Tornado Cash: The Holy Grail of On-Chain Privacy
X-Order is an investment and research organization dedicated to the study of value capture in open finance. We strive to be a bridge between new finance and interdisciplinary fields with relation to science and research. It is founded by Tony Tao, who is also a partner at NGC Ventures.
The Internet has been around for nearly 50 years since the birth of the TCP/IP protocol in 1974. The anonymity that was once touted has been overwhelmed by the regulatory regime and infrastructure that has developed since then. The blockchain concept was first introduced in 1991, although Satoshi Nakamoto first applied blockchain technology to Bitcoin only in 2008. This happened only 13 years ago. As cryptocurrencies are gradually accepted, the regulatory infrastructure is bound to get better as well.
The privacy features described in Bitcoin: A Peer-to-Peer Electronic Cash System only guarantee that transfers on the chain can be done without a binding relationship between the user’s real identity and the address. However, as cryptocurrencies and exchanges focus increasingly more on compliance, Know Your Customer (KYC) has become essential in most cryptocurrency-to-fiat currency transactions scenarios. Further, in order to ensure the absolute security of the source of funds during cryptocurrency-to-fiat transactions, both parties to the transaction may want the counterparties involved in the transaction to use their real names.
As a result, the privacy characteristics of cryptocurrencies are disintegrating.
At the same time, KYC data stored in cryptocurrency exchanges has increased exponentially, while data security solutions have not evolved in a timely manner. The high unit value of KYC data has become one of the main targets for hackers, and user data has been leaked to varying degrees on many exchanges. As a result, privacy features become a missing but important piece in the world of cryptocurrencies.
In the past, Monero ($XMR) and other public-chain solutions have tried to solve this problem. However, since the boom of Decentralized Finance (DeFi), smart contracts have become a necessity in the cryptocurrency world, and EVM has become a standard feature of mainstream public chains. With the emphasis on privacy characteristics, public chains such as Monero cannot execute smart contracts, hence their usage scenarios are limited. In addition, due to its extreme lack of security and compliance design (IRS offers $625,000 reward for cracking Monero), exchanges such as Coinbase are unable to list Monero as it fails to meet their compliance requirements. Therefore, its circulation is also restricted.
As a public chain with the most complete DeFi ecosystem, Ethereum has traceable links for asset transfers between addresses. This completely fulfills the privacy characteristics of cryptocurrencies and thus makes any collusion between addresses visible.
Therefore, a project based on Ethereum (or other public chains capable of running smart contracts) with privacy transaction features became an immediate need in the market, and Tornado Cash was born.
Tornado Cash is a privacy transaction middleware implemented on Ethereum based on zero-knowledge proofs. It uses zk-SNARK (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) and can send ETH and ERC20 tokens (currently supporting DAI, cDAI, USDC, USDT, WBTC) in an untraceable manner to any address.
In terms of the user experience, it requires the user to deposit cryptocurrency into a privacy pool and obtain a deposit note, which can be used to withdraw the previously deposited amount to any address in the future. Since the data embedded in the transaction at the time of deposit and withdrawal does not contain the note itself, it ensures that the two transfers of funds are completely independent of each other. Moreover, thanks to the relay service, the Ethereum address at the time of withdrawal does not even need to have the ETH to pay for the transfer, i.e., it is possible to withdraw to a completely blank address.
According to Dune Analytics, Tornado Cash currently has 156,000 ETH and $165 million in its pool of blended coins, having the largest pool of private assets on the blockchain. Currently, over 12,000 unique addresses have executed approximately 48,000 deposits into the protocol, and over 17,000 unique addresses have withdrawn money from the protocol, paying a total of over $2 million in relay fees.
Privacy transactions are an indispensable piece of the puzzle in the cryptocurrency world. While not all users are willing to expose the source and destination of their funds during transfers, the nature of blockchain leads to complete exposure of any collusion between accounts. Tornado Cash, an optional privacy component for users transferring funds on Ethereum, solves the problem in the most decent way. A few examples to better illustrate the use cases of Tornado Cash are as follows:
- Private transfer of assets between addresses;
- Generate transaction reports with the note for the legitimacy of asset source transfers (including deposit address, amount, and the date and withdrawal address, amount, and date); and
- When conducting cryptocurrency-to-fiat currency transactions, the KYC process during the transaction is avoided by trading the deposit note (not the cryptocurrency itself) to maximize the protection of personal privacy.
Privacy-Preserving Public Chain
Monero and Zcash are two major players in the privacy coin space:
- Monero uses Stealth Address and Ring Confidential Transactions (RingCT) technology to balance anonymity and transfer efficiency.
- Zcash is the first cryptocurrency to use zk-SNARK (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge). Tornado Cash employs this same technology as a security guarantee for privacy transactions.
However, privacy-preserving public chains share the same problem of not being able to support smart contracts while guaranteeing privacy transactions.
- Oasis Labs’ Ekiden attempted this, but due to the product’s temporary immaturity and lack of sufficient developer support, we think it will be difficult to make a strong impact for at least some time.
- Secret Network is also designing privacy calculations within general-purpose smart contracts, however, only on-chain exchanges have been released and there is a lack of liquidity within the house. At the same time, Secret Network needs to be developed using Rust, however, the Rust developer community is currently very small and mainly concentrated in the Polkadot ecosystem.
At the same time, all public chains with privacy features have compliance issues. If on-chain transactions are guaranteed to be completely anonymous, liquidity and trading volume may become increasingly tight under the future trend of heightened compliance.
Ethereum Virtual Machine (EVM) Privacy Solution
There are fewer privacy transaction projects based on Ethereum Virtual Machine (EVM), and there exist 3 competing products of Tornado Cash, namely Typhoon Cash, Typhoon Network, and Cyclone. All of them are developed based on Tornado Cash’s codebase with the relay service being provided entirely by the team — this lends itself to a very high risk of a single point of failure.
- Typhoon Cash is a project endorsed by Jeffrey Huang, set up on Ethereum, reusing most of the code base of Tornado Cash. It has a total locked value of only tens of thousands of dollars — the last deposit occurred 3 months ago;
- Typhoon Network is set up on the Binance Smart Chain (BSC), reuses most of the code of Tornado Cash. It has a total locked value of just under $40,000; and
- Cyclone is developed on the basis of Tornado Cash, deployed on Ethereum, Binance Smart Chain, and IoTeX. Further, it requires additional on-chain base currencies (such as ETH, BNB, and IOTX) and governance tokens CYC to complete deposits. It also requires users to pay anonymous pool fees and relay fees using CYC.
It is obvious that the competitors of Tornado Cash have a highly centralized product under the banner of decentralized privacy middleware. Also, the total locked value of the above projects, shows that Tornado Cash has an absolute advantage and financial support.
In summary, Tornado Cash has no strong and original competitor for the time being.
On December 18, 2020, Tornado Cash released $TORN as the governance token for Tornado Cash, with specific rules available here.
The token distribution ratio and release rules are shown in the following figures:
1inch and Tornado Cash community have proposed and provided liquidity mining rewards to attract users to provide liquidity in $TORN-$ETH trading pairs. Currently, the provision of $TORN-$ETH liquidity on 1inch is able to earn 80% annualized return on $1INCH tokens, and the official liquidity reward pool is able to earn 266% annualized return on $TORN tokens.
Since the liquidity mining rewards were approved by the community voting proposal without a front-end setup, the mining portal is hosted on other products (such as vfat), fully reflecting the spirit of community autonomy.
$TORN has governance capabilities that surpass those of other governance tokens. Since its inception, Tornado Cash had the aim to be completely autonomous by the community. From late May 2020, all tornado.cash contracts are immutable and unstoppable, which means the community has the decision on whether or not to use their tools. In December 2020, the governance token was released with a governance contract, and all future governance proposals can only be initiated and executed through a governance contract.
In traditional projects, governance and development are separate efforts. Any individual or organization can initiate a proposal that users can vote on, which then goes into subsequent development. The proposal’s go-live and deployment remain in the hands of the team controlling the private key.
Unlike traditional projects, users of Tornado Cash are required to provide a complete solution when they initiate a proposal, and all proposals need to be developed in advance by the proposer and deployed on the blockchain in the form of a smart contract for all to audit. In order to initiate a proposal in the governance contract, the initiator needs to have more than 1000 $TORN and point the proposal to the developed smart contract deployed on the blockchain in the governance contract. If the proposal is voted by enough $TORN tokens, anyone can call the execute() method to delegate call the executeProposal() function in the proposal to make it online, and no additional private key signature is required to complete the rest of the contract deployment, token distribution, and other processes.
As a result, Tornado Cash may be the only project to achieve fully decentralized governance and development at this time.
Currently, the community is discussing the possibility of staking $TORN to register a relay node. This indicates that $TORN holders will be able to support further decentralization of the project by deploying relay nodes and gain revenue in the future.
Meanwhile, the community is also debating the support of the pool of algorithmic stablecoin Frax, with the view that the privacy component and the decentralized stablecoin should complement each other. There have also been calls for the project to undertake multi-chain (Binance Smart Chain, Solana, etc.) deployments, but few have responded.
Tornado Cash achieves privacy for on-chain transactions at the contract level, however, privacy for on-chain transactions is not all that Tornado Cash has to offer.
- To prevent problems such as server dropouts, website inaccessible in some area, and some users not wanting to expose their access records to Internet Service Providers (ISPs), Tornado Cash deploys an IPFS version of its front-end, and also provides a full set of front-end source code on GitHub for users to deploy on their own;
- When using the relay service, users will make requests directly to the relay node, and thus may expose their IP addresses. Therefore, Tornado Cash recommends all users initiate requests to the relay node via VPN to protect their IP from being leaked. In addition, it also provides a version of Tornado Cash based on the Tor Project, and there are also relay providers that offer a Tor version of the relay service. Further, all network requests are forwarded through multiple forwards to ensure absolute security; and
- To avoid time correlation of access transactions, it also officially recommended that withdrawals be made 24 hours after the deposit is made or after 12 or more other deposits have entered.
Therefore, Tornado Cash is able to achieve anonymity as well as stable access for users to the web front-end, relay service, and contract side. As the number of relay service providers continues to increase, the stability of the Tornado Cash service will be further enhanced.
Despite the huge potential and market size of Tornado Cash as the only currently available middleware for privacy transactions on Ethereum, it faces compliance risks that far exceed those of other projects.
Roman Storm of Tornado Cash has previously stated that Tornado Cash is currently autonomous and not controlled by developers. However, to meet compliance requirements, Tornado Cash v2 provides the entrance to generate reports with the note on the legality of the transaction, which will reveal deposit address, amount, and date and withdrawal address, amount, and date. However, Coinbase, which has a stricter compliance review, has also frozen a dozen accounts topped up from Ethereum wallets that interacted with Tornado Cash.
For Tornado Cash, ensuring compliance and privacy at the same time is the most important issue to consider at the moment.
As the largest privacy transaction middleware on Ethereum, Tornado Cash’s developers do not hold administrator rights to the project and insist on enforcing community autonomy. On one hand, this protects the security of the original team and allows the project to be fully decentralized in governance and development; on the other hand, it enables it to grow in the long run.
We believe that with the increased compliance of cryptocurrencies and exchanges, as well as the gradual improvement of the regulatory system and supporting infrastructure; privacy transactions will receive more and more attention. As the most complete public chain in the ecology, on-chain privacy transactions are bound to become one of the popular tracks.
At that time, Tornado Cash will become an important part of the privacy transaction ecology, which not only provides privacy transaction services directly to users but also becomes the underlying asset of other privacy components.
$TORN, as the governance token of Tornado Cash, has a good prospect given its stronger governance ability and control over the protocol than other governance tokens. In the future, there may also be dividends expectation with the addition of the node campaign.