Developers of Ethereum Privacy Tool Tornado Cash Smash Their Keys
Tornado Cash, a privacy tool for obfuscating the history of Ether (ETH) transactions, completed a cryptographic process known as a trusted setup ceremony on May 10 followed by a contract update on Monday to create perpetually self-executing code.
“With a record 1,114 contributions this was by far the largest Trusted Setup Ceremony to date,” Tornado Cash wrote in a May 13 blog post. “By comparison, all other trusted setup ceremonies had less than 200 participants.”
The ceremony, relying on a cryptographic method known as multi-party computation (MPC), makes Tornado Cash “completely trustless and unstoppable,” co-founder Roman Storm said in an interview with CoinDesk.
Read more: MPC Explained: The Bold New Vision for Securing Crypto Money
Tornado Cash v1 first launched in August 2019, but remained an audited “experimental software” because the developers retained control over user funds through a multi-sig wallet.
With v2, all that is gone. The MPC and Monday’s contract update effectively break up the developer key by creating a crowdsourced smart contract without a private key.
Techwise, Tornado Cash leans on zero-knowledge proofs (ZKP), or mathematical evidence that a transaction occurred without revealing the information within the payment itself.
Tornado Cash joins two other ZKP-based Ethereum systems, Aztec and EY’s Nightfall. As reported by CoinDesk, privacy protocol Aztec launched a network on Ethereum for digital assets, beginning with dai, while EY also released a business-focused privacy solution for Ethereum transactions in October 2018.
Read more: Zcash Alliance Aims to Bring Privacy Tech to Bitcoin, Cosmos and Ethereum
Tornado Cash is more readily compared to existing coin mixers on Bitcoin (BTC) because of its retail focus. CoinJoin developers Samourai and Wasabi have brought mixing to retail bitcoin investors, with Samourai available on Google Play as of February (a feature coming in Tornado Cash’s v3, Storm said).
Of course, there are other cryptocurrencies that only focus on privacy solutions, led by zcash (ZEC) and monero (XMR). The Electric Coin Company (ECC), a for-profit firm behind zcash’s development, is currently working on a bridge between itself and the Ethereum blockchain for enabling private transactions.
Just how private?
For Tornado Cash, two questions remain: How many people will use it and how will regulators view it.
To the first, Samourai adoption after its mobile launch gives a positive signal. Bitcoin podcaster Matt Odell told CoinDesk that the number of mixings on Samourai doubled month-over-month following the addition of mobile support.
That said, bitcoin is often presented as a self-sovereign money alternative while ether’s prevailing use case has fluctuated.
Defining what ether is matters, particularly for Tornado Cash. The efficacy of a privacy protocol – from Zcash to Wasabi – is dependent on the number of users, called the anonymity set. Think of a ballpark crowd: If the stands are full of fans, it’s hard to pick out a singular person in the upper deck. Conversely, an empty stadium only helps frame the lone fanatic.
Maddie Kennedy, spokesperson for blockchain analytics firm Chainalysis, said Tornado Cash may not be the solution privacy-focused users may think it is. “While mixers, CoinJoins, and solutions like Tornado Cash can make tracing funds more difficult, Chainalysis can often still follow funds through them,” Kennedy told CoinDesk in an email.
That sentiment was echoed by former bitcoin core contributor Gavin Andresen in a November blog post on Tornado Cash, highlighting additional measures such as IP-address masking that most users don’t consider.
“I won’t be surprised if there is a paper at the Financial Cryptography 2023 conference showing that 85% of tornado usage was not private; not because the cryptography is broken, but because it is really hard for mere mortals to use something like tornado (or CoinJoin or other similar technologies) in a way that doesn’t leak information about their wallet,” Andresen wrote.
There’s also compliance concerns, with the verdict still out on whether mixers are money transmitters or not.
In an email, the Financial Crimes Enforcement Network (FinCEN) told CoinDesk that mixers such as Tornado Cash could fall under the definition of a money transmitter, and therefore have “obligations” set by the Bank Secrecy Act (BSA).
For his park, Tornado Cash’s Storm said that now that the trusted setup has occurred, little can be pinned on the developers: self-executing code is self-executing code.
Read more: Binance Blockade of Wasabi Wallet Could Point to a Crypto Crack-Up
That doesn’t mean Storm and co-founder Roman Semenov are wanting to venture beyond the wake. In fact, Tornado Cash included a compliance feature with v2 to counter some regulatory concerns. The new version will include a cryptographic “note” which can prove to anyone presented the transaction’s history. The feature was added in light of reports of crypto exchanges freezing accounts of users who possessed coins with mixed histories.
Storm also pointed to the ECC and Zcash Foundation’s friendly relationship with U.S. regulators despite the cryptocurrency’s focus on privacy.
“We are in a little bit of a different situation [than other mixer wallets]. I think for us it’s very important to become compliant,” Storm said. “We do what we feel is right.”
Disclosure Read More
The leader in blockchain news, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups.