Support Twister DRO to conduct open source research and to build useful blockchain infrastructure.
Twister DRO is the unofficial research division of Twister Cash. Twister Cash is an ambitious experiment in on-chain privacy, built on top of and expanding upon the foundational work of Tornado Cash.
- Verifiable Merkle Trees
- Hash commitment and nullifier schemes
- Groth16 trusted setup ceremonies
- Socially and cryptographically trusted anonymity airdrops
- Flashloan dynamics, including profitability and hacks
- Lending market dynamics, including liquidation mechanisms and solvency
- Privacy oriented governance mechanisms
The greater scope of interest contains our goals as they relate to the strategy and direction of Twister Cash’s development. As we attempt to build out a highly scalable token anonymizer, and as we generalize our components for more usecases, we plan to conduct open source research at the same time.
We’re making extra efforts to base our design decisions on well reasoned arguments and verifiable testing, and we think we will be more effective with public oversight and support from SCRF, which benefits users in the long run by ensuring the highest level of integrity and quality is given to the research and development of ultimately user-facing code.
One of the main goals of Smart Contract Research Forum is to bridge between two otherwise isolated areas: academia and industry. We see supporting Twister DRO as supporting a kind of hybridization of the two, and we feel that our work is in line with the goals of SCRF.
The ideal best case scenario of collaborating with Twister DRO would be standardizing a process by which independent research organizations can publicly execute on integrating cutting edge research while delivering useful products to global markets.
- Informal LaTeX research papers written for technical audiences
- Blog posts describing results in laymen’s terms
- Periodic SCRF forum posts checking in to describe progress
- GitHub repositories with implementations and code used to generate results
- Some kind of (as of yet unknown) public hosting solution for large datasets
- Acknowledgement on the https://twistercash.xyz/ website
- Acknowledgement on social media and in public channels
- Acknowledgement in papers and on any media related to papers
- Grant funding
- Access to archival nodes
- Access to compute resources
- A GitBook pro subscription for our team
- Networking with independent researchers
- Spreading awareness of future results
We would like to have an public protected shared resource for blockchain data. For example, something like flashbots-mev-inspect. Much of the related work in pulling data on liquidations and arbitrage is already done, so we can leverage and potentially build on existing solutions to focus on our specific research questions.
The Verifiable Merkle Tree is a SNARK powered merkle tree. Merkle trees provide an efficient way to prove integrity about some data, e.g. that it actually exists in the tree. However, even in blockchain environments, merkle trees have their limits.
The limits on the use of merkle trees in blockchain environments are also limits on the privacy properties that a token anonymizer can uphold.
The rate at which insertions can be computed is constrained by how many insertions will fit within the block gas limit and by how much time it takes to process blocks. The maximum rate of computing insertions gives insight into maximum market size that can be served by a token anonymizer. The maximum rate of computing insertions determines the share of blockspace that a token anonymizer will have of the blockchain where it is operating, given a desired threshold of throughput.
The maximum rate at which the anonymity set can grow will be derived from the maximum rate of computing insertions, the maximum rate of computing proofs, and the maximum rate of verifiable updates that can fit within the blockchain constraints already mentioned. An insufficient rate of growth of an anonymity set directly limits the privacy properties of the token anonymizer. The actual rate at which the anonymity set grows can be used to reason about probability of privacy on a per-withdrawal basis. Having these parameters would be useful for users to compute wait times for their expected privacy threshold.
We can compare the scalability of the VMT to the needs of a global market, e.g. by comparing to VISA transactions or some other challenging standard. We suspect that the VMT will increase the scalability of a token anonymizer in such a manner that it can be a competitively powerful tool in many fields. We can explore workarounds to limitations, for example using deterministic transaction ordering to increase scalability by allowing sequential batch updates to be computed in parallel by a distributed network of nodes.
We have built a working prototype for the VMT. The VMT is a core component of Twister Cash’s redesigned token anonymity protocol. The current implementation lowers the on-chain cost of maintaining the merkle tree by over 10x, a significant improvement. Blockchains that define fees similarly to Ethereum should expect to see similar cost savings from adopting VMTs.
The VMT implementation we’ve presented uses a merkle tree of depth
L = 20 and a batch size of
M = 10 leaves (which is where we get 10x cost reduction). We can vary both parameters, and in general higher is better in both cases, except that higher values make the computations intensive which could lead to centralization of maintainence to only powerful servers.
M = 100 could potentially scale the costs by 100x, but it might be unattainable with ordinary hardware. It would be useful to know what the largest batch size is as a function of hardware constraints.
L directly increases the maximum privacy threshold of the protocol, because that determines how many deposits can be inserted into the tree. For a tree of depth
L = 20, depositors are roughly one in a million! The ideal value of
L is 31, which could accommodate over a billion deposits. This limit is on a per-tree basis, so it isn’t a hard limit on the token anonymizer since we can just use multiple trees.
We can find some parameters that will optimize between the off-chain computational complexity and a more scalable tree size.
VISA can process ~600 million transactions a day, so that should be our impossible golden standard for a token privacy protocol, and we need to focus on the core cryptographic primitives if we want to achieve real scaling gains.
We’re not seeking investments or selling anything. Supporting Twister DRO is not the same as supporting Twister Cash. We are seeking strict non-exclusivity with any partners, institutions, or organizations that support us.
With a maximally scalable privacy solution that is integrated directly into the base layer of the chain where it operates, rather than being an isolated rollup, and being combined with a fractional algorithmic stablecoin solution such as Frax, we imagine that in the future organizations will be able to deposit collateral, mint stablecoins into a treasury, and pay employees salaries anonymously using Twister Cash, and while their funds are deposited in the anonymity pool, they generate interest that trickles back to the organization, making Twister Cash an anonymity protocol, an innovative company-wide savings account, and an organizational accounting tool that facilitates secure decentralized collaboration by providing privacy for public ledgers.
We imagine that in the future and with the proliferation of cryptocurrency payments in every day life, people will enjoy shopping for their groceries and paying in crypto without getting accosted in the parking lot because their transaction revealed an entire financial history and the current networth and income level of the shopper.
Privacy is foundational to the utility of a digital currency, and lack of privacy is a hurdle to mass adoption. Overall our work intends to illuminate how we can build neutral infrastructure that will enable token anonymizers to become a core tool that empowers decentralized organizations to safely and securely pay contributors on global scale.
We expect that updates from our end will be sporadic but significant each time. We are interested in understanding what expectations SCRF will have from us as an unofficial group of independent researchers should we be offered a grant. As far as our timeline, there may be a buffer of several weeks before we return to this research endeavor, so there’s plenty of time for discussion around this proposal.
Happy to answer any questions or to go into more detail about any of the topics presented here today.