Tornado.cash Trusted Setup Ceremony

We are happy to announce that Tornado.cash trusted setup ceremony has been launched. We ask crypto community to help make Tornado.cash fully trustless by contributing to the ceremony.

What does it mean?

Tornado.cash utilizes zk-SNARK technology to provide anonymity for withdrawals. The zk-SNARK requires a trusted setup which is a special procedure that generates the prover and verifier keys. In order to make sure that it is done in a secure way, no one is be able to fake proofs or steal user funds it should be done in a decentralized way. To fake zk proofs, an attacker must compromise every single participant of the ceremony. Therefore, the probability of it goes down as the number of participants goes up. The purpose of the ceremony is to generate Verifier smart contract. After completion, our team will update all Verifiers in all instances and set the operator address to zero. At this point Tornado.cash smart contracts will become completely immutable and unstoppable.

How do I participate?

Simply open ceremony.tornado.cash and click on the Contribute button.
You can choose to make your contribution anonymously or Sign In with your github/twitter account to have your identity linked to it. If you would like to be part of the ceremony in the forever immutable smart contract, please contribute with your source of entropy.

If you are an advanced user you can contribute more securely by using these instructions and compiling the source code yourself. It should be fairly easy!

Security audit

The code for our Trusted Setup ceremony is being audited by NCC Group. They are the same group of folks that audited the ZCash ceremony and it is being sponsored by Moloch DAO. The audit report will be released shortly and will show that we fixed all important issues.

Why is it called Phase 2?

Trusted setup for Groth16 SNARKS is done in 2 steps. The first step is universal for all SNARKs and is called Powers of Tau. The second step is called Phase 2 and is circuit-specific, so it should be done separately for each different SNARK. Our phase 2 is based on 30th contribution to Perpetual Powers of Tau ceremony.

Is it open source?

Of course! You can find the ceremony code here and the UI source code here.

Are my private notes affected?

No! You will still keep all your deposits. The changes will only affect Verifier smart contract. The rest of the smart contracts and their state will not be changed. However, the safety and security of your deposits will automatically increase after the ceremony is finished.

When will it be finalized?

We plan to end the ceremony on May 10th 2020. If there is high demand, we will keep it open for a couple more days.

Potential UX issues

Due to the nature of MPC (multi-party computation), it behaves like mining in PoW systems. In essence, the UI has to download the latest contribution and compute your new hash based on the previous one. If someone has already submitted a new contribution during your computation, you will no longer have the latest one and the process will need to restart. Therefore, since the page expects possible failures it will try to make 3 additional attempts. This might require for you to stay on the page for a little while. Please be patient. In a rare instance, when all of the attempts were unsuccessful, please refresh the page and try again.

Acknowledgments

We’d like to thank Koh Wei Jie, Kobi Gurkan, and BarryWhiteHat for building Perpetual Powers of Tau ceremony and Moloch DAO for funding NCC group security audit of the ceremony code. Lastly, we would like to thank the entire Ethereum community for supporting us and contributing to our Gitcoin grant.