects, and managing separate tor state/cache dirs was under-documented. Making isolation reliable (no state leaks, graceful failure handling) required diving into arti’s behavior and tweaking connection timing and isolation tokens.

Tracks Applied (8)

Self-Custody & Wallet Innovation

Rime is a self-custody unified address light client that handles all key material, note detection, trial decryption, and...Read More
Osmosis

Osmosis

Private Payments & Transactions

Rime strengthens private payments by reducing the metadata a light client leaks when receiving and monitoring shielded f...Read More
Osmosis

Osmosis

Privacy Infrastructure & Developer Tools

Rime is primarily a privacy infra project, it implements several metadata hardening mechanisms that dont exist in curren...Read More

Zcash Community Grants

Self-Custody & Wallet Innovation

Rime is a self-custody unified address light client that handles all key material, note detection, trial decryption, and...Read More

Unstoppable Wallet

Privacy Infrastructure & Developer Tools

Rime is primarily a privacy infra project, it implements several metadata hardening mechanisms that dont exist in curren...Read More

Raybot

Generic Bounty

Rime is a unified address light-client, focused on metadata privacy. It implements PIR memo retrieval, dummy/constant-ra...Read More

Mintlify

General Bounty

Rime is a unified address light-client, focused on metadata privacy. It implements PIR memo retrieval, dummy/constant-ra...Read More

Project Tachyon

Private Payments & Transactions

Rime strengthens private payments by reducing the metadata a light client leaks when receiving and monitoring shielded f...Read More

Star Fun

Technologies used

SQLite

Rust

Tor

Zcash Protocol

Discussion

Builders also viewed

See more projects on Devfolio