diff --git a/api/api.proto b/api/api.proto
index 50e7f0950..89e8bcf8e 100644
--- a/api/api.proto
+++ b/api/api.proto
@@ -142,6 +142,7 @@ service Wallet {
   //Use this function instead of CreateAccount.
   rpc CreateAccount2 (AccountCreateContract) returns (TransactionExtention) {
   }
+
   //Please use CreateWitness2 instead of this function.
   rpc CreateWitness (WitnessCreateContract) returns (Transaction) {
     option (google.api.http) = {
@@ -406,7 +407,7 @@ service Wallet {
 
   rpc TriggerConstantContract (TriggerSmartContract) returns (TransactionExtention) {
   }
-  
+
   rpc ClearContractABI (ClearABIContract) returns (TransactionExtention) {
   }
 
@@ -614,7 +615,6 @@ service Wallet {
     };
   }
 
-
   rpc AddSign (TransactionSign) returns (TransactionExtention) {
 
   }
@@ -623,14 +623,69 @@ service Wallet {
 
   }
 
-  rpc GetTransactionApprovedList(Transaction) returns (TransactionApprovedList) {
+  rpc GetTransactionApprovedList (Transaction) returns (TransactionApprovedList) {
 
   }
 
   rpc GetNodeInfo (EmptyMessage) returns (NodeInfo) {
   };
-};
 
+  // for shiededTransaction
+  rpc CreateShieldedTransaction (PrivateParameters) returns (TransactionExtention) {
+  };
+
+  rpc GetMerkleTreeVoucherInfo (OutputPointInfo) returns (IncrementalMerkleVoucherInfo) {
+  }
+
+  rpc ScanNoteByIvk (IvkDecryptParameters) returns (DecryptNotes) {
+  };
+
+  rpc ScanAndMarkNoteByIvk (IvkDecryptAndMarkParameters) returns (DecryptNotesMarked) {
+  };
+
+  rpc ScanNoteByOvk (OvkDecryptParameters) returns (DecryptNotes) {
+  };
+
+  rpc GetSpendingKey (EmptyMessage) returns (BytesMessage) {
+  }
+
+  rpc GetExpandedSpendingKey (BytesMessage) returns (ExpandedSpendingKeyMessage) {
+  }
+
+  rpc GetAkFromAsk (BytesMessage) returns (BytesMessage) {
+  }
+
+  rpc GetNkFromNsk (BytesMessage) returns (BytesMessage) {
+  }
+
+  rpc GetIncomingViewingKey (ViewingKeyMessage) returns (IncomingViewingKeyMessage) {
+  }
+
+  rpc GetDiversifier (EmptyMessage) returns (DiversifierMessage) {
+  }
+
+  rpc GetZenPaymentAddress (IncomingViewingKeyDiversifierMessage) returns (PaymentAddressMessage) {
+  }
+
+  rpc GetRcm (EmptyMessage) returns (BytesMessage) {
+  }
+
+  rpc IsSpend (NoteParameters) returns (SpendResult) {
+  }
+
+  rpc CreateShieldedTransactionWithoutSpendAuthSig (PrivateParametersWithoutAsk) returns (TransactionExtention) {
+  };
+
+  rpc GetShieldTransactionHash (Transaction) returns (BytesMessage) {
+  };
+
+  rpc CreateSpendAuthSig (SpendAuthSigParameters) returns (BytesMessage) {
+  };
+
+  rpc CreateShieldNullifier (NfParameters) returns (BytesMessage) {
+  };
+  // end for shiededTransaction
+};
 
 service WalletSolidity {
 
@@ -761,6 +816,21 @@ service WalletSolidity {
       }
     };
   }
+
+  rpc GetMerkleTreeVoucherInfo (OutputPointInfo) returns (IncrementalMerkleVoucherInfo) {
+  }
+
+  rpc ScanNoteByIvk (IvkDecryptParameters) returns (DecryptNotes) {
+  }
+
+  rpc ScanAndMarkNoteByIvk (IvkDecryptAndMarkParameters) returns (DecryptNotesMarked) {
+  }
+
+  rpc ScanNoteByOvk (OvkDecryptParameters) returns (DecryptNotes) {
+  }
+
+  rpc IsSpend (NoteParameters) returns (SpendResult) {
+  }
 };
 
 service WalletExtension {
@@ -1006,6 +1076,11 @@ message TransactionListExtention {
   repeated TransactionExtention transaction = 1;
 }
 
+message BlockIncrementalMerkleTree {
+  int64 number = 1;
+  IncrementalMerkleTree merkleTree = 2;
+}
+
 message TransactionSignWeight {
   message Result {
     enum response_code {
@@ -1042,4 +1117,141 @@ message TransactionApprovedList {
   repeated bytes approved_list = 2;
   Result result = 4;
   TransactionExtention transaction = 5;
-}
\ No newline at end of file
+}
+
+message IvkDecryptParameters {
+  int64 start_block_index = 1;
+  int64 end_block_index = 2;
+  bytes ivk = 3;
+}
+
+message IvkDecryptAndMarkParameters {
+  int64 start_block_index = 1;
+  int64 end_block_index = 2;
+  bytes ivk = 5;
+  bytes ak = 3;
+  bytes nk = 4;
+}
+
+message OvkDecryptParameters {
+  int64 start_block_index = 1;
+  int64 end_block_index = 2;
+  bytes ovk = 3;
+}
+
+message DecryptNotes {
+  message NoteTx {
+    Note note = 1;
+    bytes txid = 2; //transaction id =  sha256(transaction.rowdata)
+    int32 index = 3; //the index of note in receive
+  }
+  repeated NoteTx noteTxs = 1;
+}
+
+message DecryptNotesMarked {
+  message NoteTx {
+    Note note = 1;
+    bytes txid = 2; //transaction id =  sha256(transaction.rowdata)
+    int32 index = 3; //the index of note in receive
+    bool is_spend = 4;
+  }
+  repeated NoteTx noteTxs = 1;
+}
+
+message Note {
+  int64 value = 1;
+  string payment_address = 2;
+  bytes rcm = 3; // random 32
+  bytes memo = 4;
+}
+
+message SpendNote {
+  Note note = 3;
+  bytes alpha = 4; // random number for spend authority signature
+  IncrementalMerkleVoucher voucher = 5;
+  bytes path = 6; // path for cm from leaf to root in merkle tree
+}
+
+message ReceiveNote {
+  Note note = 1;
+}
+
+message PrivateParameters {
+  bytes transparent_from_address = 1;
+  bytes ask = 2;
+  bytes nsk = 3;
+  bytes ovk = 4;
+  int64 from_amount = 5;
+  repeated SpendNote shielded_spends = 6;
+  repeated ReceiveNote shielded_receives = 7;
+  bytes transparent_to_address = 8;
+  int64 to_amount = 9;
+}
+
+message PrivateParametersWithoutAsk {
+  bytes transparent_from_address = 1;
+  bytes ak = 2;
+  bytes nsk = 3;
+  bytes ovk = 4;
+  int64 from_amount = 5;
+  repeated SpendNote shielded_spends = 6;
+  repeated ReceiveNote shielded_receives = 7;
+  bytes transparent_to_address = 8;
+  int64 to_amount = 9;
+}
+
+message SpendAuthSigParameters {
+  bytes ask = 1;
+  bytes tx_hash = 2;
+  bytes alpha = 3;
+}
+
+message NfParameters {
+  Note note = 1;
+  IncrementalMerkleVoucher voucher = 2;
+  bytes ak = 3;
+  bytes nk = 4;
+}
+
+message ExpandedSpendingKeyMessage {
+  bytes ask = 1;
+  bytes nsk = 2;
+  bytes ovk = 3;
+}
+
+message ViewingKeyMessage {
+  bytes ak = 1;
+  bytes nk = 2;
+}
+
+message IncomingViewingKeyMessage {
+  bytes ivk = 1;
+}
+
+message DiversifierMessage {
+  bytes d = 1;
+}
+
+message IncomingViewingKeyDiversifierMessage {
+  IncomingViewingKeyMessage ivk = 1;
+  DiversifierMessage d = 2;
+}
+
+message PaymentAddressMessage {
+  DiversifierMessage d = 1;
+  bytes pkD = 2;
+  string payment_address = 3;
+}
+
+message NoteParameters {
+  bytes ak = 1;
+  bytes nk = 2;
+  Note note = 3;
+  bytes txid = 4;
+  int32 index = 5;
+}
+
+message SpendResult {
+  bool result = 1;
+  string message = 2;
+}
diff --git a/api/zksnark.proto b/api/zksnark.proto
new file mode 100644
index 000000000..66538d6ad
--- /dev/null
+++ b/api/zksnark.proto
@@ -0,0 +1,34 @@
+syntax = "proto3";
+package protocol;
+
+import "core/Tron.proto";
+import "core/Contract.proto";
+
+option java_package = "org.tron.api"; //Specify the name of the package that generated the Java file
+option java_outer_classname = "ZksnarkGrpcAPI"; //Specify the class name of the generated Java file
+option go_package = "github.com/tronprotocol/grpc-gateway/api";
+
+service TronZksnark {
+  rpc CheckZksnarkProof (ZksnarkRequest) returns (ZksnarkResponse) {
+  }
+};
+
+message ZksnarkRequest {
+    Transaction transaction = 1;
+    bytes sighash = 2;
+    int64 valueBalance = 3;
+    string txId = 4;
+}
+
+message ZksnarkResponse {
+    enum Code {
+        SUCCESS = 0;
+        FAILED = 1;
+    }
+
+    Code code = 1;
+}
+
+
+
+
diff --git a/core/Contract.proto b/core/Contract.proto
index e9a662390..bf8023c85 100644
--- a/core/Contract.proto
+++ b/core/Contract.proto
@@ -47,6 +47,12 @@ message TransferContract {
   int64 amount = 3;
 }
 
+
+message ShieldAddress {
+  bytes private_address = 1;
+  bytes public_address = 2;
+}
+
 message TransferAssetContract {
   bytes asset_name = 1; // this field is token name before the proposal ALLOW_SAME_TOKEN_NAME is active, otherwise it is token id and token is should be in string format.
   bytes owner_address = 2;
@@ -250,7 +256,82 @@ message ExchangeTransactionContract {
 
 message AccountPermissionUpdateContract {
   bytes owner_address = 1;
-  Permission owner = 2;  //Empty is invalidate
-  Permission witness = 3;//Can be empty
-  repeated Permission actives = 4;//Empty is invalidate
-}
\ No newline at end of file
+  Permission owner = 2; //Empty is invalidate
+  Permission witness = 3; //Can be empty
+  repeated Permission actives = 4; //Empty is invalidate
+}
+
+// for shielded transaction
+
+message AuthenticationPath {
+  repeated bool value = 1;
+}
+
+message MerklePath {
+  repeated AuthenticationPath authentication_paths = 1;
+  repeated bool index = 2;
+  bytes rt = 3;
+}
+
+message OutputPoint {
+  bytes hash = 1;
+  int32 index = 2;
+}
+
+message OutputPointInfo {
+  repeated OutputPoint out_points = 1;
+  int32 block_num = 2;
+}
+
+message PedersenHash {
+  bytes content = 1;
+}
+
+message IncrementalMerkleTree {
+  PedersenHash left = 1;
+  PedersenHash right = 2;
+  repeated PedersenHash parents = 3;
+}
+
+message IncrementalMerkleVoucher {
+  IncrementalMerkleTree tree = 1;
+  repeated PedersenHash filled = 2;
+  IncrementalMerkleTree cursor = 3;
+  int64 cursor_depth = 4;
+  bytes rt = 5;
+  OutputPoint output_point = 10;
+}
+
+message IncrementalMerkleVoucherInfo {
+  repeated IncrementalMerkleVoucher vouchers = 1;
+  repeated bytes paths = 2;
+}
+
+message SpendDescription {
+  bytes value_commitment = 1;
+  bytes anchor = 2; // merkle root
+  bytes nullifier = 3; // used for check double spend
+  bytes rk = 4; // used for check spend authority signature
+  bytes zkproof = 5;
+  bytes spend_authority_signature = 6;
+}
+
+message ReceiveDescription {
+  bytes value_commitment = 1;
+  bytes note_commitment = 2;
+  bytes epk = 3; // for Encryption
+  bytes c_enc = 4; // Encryption for incoming, decrypt it with ivk
+  bytes c_out = 5; // Encryption for audit, decrypt it with ovk
+  bytes zkproof = 6;
+}
+
+message ShieldedTransferContract {
+  bytes transparent_from_address = 1; // transparent address
+  int64 from_amount = 2;
+  repeated SpendDescription spend_description = 3;
+  repeated ReceiveDescription receive_description = 4;
+  bytes binding_signature = 5;
+  bytes transparent_to_address = 6; // transparent address
+  int64 to_amount = 7; // the amount to transparent to_address
+}
+// end shielded transaction
diff --git a/core/Tron.proto b/core/Tron.proto
index 9e16c098d..a60ef718d 100644
--- a/core/Tron.proto
+++ b/core/Tron.proto
@@ -177,11 +177,11 @@ message Permission {
     Active = 2;
   }
   PermissionType type = 1;
-  int32 id = 2;     //Owner id=0, Witness id=1, Active id start by 2
+  int32 id = 2; //Owner id=0, Witness id=1, Active id start by 2
   string permission_name = 3;
   int64 threshold = 4;
   int32 parent_id = 5;
-  bytes operations = 6;   //1 bit 1 contract
+  bytes operations = 6; //1 bit 1 contract
   repeated Key keys = 7;
 }
 
@@ -273,6 +273,7 @@ message Transaction {
       UpdateEnergyLimitContract = 45;
       AccountPermissionUpdateContract = 46;
       ClearABIContract = 48;
+      ShieldedTransferContract = 51;
     }
     ContractType type = 1;
     google.protobuf.Any parameter = 2;
@@ -314,6 +315,7 @@ message Transaction {
     int64 exchange_inject_another_amount = 19;
     int64 exchange_withdraw_another_amount = 20;
     int64 exchange_id = 21;
+    int64 shielded_transaction_fee = 22;
   }
 
   message raw {
@@ -367,6 +369,7 @@ message TransactionInfo {
   int64 exchange_inject_another_amount = 19;
   int64 exchange_withdraw_another_amount = 20;
   int64 exchange_id = 21;
+  int64 shielded_transaction_fee = 22;
 }
 
 message TransactionRet {