Tornado Cash, Ethereum Privacy Developers Smashes App Privacy Making It” Trustless”

Tornado Cash, Ethereum’s privacy solution based on zSNARKs improves transactional privacy by
breaking the on-chain link between the recipient and destination addresses. On May 10 th the
Ethereum based mixer completed its trusted setup ceremony, becoming “fully trustless”. This was
succeeded by a contract update on Monday.

The trusted setup ceremony is based on a subfield of cryptographic, called secure Multi-Party
Computation (MPC). MPC is a cryptographic protocol that distributes computation across multiple
parties and no individual party can see another's data. This model ensures the protection of
participants from each other.

It was by far the most attended trusted setup ceremonies with 1114 contributions. All other trusted
setup ceremonies (such as ZCashs) had less than 200 participants. Out of these 450 provided with
identity while 664 remained anonymous. 54 contributions were made during this 10-day ceremony
using Rust source code. A full list of participants can be found here.

The more the participants, the greater the security. In theory, zSNARKS based systems require
trusted setups that are open to manipulation, but to manipulate such a systems privacy one needs
to compromise all its participants. Hence a greater number of participants indicates better security.

Tornado Cash's first version clearly stated to be an experimental software due to the control
developers had over customer funds via multi-signature wallets. However, the second version
launched does not have any of these features due to the MPCs and the contract update that
followed. It breaks up the developer key via a crowdsourced smart contract without any private key.

How does it manage Private Transactions?

By default, the transactional activities of all users are public on Ethereum. Anyone can look at your
address, view your tractional history, trace your funds, and estimate your holdings. This issue has
been irradiated via Ethereum’s privacy solution Tornado Cash with powerful cryptography
techniques.

Tornado Cash uses Zero-Knowledge Proofs (ZKPs) which allows the verification that payment
transaction has occurred without actually revealing it. Users have complete control over fund
deposition. It joined two other ZKP based systems namely Ethereum systems, Aztec, and EY’s
Nightfall.

But how Private is private?

There are mixed sentiments when it comes to Tornado Cashes privacy. Bitcoin Podcaster Matt Odell
explained with an analogy to a ballpark fan crowd, if the stands are full it becomes difficult to zero in
on any of the onlookers, but if they are empty it is easy to spot an individual. The security of such a
system relies singularly on the number of users they have accumulated.

Spokesperson to Chainalysis, Maddie Kenndey also had some reservations when it came to Tornado
Cash privacy solution. She targeted that although these mixers make tacking transactions difficult,
Chainalysis has been able to follow funds and identify the transactions made accordingly.
Furthermore, there is always the question of lay humans to understand the intricacies of security
involved in Tornado. It will not be surprising that they themselves expose their wallet information
due to limited understanding.