Contents

Tornado Cash: The Holy Grail of On-Chain Privacy

Note: This article was first published by me at Token Overview in X-Order, and republished in my personal blog.

Preface

The Internet has been around for nearly 50 years since the birth of the TCP/IP protocol in 1974, and the anonymity that was once touted has been overwhelmed by the regulatory regime and infrastructure that has developed since then. The blockchain concept was first introduced in 1991, and Satoshi Nakamoto first applied blockchain technology to Bitcoin in 2008. It happens only 13 years ago. As cryptocurrencies are gradually accepted, the regulatory infrastructure is bound to get better as well.

The privacy features described in Bitcoin: A Peer-to-Peer Electronic Cash System only guarantee that transfers on the chain can be done without a binding relationship between the user’s real identity and the address. However, as cryptocurrencies and exchanges move towards compliance, Know Your Customer (KYC) has become essential in most cryptocurrency-to-fiat currency transactions scenarios. Further, in order to ensure the absolute security of the source of funds during cryptocurrency-to-fiat transactions, both parties to the transaction even want the counterparties to be involved in the transaction in their real names. As a result, the privacy characteristics of cryptocurrencies are disintegrating.

At the same time, KYC data stored in cryptocurrency exchanges has increased exponentially, while data security solutions have not evolved in a timely manner. High unit value of KYC data has become one of the main targets for hackers, and user data has been leaked to varying degrees on many exchanges. As a result, privacy features become a missing but important piece in the world of cryptocurrencies.

In the past, Monero ($XMR) and other public-chain solutions have tried to solve this problem. However, since the boom of Decentralized Finance (DeFi), smart contracts have become a necessity in the cryptocurrency world, and EVM has become a standard feature of mainstream public chains. In order to take the privacy characteristics into account, public chains such as Monero cannot execute smart contracts, so that their usage scenarios are limited. In addition, due to its extreme security and lack of compliance design (IRS offers $625,000 reward for cracking Monero), exchanges such as Coinbase are unable to list Monero to meet compliance requirements. Therefore, its circulation is also restricted.

As a public chain with the most complete DeFi ecosystem, Ethereum has traceable links for asset transfers between addresses, which completely erases the privacy characteristics of cryptocurrencies and makes the collusion between addresses visible.

Therefore, a project based on Ethereum (or other public chains capable of running smart contracts) with privacy transaction features became an immediate need in the market, and Tornado Cash was born.

Project Overview

Tornado Cash is a privacy transaction middleware implemented on Ethereum based on zero-knowledge proofs. It uses zk-SNARK (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) and can send ETH and ERC20 tokens (currently supporting DAI, cDAI, USDC, USDT, WBTC) in an untraceable manner to any address.

To talk about the user experience, it requires the user to deposit cryptocurrency into a privacy pool and obtain a deposit note, which can be used to withdraw the previously deposited to any address in the future. Since the data inbeded in the transaction at the time of deposit and withdrawal does not contain the note itself, it ensures that the two transfers of funds are completely independent of each other. Moreover, thanks to the relay service, the Ethereum address at the time of withdrawal does not even need to have the ETH to pay for the transfer, i.e., it is possible to withdraw to a completely blank address.

According to Dune Analytics, Tornado Cash currently has 156,000 ETH and $165 million in its pool of blended coins, having the largest pool of private assets on the blockchain. Currently, over 12,000 unique addresses have executed approximately 48,000 deposits into the protocol, and over 17,000 unique addresses have withdrawn money from the protocol, paying a total of over $2 million in relay fees to the relay service.

Market Opportunity

Privacy transactions are an indispensable piece of the puzzle in the cryptocurrency world. While not all users are willing to expose the source and destination of their funds during transfers, the nature of blockchain leads to complete exposure of the collusion between accounts. Tornado Cash, an optional privacy component for users transferring funds on the Ethereum, solves the problem in the most decent way. A few examples to better illustrate the use cases of Tornado Cash are as follows.

  • Private transfer of assets between addresses,

  • Generate transaction reports with the note for the legitimacy of asset source transfers (including deposit address, amount, and date and withdrawal address, amount, and date), and

  • When conducting cryptocurrency-to-fiat currency transactions, the KYC process during the transaction is avoided by trading the deposit note (not the cryptocurrency itself) to maximize the protection of personal privacy.

Competitive Analysis

Privacy-Preserving Public Chain

Monero and Zcash are two major players in the privacy coin space.

  • Monero uses Stealth Address, Ring Confidential Transactions (RingCT) technology to balance anonymity and transfer efficiency.

  • Zcash is the first cryptocurrency to use zk-SNARK (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge). Tornado Cash employs this technology as a security guarantee for privacy transactions.

However, privacy-preserving public chains share the same problem of not being able to add support for smart contracts while guaranteeing privacy transactions.

  • Oasis Labs’ Ekiden has an attempt at this, but due to the product’s temporary immaturity and lack of sufficient developer support, we think it will be difficult to make a strong impact for some time to come.
  • Secret Network is also designing privacy calculations within general-purpose smart contracts, however, only on-chain exchanges have been released and there is a lack of liquidity within the house. At the same time, Secret Network needs to be developed using Rust, however, Rust developer community is currently very small and mainly concentrated in the Polkadot ecosystem.

At the same time, all public chains with privacy features have compliance issues. If on-chain transactions are guaranteed to be completely anonymous, liquidity and trading volume may become increasingly tight under the future trend of tightening compliance.

Ethereum Virtual Machine (EVM) Privacy Solution

There are fewer privacy transaction projects based on Ethereum Virtual Machine (EVM), and there exist 3 competing products of Tornado Cash, namely Typhoon Cash, Typhoon Network and Cyclone. All of them are developed based on Tornado Cash’s codebase.

  • Typhoon Cash is a project endorsed by Jeffrey Huang, erected on Ethereum, reusing most of the code base of Tornado Cash, with a total locked value of only tens of thousands of dollars, the last deposit occurred 3 months ago, and the relay service is entirely provided by the team, having a very strong risk of single point of failure,
  • Typhoon Network is set up on the Binance Smart Chain (BSC), reuses most of the code of Tornado Cash, has a total locked value of just under $40,000, and the relay service is entirely provided by the team, thus having a very strong risk of single point of failure, and
  • Cyclone is developed on the basis of Tornado Cash, deployed on Ethereum, Binance Smat Chian and IoTeX, and requires additional on-chain base currencies (such as ETH, BNB and IOTX) and governance tokens CYC to complete deposits, and requires users to pay anonymous pool fees and relay fees using CYC, in addition, all relay service are provided by the team, thus having a very strong single point of failure risk.

It is obvious that the competitors of Tornado Cash has a highly centralized product under the banner of decentralized privacy middleware. Also, from the total locked value of the above projects, it shows that Tornado Cash has an absolute advantage and financial support.

In summary, Tornado Cash has no strong and original competitor for the time being.

Token Economics

On December 18, 2020, Tornado Cash released $TORN as the governance token for Tornado Cash, with specific rules available in the [Medium](https://tornado-cash.medium.com/tornado-cash-governance- proposal-a55c5c7d0703).

The token distribution ratio and release rules are shown in the following figure.

https://miro.medium.com/max/2660/1*BjggJu1rN4_QOXgcLJFNEQ.png

https://miro.medium.com/max/3132/1*gmC0Jw8zr5xFvRK5zyQMyA.png

1inch and [Tornado Cash community](https://torn.community/t/ proposal-6-torn-liquidity-mining-program/765) have proposed and proceeded liquidity mining rewards to attract users to provide liquidity in $TORN-$ETH trading pairs. Currently, the provision of $TORN-$ETH liquidity on 1inch is able to earn 80% annualized return on $1INCH tokens, and the official liquidity reward pool is able to earn 266% annualized return on $TORN tokens. Since the liquidity mining rewards were approved by the community voting proposal without a front-end setup, the mining portal is hosted on other products (such as vfat), fully reflecting the spirit of community autonomy.

Community

Since the governance and iteration of Tornado Cash follow absolute decentralization, it has a good community atmosphere. In addition to the active Telegram and Discord communities, Tornado Cash’s forum already has 799 topics.

In addition, due to the nature of Tornado Cash’s pluggable privacy component, other privacy projects on Ethereum can rely on Tornado Cash’s privacy deposit pool for further exploration, such as Blank Wallet which builds a set of privacy wallets based on Tornado Cash’s privacy deposit pool for its privacy wallets.

Governance

As a governance token, $TORN has governance capabilities that surpass those of other governance tokens. Since its inception, Tornado Cash aims to be completely autonomous by the community. After May 2020, the team at Tornado Cash burned the operator right of all deposit pools and was no longer able to shut down the project operation. In December 2020, the governance token was released with a governance contract, and all future governance proposals can only be initiated and executed through governance contract.

In traditional projects, governance and development are separate efforts. Any individual or organization initiates a proposal, users vote on it, and then it goes into subsequent development. The proposal’s go-live and deployment remains in the hands of the team controlling the private key.

Unlike traditional projects, users of Tornado Cash are required to provide a complete solution when they initiate a proposal, and all proposals need to be developed in advance by the proposer and deployed on the blockchain in the form of a smart contract for all to audit. In order to initiate a proposal in the governance contract, the initiator needs to have more than 1000 $TORN and point the proposal to the developed smart contract deployed on the blockchain in the governance contract. If the proposal is voted by enough $TORN tokens, anyone can call the execute() method to delegate call the executeProposal() function in the proposal to make it online, and no additional private key signature is required to complete the rest of the contract deployment, token distribution, and other processes. As a result, Tornado Cash may be the only project to achieve fully decentralized governance and development at this time.

A total of 6 community proposals have been completed.

Proposals Proposal Dates Results
Open $TORN transfer privileges 2021/2/4 Executed
Lower the vote requirement to pass the ballot 2021/2/7 Failed
$TORN Holder Incentive 2021/3/15 Failed
Update the Merkle Tree algorithm required for mining to reduce the gas overhead 2021/3/26 Executed
Increase mining incentives for $DAI, $cDAI, $WBTC pools 2021/4/11 Executed
Increase $TORN liquidity mining rewards 2021/4/15 Executed

Currently, the community is discussing the possibility of staking $TORN for being relay node, indicating that $TORN holders will be able to support further decentralization of the project by deploying relay nodes and gain revenue in the future. Meanwhile, the community is also debating to support the pool of algorithmic stablecoin Frax, with the view that the privacy component and the decentralized stablecoin should complement each other. There have also been calls for the project to undertake multi-chain (Binance Smart Chain, Solana, etc.) deployments, but few have responded.

Security

Tornado Cash achieves privacy for on-chain transactions at the contract level, however, privacy for on-chain transactions is not all that Tornado Cash has to offer.

  1. To prevent problems such as server dropouts, website inaccessible in some area, and some users not wanting to expose their access records to Internet Service Providers (ISPs), Tornado Cash deploys an IPFS version of its front-end, and also provides a full set of front-end source code on GitHub for users to deploy on their own,
  2. When using the relay service, users will make requests directly to the relay node, and thus may expose their IP addresses to the relay node. Therefore, Tornado Cash recommends all users to initiate requests to the relay node via VPN to protect their IP from being leaked. In addition, it also provides a version of Tornado Cash based on Tor Project, and there are also relay providers that offer a Tor version of the relay service, and all network requests are forwarded through multiple forwards to ensure absolute security, and
  3. To avoid time correlation of access transactions, it is also officially recommended that withdrawals be made 24 hours after the deposit is made or after 12 or more other deposits have entered.

Therefore, Tornado Cash is able to achieve anonymous as well as stable access for users to the web front-end, relay service and contract side. As the number of relay service providers continues to increase, the stability of the Tornado Cash service will be further enhanced.

Compliance Risk

Despite the huge potential and market size of Tornado Cash as the only currently available middleware for privacy transactions on the Ethereum, it faces compliance risks that far exceed those of other projects.

Roman Storm of Tornado Cash has previously stated that Tornado Cash is currently autonomous and not controlled by developers.

However, to meet compliance requirements, Tornado Cash v2 provides the entrance to generate reports with the note on the legality of transaction, which will reveal deposit address, amount, and date and withdrawal address, amount, and date. However, Coinbase, which has a stricter compliance review, has also frozen a dozen of accounts topped up from Ethereum wallets which interacted with Tornado Cash.

For Tornado Cash, how to ensure compliance and privacy at the same time is the most important issue to consider at the moment.

Conclusion

As the largest privacy transaction middleware on Ethereum, Tornado Cash’s developers do not hold administrator rights to the project and insist on enforcing community autonomy, which protects the security of the original team on the one hand, and allows the project to be fully decentralized in governance and development on the other, enabling it to grow in the long run.

We believe that with the compliance of cryptocurrencies and exchanges, as well as the gradual improvement of the regulatory system and supporting infrastructure, privacy transactions will receive more and more attention. As the most complete public chain in the ecology, on-chain privacy transactions are bound to become one of the popular tracks. At that time, Tornado Cash will become an important part of the privacy transaction ecology, which can not only provide privacy transaction services directly to users, but also become the underlying asset of other privacy components. $TORN, as the governance token of Tornado Cash, has stronger governance ability and control over the protocol than other governance tokens, and in the future, there may be With the addition of the node campaign and the expectation of holding dividends, $TORN has a good prospect.