Due to the high transparency of blockchain networks, the user's transaction history is published and easily tracked. That makes the blockchain unique and stand out. However, sometimes, it is not a good choice for storing private information such as salary payments, rent, etc.  

For the security of these types of data, Tornado Cash (TORN) has provided a mixer that mixes all the transactions to cut the connection between the receiver and the sender.  

The main ideas of Tornado Cash

While Tornado Cash was developed based on open-source research by the Zcash team (a privacy coin), the protocol allows users to send ETH and ERC-20 deposits through its smart contract service. Currently, the protocol is available on five different chains, including Ethereum, BSC, Polygon, Avalanche, and Gnosis.

Tornado Cash uses smart contracts that accept token deposits from one address and enable their withdrawal from a different address. These smart contracts work as a pool that mixes all the deposit assets of the same kind.

When users deposit their assets, set at a fixed level for each time,  into the protocol, they will receive a note acting as a private key for withdrawals. In the withdrawing stage, they need to enter the receiving address, and the provided note to get their fund back.

As with other protocols, the user amount directly affects the pool size. In other words, the pool gets more funds as more users deposit money into it. However, the information about users and their money is not totally public given that while using the Tornado Cash services, users must adhere to some fundamental guidelines, such as:

  • Using a relayer to pay the withdrawal gas fee
  • Allowing time-lapse between the depositing & the withdrawing
  • Mixing its funds with the crowd by waiting for several transactions before recovering its assets.

Zk-SNARK application

Tornado Cash uses Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (also called zk-SNARK) to verify & allow transactions. In this case, there are two parties involved:

  • The Prover - who seeks to prove
  • The Verifier - who determines the correctness of the proof.

When a user deposits their assets, the browser will generate a secret number and send a hash (called commitment) along with the assets into the smart contract. The smart contract then adds the funds to its deposits list, and when users want to make a withdrawal, they have to provide the corresponding secret of the deposit. That is where zkSNARK proves its value. With zkSNARK, the provers can prove they know the secret number without revealing it. The whole process is executed on the blockchain so that anyone can track the entire process. If the Prover shows the secret number, other people will know who the sender is—in this case, making the transaction no longer anonymous.

How to use Tornado Cash?

In this part, I will walk you through 2 basic actions in Tornado Cash: Depositing and Withdrawing.

Depositing

First, you need to choose the token and the amount that you want to deposit.

The interface of Tornado that require users to enter the token type and amount
Choose the token and the amount that you want to deposit.

After that, a pop-up will ask you to save your note. Keep in mind that you won't be able to withdraw without this note, so save it carefully.

A pop-up show note including number and text
A pop-up that shows your note

Then you will be asked to sign the transaction in the browser wallet.

The browser wallet interface with different information and two button Reject and Confirm
The requirement to sign the transaction in the browser wallet

After the transaction is mined, you will see a note at the bottom of your window containing the information about your deposit.

The deposit information including time, amount, tx hash, status, etc.
The deposit information

Withdrawing

To withdraw, you enter your note and wait for the browser to get the information of your note. After that, enter the recipient's address and click the Withdraw button.

A pop up show differents information and asks for filling recipient's address and clicking the Withdraw button.
Enter the recipient's address and click the Withdraw button.

You will have to wait for the browser to calculate your zkSNARK proof before sending it to the smart contracts to withdraw funds.

The pop-up show the confirm button to finish the withdrawing process
Confirm the withdrawal

After the proof is calculated, click confirm and wait for the transaction to be executed and finish your withdrawal.

Closing thought

Tornado Cash is a great tool to protect your privacy on blockchain, but there's still a great debate on its integrity when it is considered to be used many times to erase the trail of many hacks on the blockchain. Despite the importance of privacy, we can't let malicious actors take advantage of Tornado Cash to make it become a helpful tool for hackers to serve their harmful acts.

References

[1] Tornado Cash Documentation, accessed 9th October 2022.