Tornado Cash is an innovative and effective tool for sending anonymous transactions on Ethereum. One of the most recurring clichés in cryptocurrency concerns anonymity. Are transactions really anonymous?
Publications that are not part of the industry and that occasionally discuss a rather complex topic usually talk about the anonymity of cryptocurrencies. The concept of anonymity is seen as negative. They easily associate blockchain systems with evasion, illegal activities and terrorist financing.
Is Cryptocurrency really Anonymous?
The truth is that cryptocurrencies, such as bitcoin and ether, are not anonymous. It is more correct to talk about pseudo-anonymity. On the one hand, it is true that the so-called “addresses” do not have personal details. They are only an alphanumeric string to which the identity of its user is not registered.
On the other hand, however, the blockchain is public. It is a ledger that can be consulted by anyone, and at any time, through a simple “block explorer” such as Etherscan. Therefore, since the blockchain is totally transparent, it means that it is possible to “spy” on all movements made from (and to) an address to which an upstream identity has been linked.
Today, the vast majority of users buy cryptocurrencies through so-called “exchanges”. Almost all of these intermediaries are now required by law to identify their customers (KYC). When users buy cryptocurrencies through a broker to whom they have provided their identity, they are effectively sacrificing their privacy. Subsequent transactions on the blockchain can be traced back to them in some way. Withdrawing funds to one’s own address outside the exchange serves little or no purpose. The people running the exchange know that that address is owned by a guy with a first and last name.
Lack of privacy on the blockchain means making your spending habits, or the amounts you receive if you run a business, discoverable by anyone. The absence of privacy also compromises other aspects, such as the pursuit of business goals.
Imagine an investment fund that wants to make transactions through the blockchain. Transparency in transactions would defeat the purpose of not revealing the strategies it is undertaking. Cryptocurrencies, after all, are not really as anonymous as one might believe. The total transparency of the blockchain may be a limitation for all those activities that assume a higher or lower level of privacy.
Tornado Cash and zkSnark
Tornado Cash takes a step forward from traditional mixing services. It allows users to send ether and other tokens anonymously. It uses a non-custodial technology based on complex cryptography: zkSnark. In cryptography, zero-knowledge proofs allow the ability to prove to me that you know something, or have done something, without revealing what your secret thing is.
The importance of zero-knowledge is to ensure privacy in situations where you would otherwise have to reveal confidential information. Through zkSnark, Tornado Cash improves the privacy of transactions. It breaks the on-chain connection between the sender and destination addresses.
Tornado Cash is based on a smart contract that accepts deposits in ether or other tokens, which can later be withdrawn from a different address. When withdrawing funds from the new address, there is no way to link it to the original deposit. This privacy solution is non-custodial. The smart contract is completely trustless. It guarantees the user retains total control over the funds they have deposited.
When making a deposit, the user generates a secret and sends its hash (called a “commitment” which can be translated as an obligation to pay), along with the amount of the deposit, to Tornado Cash’s smart contract.
The smart contract accepts the deposit and adds this payment commitment to its list of deposits. It is when the user decides to withdraw the funds that the zkSnark-based technology comes into play. The user has to provide proof that they have a secret for a “commitment” (not yet spent) that is on the smart contract deposit list.
Through zkSnark technology, it is possible to prove this without revealing which exact deposit corresponds to that secret. Zero-knowledge proofs allow for evidence of knowledge of something without disclosing what the secret is.
The smart contract checks the proof and transfers the deposited funds to the specified withdrawal address. An outside observer will not be able to determine from which deposit was the withdrawal made.
In short, a great way to use ethereum but still remain anonymous!