Intro to Tornado Cash
- Intro article: https://tornado-cash.medium.com/introducing-private-transactions-on-ethereum-now-42ee915babe0
- Tornado Cash is a fully decentralized non-custodial protocol allowing private transactions in the crypto-space.
- As a decentralized protocol, Tornado.Cash smart contracts have been implemented within the Ethereum blockchain which makes them immutable.
- They can neither be changed or tampered with.
- Therefore, nobody - including initial developers - can modify or shut them down.
- All governance and mining smart contracts are deployed by the community in a decentralized manner.
- As a non-custodial protocol, users keep custody of their cryptocurrencies while operating Tornado.Cash.
- Indeed, at each deposit, they are provided with the private key enabling the access to the deposited funds, which gives users complete control over their assets.
How is privacy achieved?
- Tornado Cash improves transaction privacy by breaking the on-chain link between source and destination addresses.
- It uses a smart contract that accepts ETH & other tokens deposits from one address and enable their withdrawal from a different address.
- To preserve privacy, few good practices are in order, such as the use of a relayer for gas payments to withdraw funds towards an address with no pre-existing balance.
How does Tornado Cash work?
- This video explains: https://www.youtube.com/watch?v=z_cRicXX1jI
- To achieve privacy, Tornado.Cash uses smart contracts that accept tokens deposits from one address and enable their withdrawal from a different address.
- Those smart contracts work as pools that mix all deposited assets.
- Once the funds are withdrawn by a complete new address from those pools, the on-chain link between the source & the destination is broken.
- The withdrawn crypto-assets are therefore anonymized.
- While tokens are in a Tornado Cash pool, the custody remains in users’ hands.
- Users, therefore, have a complete control over their tokens.
For traditional Tornado Cash fixed amount pools:
- When a user puts funds into a pool (a.k.a. the deposit), a private note is generated.
- This private note works as a private key for the user to access those funds later.
- To withdraw them, the same user can use a different address - an old or a new one - and recover his/her funds thanks to this private key.
For Tornado Cash Nova, the new ETH pool with arbitrary amounts & shielded transfers:
- Funds are directly linked to a given wallet address. There is no private note or key. Users can access their funds by connecting to the pool with the appropriate address.
- Custody is either acquired by the act of depositing tokens into the pool or by registering to the pool & receiving shielded transfers from another address.
The strength of such a protocol comes naturally from its number of users and the size of its pool. The more users deposit into the pool the merrier. However, to preserve privacy & anonymity, the user must keep some basic rules in mind such as:
- Using a relayer to pay gas at withdrawal;
- Leaving a lapse of time between the deposit & the withdrawal action;
- Mixing its funds with the crowd by waiting for several transactions before recovering its assets.
Contribution of zk-SNARK & hashing process
- Tornado.Cash use Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (also called zk-SNARK) to verify & allow transactions.
- To process a deposit, Tornado.Cash generates a random area of bytes, computes it through the Pederson Hash (as it is friendlier with zk-SNARK), then send the token & the 20 mimc hash to the smart contract.
- The contract will then insert it into the Merkle tree.
- To process a withdrawal, the same area of bytes is split into two separate parts: the secret on one side & the nullifier on the other side.
- The nullifier is hashed.
- This nullifier is a public input that is sent on-chain to get checked with the smart contrat & the Merkle tree data. It avoids double spending for instance.
- Thanks to zk-SNARK, it is possible to prove the 20 mimc hash of the initial commitment and of the nullifier without revealing any information.
- Even if the nullifier is public, privacy is sustained as there is no way to link the hashed nullifier to the initial commitment.
- Besides, even if the information that the transaction is present in the Merkle root, the information about the exact Merkle path, thus the location of the transaction, is still kept private.
- Deposits are simple on a technological point of view, but expensive in terms of gas as they need to compute the 20 mimc hash & update the Merkle tree.
- At the opposite, the withdrawal process is complex, but cheaper as gas is only needed for the nullifier hash and the zero-knowledge proof.
Governance in Tornado Cash
Community in Tornado Cash
- In a Decentralized Autonomous Organization (DAO), significant elements such as protocol parameters & token distribution are controlled by the community through governance.
- This governance allows the community to shape & continuously improve the protocol. However, the role of a community does not stop to suggesting proposals & expressing its opinion through votes.
- The community can also actively contribute to the success and prosperity of their protocol through constructive debates, mutual help and specific actions.
- You can meet Tornado.Cash community on its very own forum & on social medias. Here are useful links to join Tornado.Cash community
Token in Tornado Cash
TORN is an ERC20-compatible token with a fixed supply that governs Tornado.Cash. TORN holders can make proposals and vote to change the protocol via governance.
TORN is not a fundraising device or investment opportunity.
Here’s how the initial distribution of TORN would break down:
- 5% (500,000 TORN): Airdrop to early users of Tornado.Cash ETH pools
- 10% (1,000,000 TORN): Anonymity mining for Tornado.Cash ETH pools, distributed linearly over 1 year
- 55% (5,500,000 TORN): DAO treasury, will be unlocked linearly over 5 years with 3 month cliff
- 30% (3,000,000 TORN): Founding developers and early supporters, will be unlocked linearly over 3 years with 1 year cliff
- Users who have believed in Tornado.Cash from early on should have a say in governing the protocol. For this reason, early adopters of the protocol did receive an airdrop of TORN.
- TORN has been airdropped to all addresses that made deposits into Tornado.Cash ETH pools before block
- TORN were airdropped in the form of a non-transferable TORN voucher (vTORN) that can be redeemed 1:1 to TORN within 1 year, from December 18, 2020, to December 18, 2021.
- TORN that aren’t redeemed will be swept into the governance contract after 1 year and become part of the DAO Treasury.
- Redeemed TORN will be available immediately.
- The airdropped amount depends on users’ deposit size and age — larger deposits and older deposits will receive more TORN. Multipliers for deposit size are logarithmic:
- So a 100 ETH deposit get twice as many tokens as a 1 ETH deposit. The multiplier allows large and small users of Tornado.Cash to both have a say in governance.
- The exact curve for the time multiplier looks like this:
- The exact airdrop formula is the following:
Deposit and Withdraw in Tornado Cash
How to stay anonymous using Tornado Cash
Deposit and Withdraw in Tornado Cash Nova