GitBook: [#114] edited "How Does Tornado Cash Work?"

This commit is contained in:
bt11ba 2022-03-30 11:17:05 +00:00 committed by gitbook-bot
parent 35ae29226b
commit 542f8cdfd5
No known key found for this signature in database
GPG Key ID: 07D2180C7B12D0FF
4 changed files with 23 additions and 25 deletions

View File

@ -38,7 +38,7 @@ Click `Manage` -> `Lock Tab`
Approve the governance contract to transfer your TORN tokens by clicking on the `Approve` button. Once the approve is confirmed, chose the amount you want to deposit and click `Lock`. Confirm the transaction in your wallet and wait for the confirmation.
![](<../.gitbook/assets/c05e5a1813edad280544b627b24002dc8d5adcf2 (1).png>)
![](../.gitbook/assets/c05e5a1813edad280544b627b24002dc8d5adcf2.png)
Before the vote, the next crucial step is to review the proposal.\
Legitimate proposals should have a dedicated post on [Torn.community ](https://torn.community)under the category “Proposal”. The forum post will provide additional context and arguments on the proposal. Read the thread and make your own mind on the issue.
@ -77,7 +77,7 @@ You first need to lock your tokens in the governance contract. Click **`Manage`*
Approve the governance contract to transfer your TORN tokens by clicking on the **`Approve`** button. Once the approve is confirmed, chose the amount you want to delegate and click **`Lock`**. Confirm the transaction in your wallet and wait for the confirmation.
![](../.gitbook/assets/c05e5a1813edad280544b627b24002dc8d5adcf2.png)
![](<../.gitbook/assets/c05e5a1813edad280544b627b24002dc8d5adcf2 (1).png>)
The last step, is to make the actual delegation. Go again to [https://tornadocash.eth.link/governance](https://tornadocash.eth.link/governance)
@ -91,8 +91,6 @@ The totality of your locked balance will be delegated.
You can undelegate at anytime. To undelegate simply use the `Undelegate` Button in `Manage` -> `Undelegate` Tab.
_Written by_ [_@rezan_](https://torn.community/u/Rezan/summary)
_Updated by_ [_@bt11ba_](https://torn.community/u/bt11ba/)

View File

@ -1,42 +1,42 @@
# How Does Tornado Cash Work?
Before diving in tutorials explaining & easing the use of Tornado.Cash, here is an overall overview of the protocol global functioning.
Before diving into the tutorials explaining & easing the use of Tornado.Cash, here is an overall overview of the protocol's global functioning.
### Global overview of Tornado.Cash functioning
To achieve privacy, Tornado.Cash **uses smart contracts that accept tokens deposits from one address and enable their withdrawal from a different address**. Those smart contracts work as pools that mix all deposited assets.
To achieve privacy, Tornado.Cash **uses smart contracts that accept token deposits from one address and enable their withdrawal from a different address**. Those smart contracts work as pools that mix all deposited assets.
Once the funds are withdrawn by a complete new address from those pools, the on-chain link between the source & the destination is broken. The withdrawn crypto-assets are therefore anonymized.
While tokens are in a Tornado Cash pool, the custody remains in users hands. Users, therefore, have a complete control over their tokens.
While tokens are in a Tornado Cash pool, the custody remains in users hands. Users, therefore, have complete control over their tokens.
**For traditional Tornado Cash fixed amount pools**:
**For traditional Tornado Cash fixed-amount pools**:
* When a user puts funds into a pool (a.k.a. the deposit), a private note is generated. This private note works as a private key for the user to access those funds later. To withdraw them, the same user can use a different address - an old or a new one - and recover his/her funds thanks to this private key.
**For Tornado Cash Nova, the new ETH pool with arbitrary amounts & shielded transfers**:
* Funds are directly linked to a given wallet address. There is no private note or key. Users can access their funds by connecting to the pool with the appropriate address.
* Custody is either acquired by the act of depositing tokens into the pool or by registering to the pool & receiving shielded transfers from another address.
* Custody is either acquired by the act of depositing tokens into the pool or by registering in the pool & receiving shielded transfers from another address.
The strength of such a protocol comes naturally from its number of users and the size of its pool. The more users deposit into the pool the merrier. However, to preserve privacy & anonymity, the user must keep some basic rules in mind such as:
The strength of such protocol is linked directly to its number of users and the size of its pool. The more users deposit into the pool the merrier. However, to preserve privacy & anonymity, the user must keep in mind some basic rules, such as:
* Using a relayer to pay gas at withdrawal;
* Leaving a lapse of time between the deposit & the withdrawal action;
* Allowing time to lapse between the deposit & the withdrawal action;
* Mixing its funds with the crowd by waiting for several transactions before recovering its assets.
_More recommendations are provided on:_ [_Tips to remain anonymous_](tips-to-remain-anonymous.md)_._
_More recommendations are provided in:_ [_Tips to remain anonymous_](tips-to-remain-anonymous.md)_._
### Contribution of zk-SNARK & hashing process
Tornado.Cash use Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (also called zk-SNARK) to verify & allow transactions.
Tornado.Cash uses Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (also called zk-SNARK) to verify & allow transactions.
To process a deposit, Tornado.Cash generates a random area of bytes, computes it through the [Pederson Hash](https://iden3-docs.readthedocs.io/en/latest/iden3\_repos/research/publications/zkproof-standards-workshop-2/pedersen-hash/pedersen.html) (as it is friendlier with zk-SNARK), then send the token & the 20 mimc hash to the smart contract. The contract will then insert it into the Merkle tree.
To process a deposit, Tornado.Cash generates a random area of bytes, computes it through the [Pedersen Hash](https://iden3-docs.readthedocs.io/en/latest/iden3\_repos/research/publications/zkproof-standards-workshop-2/pedersen-hash/pedersen.html) (as it is friendlier with zk-SNARKs), then sends the token & the 20 MiMC hash to the smart contract. The contract will then insert it into the Merkle tree.
To process a withdrawal, the same area of bytes is split into two separate parts: the **secret** on one side & the **nullifier** on the other side. The nullifier is hashed. This nullifier is a public input that is sent on-chain to get checked with the smart contrat & the Merkle tree data. It avoids double spending for instance.
To process a withdrawal, the same area of bytes is split into two separate parts: the **secret** on one side & the **nullifier** on the other side. The nullifier is hashed. This nullifier is a public input that is sent on-chain to be checked with the smart contract & the Merkle tree data. It avoids double-spending for instance.
Thanks to zk-SNARK, it is possible to prove the 20 mimc hash of the initial commitment and of the nullifier without revealing any information. Even if the nullifier is public, privacy is sustained as there is no way to link the hashed nullifier to the initial commitment. Besides, even if the information that the transaction is present in the Merkle root, the information about the exact Merkle path, thus the location of the transaction, is still kept private.
Thanks to zk-SNARK, it is possible to prove the 20 MiMC hash of the initial commitment and of the nullifier without revealing any information. Even if the nullifier is public, privacy is sustained as there is no way to link the hashed nullifier to the initial commitment. Besides, even if the information about the transaction is present in the Merkle root, the information about the exact Merkle path, and subsequently the location of the transaction, is still kept private.
Deposits are simple on a technological point of view, but expensive in terms of gas as they need to compute the 20 mimc hash & update the Merkle tree. At the opposite, the withdrawal process is complex, but cheaper as gas is only needed for the nullifier hash and the zero-knowledge proof.
Deposits are simple from a technical point of view, but expensive in terms of gas as they need to compute the 20 MiMC hash & update the Merkle tree. On the other hand, the withdrawal process is complex but cheaper as gas is only needed for the nullifier hash and the zero-knowledge proof.
_Written & updated by_ [_@ayefda_](https://torn.community/u/ayefda)

View File

@ -93,7 +93,7 @@ To ensure an extra level of security, we advise you to set up more than one work
Only the mainnet requires you to register workers. All other networks do not require the use of registered workers.
![](<../.gitbook/assets/4 (1).png>)
![](../.gitbook/assets/4.png)
### 5. Stake

View File

@ -2,7 +2,7 @@
Since its inception, the TORN token is used by Tornado Cash users for governance. Its main utility is to allow the suggestion of proposals & voting both in-chain (through locked TORN for governance proposals) and off-chain (on Snapshot).
Since the execution of [Tornado Cash 10th governance proposal](https://tornadocash.eth.link/governance/10), TORN token has gained one other useful utility. Indeed, **with the introduction of a decentralized relayer register,** **a staking reward has been implemented for all holders with locked TORN in the governance contract.**&#x20;
Since the execution of [Tornado Cash 10th governance proposal](https://tornadocash.eth.link/governance/10), TORN token has gained one other useful utility. Indeed, **with the introduction of a decentralized relayer register,** **a staking reward has been implemented for all holders with locked TORN in the governance contract.**
[TORN](torn.md) holders can still lock their tokens into the governance contract as they used to for governance purposes. The significant difference is that they are now able to receive a portion of the fees collected by the protocol from relayers. Obviously, the proportion of the reward will be equal to the proportion of their locked TORN.
@ -21,7 +21,7 @@ As mentioned above, the process to lock TORN tokens has remained unchanged.
* Once the approval is confirmed, you can chose the amount of token to lock, then click on **`Lock`**
* All you have to do after that is to confirm the transaction in your wallet & wait for the confirmation to come through
![](<../.gitbook/assets/c05e5a1813edad280544b627b24002dc8d5adcf2 (1).png>)
![](../.gitbook/assets/c05e5a1813edad280544b627b24002dc8d5adcf2.png)
### How to Claim Your Staking Reward ?
@ -35,8 +35,8 @@ As soon as you log in the page, you will be able to see your staking reward at t
![](<../.gitbook/assets/claim (1).png>)
_That's it, we're done, easy peasy lemon squeezy_ :wink:__
_That's it, we're done, easy peasy lemon squeezy_ :wink:\_\_
__
\_\_
_Written by_ [_**@bt11ba**_](https://torn.community/u/bt11ba/) _**** &_ [_**@ayefda**_](https://torn.community/u/ayefda)****
_Written by_ [_**@bt11ba**_](https://torn.community/u/bt11ba/) _\*\*\*\* &_ [_**@ayefda**_](https://torn.community/u/ayefda)\*\*\*\*