HomeCryptoEthereumTornado Cash and privacy in Ethereum transactions

Tornado Cash and privacy in Ethereum transactions

While with Bitcoin it is possible to increase the degree of privacy of transactions using certain measures, with Ethereum it is practically impossible without using tools such as Tornado Cash.

Privacy in payments is an issue that is about to become increasingly important in light of the changes taking place in Western societies. Governments are increasingly pushing for the use of credit cards and electronic payments in general. Cash remains the king of anonymous payments, whereas electronic payments are very easy to trace.

Ethereum, unlike Bitcoin, does not use the UTXO (Unspent Transaction Output) model, but a system similar to traditional bank accounts. In essence, each account sends and receives direct transfers of value and information with each change in the state of the Ethereum blockchain. 

This choice is due to the fact that Ethereum uses a Turing Complete language with decentralized applications that have their own status and arbitrary code. The UTXO model would severely limit the ability to execute smart contracts.

The only way currently possible to partially obscure transactions on Ethereum is to use an exchange or a traditional mixer that simply mixes the outputs of the transactions. 

Both methods, besides offering a limited degree of privacy that can be easily violated with special analysis tools, have a high counterparty risk. Both exchanges and mixers currently available work with cryptocurrency reserves held by third parties.

Tornado Cash and ZK-SNARKS

Tornado Cash is a dApp that implements zkSNARKs proofs to obscure transactions. This encryption, also used by Zcash, allows generating a proof demonstrating that the user is aware of a secret without revealing it. Thus Tornado Cash renders the links between sender and recipient of a transaction invisible. The funds are deposited on a smart contract and a note is generated that allows withdrawing the funds on a different address, without leaving any connection to the original transaction.

The dApp suggests several methods for increasing the level of privacy, and to increase trust, it automatically provides users with the IP address from which the connection is made.

With version 2 released last December, ETH, DAI, cDAI, USDC, cUSDC and USDT are now available (more ERC20 tokens will be added in the future) and, thanks to the EIP-1108 introduced with the recent Istanbul fork, the GAS required for transactions has been reduced from 750k to 300k. 

In the test we performed, the cost of GAS to make an anonymous transaction with Ethereum was $1.3, a very low value that makes anonymity available for any amount.

In addition to the fact that, as clearly stated, this is experimental software, one limitation of the dApp in question is in the amounts that must be pre-selected: for example, for ETH they are 0.1, 1, 10 and 100 ether.

The box next to the deposit field shows the level of anonymisation of each amount, i.e. with how many other transactions will the output be mixed. The highest level of privacy is achieved with 0.1 ETH, although even with 100 ETH the anonymization is supported by a pool of 40 transactions.

Tornado cash

Moreover, as one of the audits highlighted, the security of Tornado Cash’s zkSNARKs is linked to the so-called Trusted Setup generated by the developers. A malicious user in possession of the parameters used to generate this value (which may not have been destroyed by the devs) would be able to generate fictitious evidence and then withdraw the various deposits held in the smart contract. 

This problem, which afflicts most projects using zkSNARKS, has been taken into serious consideration by the team that joined the Trusted Setup “Perpetual Powers of Tau” ceremony which involved a large community of developers.

This will probably not be resolved until HALO, the revolutionary discovery of the Zcash team, gets verified by the scientific community and implemented to generate zero recursive knowledge proofs without the need for any Trusted Setup.