<p>This ZIP describes a proposed specification for a standardized format for clients who wish to transmit or receive content within the encrypted memo field of shielded transactions.</p>
<p>A well-defined standard for formatting content within the encrypted memo field will help expand its use within the Zcash ecosystem by providing a commonly recognized format for memo values carrying different types of data. Users and third-party services benefit from standardized formatting rules that define the type and length of the data contained within.</p>
<p>Section 5.5 of the Zcash protocol specification <aid="id1"class="footnote_reference"href="#protocol">1</a> defines three cases for the encoding of a memo field:</p>
<ul>
<li>a UTF-8 human-readable string <aid="id2"class="footnote_reference"href="#utf-8">2</a>, padded by appending zero bytes; or</li>
<li>the byte <code>0xF6</code> followed by 511 <code>0x00</code> bytes, indicating "no memo"; or</li>
<li>any other sequence of 512 bytes starting with a byte value <code>0xF5</code> or greater (which is therefore not a valid UTF-8 string), as specified in ZIP 302.</li>
</ul>
<p>This ZIP refines the specification of the third case.</p>
<p>The following specification constrains a party, called the "reader", that interprets the contents of a memo. It does not define consensus requirements.</p>
<li>If the first byte has a value of 0xF6, and the remaining 511 bytes are 0x00, then the user supplied no memo, and the encrypted memo field is to be treated as empty.</li>
<li>If the memo matches any of these patterns, then this memo is from the future, because these ranges are reserved for future updates to this specification:
<ul>
<li>The first byte has a value of 0xF5.</li>
<li>The first byte has a value of 0xF6, and the remaining 511 bytes are not all 0x00.</li>
<li>The first byte has a value between 0xF7 and 0xFE inclusive.</li>
<li>If the first byte has a value of 0xFF then the reader should not make any other assumption about the memo. In order to put arbitrary data into a memo field (that might have some private non-standard structure), the value of the first byte SHOULD be set to 0xFF; the remaining 511 bytes are then unconstrained.</li>
<p>The new protocol specification is an improvement over the current memo field content specification that was in the protocol spec up to version 2020.1.0, which stated:</p>
<blockquote>
<p>The usage of the memo field is by agreement between the sender and recipient of the note. The memo field SHOULD be encoded either as:</p>
<ul>
<li>a UTF-8 human-readable string [Unicode], padded by appending zero bytes; or</li>
<li>an arbitrary sequence of 512 bytes starting with a byte value of 0xF5 or greater, which is therefore not a valid UTF-8 string.</li>
</ul>
<p>In the former case, wallet software is expected to strip any trailing zero bytes and then display the resulting UTF-8 string to the recipient user, where applicable. Incorrect UTF-8-encoded byte sequences should be displayed as replacement characters (U+FFFD).</p>
<p>In the latter case, the contents of the memo field SHOULD NOT be displayed. A start byte of 0xF5 is reserved for use by automated software by private agreement. A start byte of 0xF6 or greater is reserved for use in future Zcash protocol extensions.</p>
</blockquote>
<p>See issue <ahref="https://github.com/zcash/zcash/issues/1849">#1849</a> for further discussion.</p>
<p>Encrypted memo field contents sent without the standardized format proposed here will be interpreted according to the specification set out in older versions of the protocol spec.</p>