Content type tag (summary, discussion)
discussion? Apparently not a direct summary of the tornado cash whitepaper.
Category
Privacy
Proposed tags
Zero knowledge, privacy, anonymity
Description of why this would be an interesting post
Tornado cash uses zk merkle tree opening/path proofs as its foundation, like zcash.
This post shall introduce tornado cash as a native way to unlink any previous transactions on Ethereum mainnet.
It can be a great way (popsci) for people to have a better understanding on how to use mixing/shielded transaction solutions correctly i.e., without voiding the security benefits that the project provided, on Blockchain.
The usage of such…I can think of one.
If your legal dept ask your ethereum address to be absolutely clean i.e., without previous transactions - because they worried that the funds that were in/out of the address could be illegal or against the tax law - you may have a slim chance to persuade your legal dept that: since any transaction out from tornadocash contract are (under certain assumptions) unlinkable to any of the input transaction, the funds are clean now.
Thanks for the thorough post idea, @Jerry_Ho. I think a summary on Tornado cash could be interesting. Mixers have been underutilized in Ethereum because of how easy it is to trace (and taint) balances under the account model.
However, there have been some promising improvements in this area. A paper came out on Research Pulse a couple of weeks ago describing an interesting non-interactive coin mixer for account-based chains: https://eprint.iacr.org/2021/327.pdf
We could follow the same approach as Plonk and write a summary citing different sources in the “background”, “key takeaways”, and “implications” sections. What do you think?
I do agree with your point: Ethereum is inferior for privacy, in a sense. (worse than UTXO model for bitcoin, for example.)
I breifly skimmed Veksel, and I think it’s a good work:
It doesn’t assume itself to be Ethereum only
No restrictions on anonymity set size
A fully? homomorphic commitment scheme, sounds fun and (cryptic to me).
That’d be a great summary to be written, but I don’t think my summary would be beneficial to the community - an ideal way would be to walkthrough the maths used in Veksel, and guide readers in the process, as Vitalik did in his (many) blog posts. This is especially good for this kind of protocol article cause people (engineers) just need a research guy to explain the math, step by styp, to them, in an implementable fashion, thus they can build a library for it.
I don’t have enough background nor knowledge doing so at the moment, but I’ll definitely find someone to do a pair reading in the future.
Meanwhile, if we were to limit the scope of the summry on “comparision of mixers on Ethereum” as a discussion post, I do have some in mind:
EY(accounting firm, the big 4), no updates recently as you can see. Could be that the projects moved to their own chain, rather than Ethereum-based with ZoKrates.
Zeropool, from ethDenver. No actual prototype at the moment. But at least they’re still there, I saw some of my EF friends following their twitter https://twitter.com/ZeroPoolNetwork
zkmoney, to be honest I can’t find shit, documentations, faqs, whitepapers, blogposts, no no thing. It seems like under rebranding, or just a small, MVP part of the whole aztec layer2 network (zkassets), for people to experience and experiment with cause the former is not online yet. This General - zk.money and this AZTEC Docs
Well so here we are, having tornado.cash as the only active and usable mixer project. (2020) No wonder I saw some ppl complaining here: Ethereum (ETH) Mixer
Honestly, I have 0 idea where to find all the living and ongoing projects of sorts(mixer/zk shielded transaction natively on Ethereum). Please kindly inform me if I did not mention some famous mixers, before I start writing and researching on the discussion post.
Mixers like tornado cash address this. I think their lack of usage is due to how expensive SNARK operations are currently on Ethereum.
A transaction fee equivalent of upwards of ~$125 to enter the mixer and a similar fee to later exit makes such transactions only palatable for large transactions.
Judging solely from the paragraph in the introduction: I’d say he has a point. It’s not even a security assumption thing - people really tend to reuse address even with deterministic generatable? wallet standard implemented.
And the paper gave a practical result on fingerprinting users with their addresses, although I haven’t check its methodology yet.
K, I think I can write this one instead, and put aside mixers/tornadocash at the moment. Will create another thread/github issue.
Just one quick question:
I’m not too familiar with the network stack of internet. While PERIMETER feels like targeting transport layer, network layer, and datalink layer attack/analysis, it seems like that “Blockchain is Watching You: Profiling and Deanonymizing Ethereum Users” is solely focusing on application layer analysis and fingerprinting (without active attack).
So there’s no need to compare the two in the incoming summary, amirite?
Broadly speaking, privacy attacks on blockchain networks tend to fall into 2 categories. “PERIMETER” is an excellent example of a transport layer attack whereas “Blockchain is Watching” provides a good background on transaction graph linkage attacks.
Covering “Blockchain is Watching” could provide a pathway for us to discuss the predominance of both attack types.
It would take a gigantic number of mixing rounds for it to become an issue if the hash function used is believed to have what is called “preimage resistance”. Here’s a good resource to learn more about it: