Why is Tornado Cash said to be a haven for private transactions?

It has been almost 50 years since the birth of the TCP/IP protocol in 1974. Now that the regulatory system is becoming stricter and the Internet infrastructure is increasingly complete, the anonymity that was widely publicized on the Internet is no longer vulnerable.

The blockchain is very similar to the early Internet, emphasizing privacy and anonymity. In 1991, the concept of blockchain was first proposed. In 2008, Satoshi Nakamoto applied blockchain technology to Bitcoin for the first time. It has only been 13 years since then. As cryptocurrencies are gradually recognized, the infrastructure related to their regulation will definitely become more and more perfect.

In fact, the privacy feature (Privacy) mentioned in the Bitcoin white paper can only ensure that there is no binding relationship between the user's real identity and the address to complete the transfer on the chain. However, as cryptocurrencies and exchanges gradually become compliant, identity verification (Know Your Customer, KYC) has become an essential link in most cryptocurrency-to-fiat transactions.

Furthermore, in order to ensure the absolute security of the source of funds in the process of cryptocurrency-to-fiat transactions, both parties to the transaction even hope that the other party can participate in the transaction in the form of real names. As a result, the privacy features of cryptocurrencies are gradually unraveling.

But in reality, the need for privacy in the cryptocurrency world continues to grow. The scale of KYC data stored in cryptocurrency exchanges has increased exponentially, while data security solutions have not been iterated in time. However, due to the high value of KYC data units, it has inevitably become one of the main targets of hacker attacks. So far, the user data of many exchanges have been leaked to varying degrees.

Therefore, the privacy of cryptocurrency will also become an indispensable piece of the puzzle in the encrypted world.

A number of public chains, led by Monero (XMR), have tried to solve this problem. However, since the boom of Decentralized Finance (DeFi), smart contracts have become a rigid demand in the cryptocurrency field, and EVM has therefore become the standard configuration of mainstream public chains. In order to take into account the privacy features, public chains such as Monero cannot run smart contracts, and the usage scenarios are very limited. In addition, due to the extremely high security of Monero (the US Internal Revenue Service offered a reward of $625,000 to crack Monero), in order to meet compliance requirements, exchanges such as Coinbase cannot list Monero, so its circulation is also limited.

As a public chain with the most complete DeFi ecology, Ethereum has traceable links for asset transfers between all addresses, which completely wipes out the privacy features of cryptocurrencies, and the relationship between addresses is clear at a glance.

Therefore, a project based on Ethereum (or other public chains capable of running smart contracts) with private transaction features has become a rigid demand in the market, and Tornado Cash came into being.

02 Project Overview

Tornado Cash is a privacy transaction middleware implemented on Ethereum based on zero-knowledge proofs. It uses zk-SNARK (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge) and is able to send ETH as well as ERC20 tokens (currently DAI, cDAI, USDC, USDT, WBTC) to any address in an untraceable manner.

In actual use, the user needs to deposit the cryptocurrency into the privacy pool first and obtain a deposit certificate. In the future, the user can withdraw the previously deposited cryptocurrency to any address through the deposit certificate. Since the data transferred during the generation and use of the deposit certificate does not include the certificate itself, it can be ensured that the two transfers of deposit and withdrawal are completely independent. Also, thanks to the relay service, the Ethereum address at the time of withdrawal does not even need to have ETH to pay for the transfer fee, i.e., withdrawals can be made to a completely blank address.

According to Dune Analytics, Tornado Cash's mixing pool currently has 156,000 ETH and $165 million, making it the largest private asset pool on the blockchain. Currently, more than 12,000 unique addresses have made about 48,000 deposits to the protocol, and more than 17,000 unique addresses have withdrawn from the protocol, paying a total of more than $2 million in relay fees to the relay service.

03 Market Opportunities

Private transactions are an indispensable piece of the puzzle in the cryptocurrency world. During the transfer process, not all users are willing to reveal the source and whereabouts of their funds, but the characteristics of the blockchain lead to the complete exposure of the collusion between accounts. Tornado Cash, as an optional privacy component when users transfer money on the Ethereum chain, solves the exposure of the relationship between addresses during asset transfer to the greatest extent. Here are a few examples to better illustrate the use case for Tornado Cash:

Assets are privately transferred between addresses; a report on the legal transfer of asset sources (including deposit address, amount, date and withdrawal address, amount, and date) is generated through the transfer certificate; Deposit certificates (not the cryptocurrency itself) to avoid the KYC process during the transaction process and maximize personal privacy.

04 Competitive Analysis

Private transaction public chain

Monero and Zcash are two major players in the privacy coin space.

Monero uses Stealth Address and Ring Confidential Transactions (RingCT) technologies, taking into account anonymity and transfer efficiency.

Zcash is the first cryptocurrency to use zk-SNARK (Zero-Knowledge Succinct Non-Interactive Argument of Knowledge). Tornado Cash also uses this technology as a security guarantee for private transactions.

However, the public chain of privacy coins has the same problem, that is, it is impossible to add support for smart contracts on the premise of ensuring privacy transactions. Ekiden of Oasis Labs has tried this, but due to the immaturity of the product and the lack of sufficient developer support, we think it will be difficult for it to have a strong influence in the future.

Ekiden of Oasis Labs has made an attempt in this regard, but due to the immature product and lack of sufficient developer support, we believe that it will be difficult to have a strong influence in the future; Secret Network is also designing a general-purpose smart contract. However, currently only on-chain exchanges have been released on the chain, and the liquidity in the exchanges is very scarce. At the same time, Secret Network needs to use Rust for development. However, at present, the number of Rust developers is small, and they are mainly concentrated in the Polkadot ecosystem.