diff --git a/README.md b/README.md index c0be238..2c750ce 100644 --- a/README.md +++ b/README.md @@ -1,41 +1,15 @@ -## Requirements -1. `node v11.15.0` -2. `npm install -g npx` +# Tornado mixer -## Usage -1. `npm i` -1. `cp .env.example .env` -1. `npm run build:circuit` - may take 10 minutes or more -1. `npm run build:contract` -1. `npx ganache-cli` -1. `npm run migrate:dev` -1. `./cli.js deposit` -1. `./cli.js withdraw ` -1. `./cli.js balance ` +![mixer image](./mixer.png) -## Testing truffle -1. `npm i` -2. `npm run build:circuit` -2. `npm run build:contract` -3. `npm run test` - it may fail for the first time, just run one more time. - -## Testing js -1. `npm i` -2. `npm run build:circuit` -3. `cd scripts` -4. `node test_snark.js` - -## Deploy -1. `npx truffle migrate --network kovan --reset` - -# Specs: -- Deposit gas cost: deposit 903472 -- Withdraw gas cost: 727821 +## Specs +- Deposit gas cost: deposit 888054 +- Withdraw gas cost: 692133 - Circuit constraints: 22617 -- Circuit proving time: 8965ms -- Serverless, executed entirely in the browser +- Circuit proving time: 6116ms +- Serverless -# Security risks: +## Security risks * Cryptographic tools used by mixer (zkSNARKS, Pedersen commitment, MiMC hash) are not yet extensively audited by cryptographic experts and may be vulnerable * Note: we use MiMC hash only for merkle tree, so even if a preimage attack on MiMC is discovered, it will not allow to deanonymize users or drain mixer funds * Relayer is frontrunnable. When relayer submits a transaction someone can see it in tx pool and frontrun it with higher gas price to get the fee and drain relayer funds. @@ -48,4 +22,28 @@ spent since it has the same nullifier and it will prevent you from withdrawing y * This can be solved by storing block number for merkle root history, and only allowing to withdraw using merkle roots that are older than N ~10-20 blocks. It will slightly reduce anonymity set (by not counting users that deposited in last N blocks), but provide a safe period for mining your withdrawal transactions. +## Requirements +1. `node v11.15.0` +2. `npm install -g npx` +## Usage +1. `npm i` +1. `cp .env.example .env` +1. `npm run build:circuit` - may take 10 minutes or more +1. `npm run build:contract` +1. `npm run browserify` +1. `npm run test` - optionally run tests. It may fail for the first time, just run one more time. +1. `npx ganache-cli` +1. `npm run migrate:dev` +1. `./cli.js deposit` +1. `./cli.js withdraw ` +1. `./cli.js balance ` +1. `vi .env` - add your Kovan private key to deploy contracts +1. `npm run migrate` +1. `npx http-server` - serve current dir, you can use any other http server +1. Open `localhost:8080` + +## Credits + +Special thanks to @barryWhiteHat and @kobigurk for valuable input, +and to @jbaylina for awesome [Circom](https://github.com/iden3/circom) & [Websnark](https://github.com/iden3/websnark) framework diff --git a/cli.js b/cli.js index 9f4edbd..be4bd69 100755 --- a/cli.js +++ b/cli.js @@ -1,4 +1,5 @@ #!/usr/bin/env node +// Temporary demo client const fs = require('fs') const assert = require('assert') const snarkjs = require('snarkjs') @@ -68,8 +69,10 @@ async function withdraw(note, receiver) { } console.log('Generating SNARK proof') + console.time('Proof time') const proof = await websnarkUtils.genWitnessAndProve(groth16, input, circuit, proving_key) const { pi_a, pi_b, pi_c, publicSignals } = websnarkUtils.toSolidityInput(proof) + console.timeEnd('Proof time') console.log('Submitting withdraw transaction') await mixer.methods.withdraw(pi_a, pi_b, pi_c, publicSignals).send({ from: (await web3.eth.getAccounts())[0], gas: 1e6 }) diff --git a/index.html b/index.html index eeea218..359c20b 100644 --- a/index.html +++ b/index.html @@ -7,6 +7,7 @@

Open dev console!
+ Make sure your Metamask is unlocked and connected to Kovan (or other network you've deployed your contract to)
Deposit Withdraw

diff --git a/mixer.png b/mixer.png new file mode 100644 index 0000000..70491ff Binary files /dev/null and b/mixer.png differ diff --git a/relay/relay.js b/relay/relay.js index a30f483..dee03ac 100644 --- a/relay/relay.js +++ b/relay/relay.js @@ -1,3 +1,4 @@ +// This is still WiP const bigInt = require('snarkjs/src/bigint') const utils = require('../scripts/utils')