Tornado.cash version 2 has been released
Today we are thrilled to announce the new version of Tornado.cash privacy solution. The new version contains a number of major features as well as many improvements under the hood and on the UI side.
ERC20 token support
Now Tornado supports ERC20 tokens. The first token that was added to Tornado.cash is DAI.
Make sure you have the new Multicollateral DAI. Other tokens, such as USDT and USDC, are on the way. In addition, relayers now have the exchange functionality to allow users to withdraw a portion of their deposit in ETH to execute future transactions from the new address.
Higher deposit limits
We enabled higher ETH deposit amounts: 1 ETH and 10 ETH.
Withdrawals are now much cheaper
Thanks to the recent Istanbul fork (more specifically to EIP-1108) withdrawal transactions now take 300k gas instead of 750k.
Relayer contest results
To make Tornado fully decentralized, we added support for custom relayer addresses so that anyone can run a Tornado relayer. To ensure that our dApp utilizes only most reliable relayers we recently held a contest during which we stress tested their reliability and the resilience of their setup.
We are proud to announce the winners:
There was one participant who failed the test: nyuels.eth
ENS relayer addresses
Custom relayers can now deploy and specify their relayer addresses using ENS domains. To do that we utilize support for recently added TEXT records support on ENS. We resolve relayer’s address by looking at TEXT/URL record in the ENS domain which returns URL or IP address. All predefined relayers in our dApp are listed using ENS domains. We have established a convention to have dedicated subdomains for each of the networks such as
Tornado.cash protocols were audited by a group of experts from ABDK Consulting, specializing in zero knowledge, cryptography, and smart contracts.
During the audit no critical issues were found and all outstanding issues were fixed. The results can be found here:
- Cryptographic review https://tornado.cash/Tornado_cryptographic_review.pdf
- Smart contract audit https://tornado.cash/Tornado_solidity_audit.pdf
- Zk-SNARK circuits audit https://tornado.cash/Tornado_circuit_audit.pdf
Underlying circomlib dependency is currently being audited, and the team already published most of the fixes for found issues
Migration from the old version
All 0.1 ETH deposits were seamlessly migrated to the new version, both in our dApp and smart contract.
How did we do it?
The recent vulnerability discovered in part due to our continuous efforts to maintain security allowed us to hack and migrate all deposits from the vulnerable version to the new one by creating a temporary contract and migrating state and funds. However, version 2 does not contain upgradable functionality apart from verification key updates (see Trusted Setup section below).
We decided to increase the capacity of Tornado.cash smart contract from 64k to 1 million deposits by increasing the depth of our Merkle tree to 20. This resulted in higher gas costs on deposits (+200k) but ensured that the contract will not fill up too quickly.
Trusted setup plans
The current update does not yet contain the Trusted Setup MPC, but allows the update of verification keys without redeploying the smart contract. We plan to perform Trusted Setup MPC based on Perpetual Powers of Tau ceremony in the near future. Currently it contains 17 contributions, so the plan to add Trusted Setup will be performed in 2 stages:
- After Semaphore team finalizes the audit of circomlib zkSnark library, which Tornado.cash depends upon, we will hold a relatively small Phase 2 ceremony for ~10 high profile crypto community members. In addition, after uploading the keys we will create a multisig or DAO that will have control of the key update. This should give us a sufficient level of trust.
- When Perpetual Powers of Tau reaches enough contributions, which we estimate to take a few months, we will hold a larger Phase 2 ceremony with more contributors. After updating verification keys with the results, we will permanently disable the key update functionality by transferring update permission to zero address, making the contract immutable.
We would like to thank MolochDao and POA.network for believing in us and their generous support. This release concludes our work for MolochDao grant. We are proud to announce that in many regards our team delivered more than we committed to on the original proposal.
This dApp is the perfect reminder of how relatively small grants can deliver great results and have a great impact on the entire blockchain ecosystem. We are always open to the new ideas and are ready to discuss new proposals for development and integration of Tornado.cash. As always, we strive for excellence and that requires adequate funding. Your grants and donations will enable us to do great work.