Tornado Cash is a non-custodial, brilliant contract-based mixer that allows users to obfuscate the trail of their Ethereum transactions. It achieves this by pooling deposits from multiple users and enabling withdrawals from the pool to break the link between the original sender and the recipient. The process involves three main steps:
- Deposit – Users deposit a fixed amount of Ether (ETH) or other supported tokens into the intelligent Cash Tornado contract.
- Wait – Users wait for some time to ensure their deposit is mixed with deposits from other users.
- Withdraw – Users withdraw their funds to a different address, making it difficult to trace the transaction back to the original deposit.
Now, let’s explore the critical features of Tornado Cash that make this anonymity possible.
- Smart contract-based mixing
Smart contracts are self-executing codes that automatically enforce the rules and conditions predefined within them. Tornado Cash uses smart contracts to ensure the mixing process is transparent, auditable, and tamper-proof. The Tornado Cash smart contracts are responsible for receiving deposits, managing the pool of funds, and facilitating withdrawals. Using intelligent contracts eliminates the need for a trusted third party, reducing the risk of fraud or manipulation. The open-source nature of the smart contracts allows for public scrutiny and verification, further enhancing the trustworthiness of the protocol.
- Zero-knowledge proofs
Tornado Cash leverages zero-knowledge proofs (ZKPs) to provide privacy and anonymity for users. ZKPs are a cryptographic technique that allows one party to prove to another party that a statement is true without revealing any additional information beyond the statement’s validity.
In the context of Tornado Cash, ZKPs enable users to prove that they have the right to withdraw funds from the pool without revealing which specific deposit corresponds to their withdrawal. This is achieved through “notes” cryptographic commitments representing a user’s deposit into the pool. When users want to withdraw funds, they provide a ZKP proving that they possess a valid note without revealing which note they use. This ensures the link between the deposit and withdrawal is broken, preserving the user’s anonymity.
- Fixed deposit amounts
When users deposit funds into the Tornado Cash pool, they must choose from predefined deposit amounts, such as 1 ETH, 10 ETH, or 100 ETH. This approach offers several benefits for maintaining anonymity.
- Firstly, by requiring fixed deposit amounts, Tornado Cash ensures that deposits from different users are indistinguishable. If users were allowed to deposit arbitrary quantities, it would be easier to track specific transactions based on their unique values.
- Secondly, fixed deposit amounts make it more challenging to correlate deposits and withdrawals. Users who withdraw funds from the pool receive the same amount as their initial deposit, making it difficult to determine which specific deposit the withdrawal corresponds to.
- Decentralized governance
Decentralized governance is another crucial feature of Tornado Cash founders that contributes to its security and anonymity. The protocol is governed by a decentralized autonomous organization (DAO), which consists of TORN token holders who propose and vote on protocol upgrades and changes. The decentralized governance model ensures that no single entity controls the protocol, reducing the risk of censorship or manipulation. It also promotes transparency and community participation, as users have a say in the protocol’s future development.
Furthermore, the decentralized nature of the governance aligns with the principles of anonymity and privacy. By distributing control among a wide range of stakeholders, it becomes more difficult for any single party to compromise the anonymity of users or interfere with the mixing process.