Introducing Private Transactions On Ethereum NOW!

Tornado Cash
4 min readAug 6, 2019

--

By default, your entire Ethereum transaction history and balances are public. All transactions can be seen on block explorers like Etherscan. Thereby literally anyone who knows that you own a particular address can easily view your payments, trace the source of your funds, calculate your holdings, and analyze your on-chain activity.

But what if you did not want your history and balances to be publicly viewed by any Tom, Dick, or Harry? What if you wanted anonymity and privacy when it came to your transactions?

Over the years, there have been quite a number of attempts at creating private transactions on Ethereum. Some workarounds meant to obscure value flows, like using a centralized exchange wallet or a custodial mixing service, yet, introduced a high degree of counter-party and surveillance risk. In the end, these tools never achieved full privacy in the way that other privacy-focused cryptocurrencies, like Zcash, did. Zcash uses various cryptographic methods, including implementations of zero-knowledge proofs to achieve privacy functionality.

Today we are thrilled to share with you that is also possible on Ethereum. Tornado.cash — our brand new tool equipped with non-custodial technology based on strong cryptography — enables you to send Ethereum cryptocurrency with 100% anonymity!

How does Tornado.cash achieve privacy in Ethereum?

Tornado improves transaction privacy by breaking the on-chain link between the recipient and destination addresses. It uses a smart contract that accepts ETH deposits that can be withdrawn by a different address. Whenever a new address withdraws ETH, there is no way to link the withdrawal to the deposit, which makes the procedure completely private.

In other words, Tornado.cash acts as a proxy to ensure that the transaction is 100% anonymous with zkSnarks proofs.

Better yet, it is 100% non-custodial, meaning you retain full control over your deposited funds.

Deposit

To make a deposit, a user generates a secret and sends its hash (called a commitment) along with a desired deposit amount to the Tornado smart contract. The contract accepts the deposit and adds the commitment to its list of deposits.

Later, the user decides to make a withdrawal. In order to do that, the user should provide proof that he or she possesses a secret to an unspent commitment from the smart contract’s list of deposits. The zkSnark technology allows doing that without revealing which exact deposit matches the secret. The smart contract will check the proof and transfer deposited funds to the address specified for the withdrawal. An external observer will be unable to determine which deposit this withdrawal comes from.

That’s how it works. Now let us explain why the Anonymity Set so important.

Anonymity Set

Anonymity set is basically a measurement of anonymity. It shows how many deposits still await for withdrawal. In other words, how many deposits your mixed ETH value can originate from.

The chicken-or-egg problem

You may notice there are two options for withdrawal:

  • Using a wallet (Metamask, Trustwallet, etc)
  • Or via Relayer

The first method requires you to have a completely new Ethereum address with some ETH on it. This begs the question:

How to get some ETH on the address without losing anonymity?

Because usually you buy it from other people (using exchanges or not), and we want to avoid getting deanonymized, right?

That’s why you can use the Relayer feature to complete the process. All you need is to generate a new Ethereum address — the zkSnark proof and Relayer will do the rest. It will also charge you some ETH, just to cover the Ethereum network fee.

Tips to stay anonymous

  • Using Relayer or not, you still need to keep up common Internet anonymity like using vpn, proxies, Tor in order to hide the IP address you are acting from. Since you are using browser, the Incognito Tab feature is also useful. Make sure you use different ip addresses for your old and new accounts.
  • Make sure you clear your cookies for dapps before using a new address, because if a dapp sees both old and new address with the same cookies, it will know that addresses are from the same owner.
  • Wait until there are a few deposits after yours. If your deposit and withdrawal are right next to each other, the observer can guess that they might belong to the same person. We recommend waiting until there are at least 5 deposits.
  • Wait until some time has passed after your deposit. Even if there are multiple deposits after yours they all might be made by the same person that is trying to spam deposits and make user falsely believe that there is a large anonymity set. We recommend waiting at least 24h to make sure that there were deposits made by multiple people during that time.

--

--