TornadoCash/docs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

general updates

Browse source
This commit is contained in:
gozzy 2023-02-18 23:32:43 +00:00
parent e7d4faee75
commit e9ab17beaf
16 changed files with 95 additions and 176 deletions
Download patch file Download diff file Expand all files Collapse all files

4
general/community/contributing.md
View file

@ -14,12 +14,12 @@ _For more information see the section on_ [_Governance_](governance.md).
## How to get involved?
{% hint style="danger" %}
*Tornado Cash was sanctioned by the US Treasury on 08/08/2022, making it illegal for US citizens to interact with the core and governance contracts. Please understand the laws in your jurastiction*
*Tornado Cash was sanctioned by the US Treasury on 08/08/2022, making it illegal for US citizens to interact with the core and governance contracts. Please understand the laws in your jurisdiction.*
{% endhint %}
Join the community on one or more of the social portals and start seeking where you can help make a difference, active areas of assistence required are:
* development, from frontend and tooling to smart contracts
* auditing, security reviews of frontend interfaces or smart contracts
* advocates, of privacy and distributed tooling to provide community assistence and engage in governance
* advocates, of privacy and distributed tooling to provide community assistance and coordinate creation of public goods
* authors to improve protocol education and documentation

8
general/community/governance.md
View file

@ -1,6 +1,6 @@
# Governance
The following governance rules apply to all Tornado Cash pools (including Tornado Cash Nova).
_Tornado Cash Classic anonymity pools are not under the control of governance, the contracts are immutable with no ownership inheritence or proxy logic ensured by the security of Ethereum._
### How to create a proposal?
@ -32,17 +32,17 @@ Go to the `Voting` route of the application, look to the top of the page under t
Approve the locked amount for the governance contract to transfer your tokens by clicking on the `Approve` button. Once the approve is confirmed, either by signing a message or making an approval transaction - click `Lock` to initiate the transaction to deposit. Confirm the transaction in your wallet and wait for confirmation to see the updated balance.
![](</.gitbook/assets/c05e5a1813edad280544b627b24002dc8d5adcf2 (1).png>)
![](../../.gitbook/assets/c05e5a1813edad280544b627b24002dc8d5adcf2.png)
Individuals should take time to review the matters they are voting on, as given the open nature of the organisation - **the code execution could be malcious** - or may just simply be against their opinion. Proposals are encouraged to be discussed on the forums before being deployed. Review the discription, subject matter and forum thread before voting.
To allow easy auditing of the proposals execution and ensure the highest possibility for your proposal to win consensus, bytecode should be verified on Etherscan using the contract source code.
![](/.gitbook/assets/181d612b6c57964bab59c8e5b766f5247211083d.png)
![](../../.gitbook/assets/181d612b6c57964bab59c8e5b766f5247211083d.png)
Look for the contract address on Etherscan and make sure that the source code is verified before voting.
![](/.gitbook/assets/d2d37d169a94f09156e76fa522b7974cb7c9ac3f.png)
![](../../.gitbook/assets/d2d37d169a94f09156e76fa522b7974cb7c9ac3f.png)
> Using locked tokens in a vote subjects them to a timelock of 8 days approximately with current governance parameters

10
general/deployments.md
View file

@ -1,10 +1,8 @@
# Tornado Cash Smart Contracts
[Codes behind Tornado.Cash functioning](https://github.com/tornadocash) - smart contacts, circuits & toolchain - are fully **open sourced.** This page regroups all information regarding Tornado Cash smart contracts.
The following addresses are deployments of the [source code of Tornado Cash smart contracts](https://github.com/tornadocash) and governance related addresses.
## Smart Contracts Adresses
### Tornado Cash Classic - Pools Contracts
### Tornado Cash Classic
* Ethereum Mainnet
@ -107,7 +105,7 @@
| 1 WBTC | [0x776198CCF446DFa168347089d7338879273172cF](https://goerli.etherscan.io/address/0x776198CCF446DFa168347089d7338879273172cF) |
| 10 WBTC | [0xeDC5d01286f99A066559F60a585406f3878a033e](https://goerli.etherscan.io/address/0xeDC5d01286f99A066559F60a585406f3878a033e) |
### Tornado Cash Nova - Pool contracts (beta)
### Tornado Cash Nova
| Contract | Address |
| -------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- |
@ -118,7 +116,7 @@
| Verifier 16 | [0x743494b60097A2230018079c02fe21a7B687EAA5](https://blockscout.com/xdai/mainnet/address/0x743494b60097A2230018079c02fe21a7B687EAA5#code) |
| Hasher | [0x94C92F096437ab9958fC0A37F09348f30389Ae79](https://blockscout.com/xdai/mainnet/address/0x94C92F096437ab9958fC0A37F09348f30389Ae79#code) |
### Governance Contracts:
### Governance
| Contract | Address |
| ---------------------------------- | -------------------------------------------------------------------------------------------------------------------------------- |

37
general/how-does-it-work.md
View file

@ -1,37 +1,30 @@
# How does Tornado Cash work?
# How does it work?
Before diving into the tutorials explaining & easing the use of Tornado.Cash, here is an overall overview of the protocol's global functioning.
To achieve privacy, Tornado Cash **uses smart contracts that accept token deposits from one address and enable their withdrawal from a different address**. Those smart contracts work as pools that combine all deposited assets.
### Global overview of Tornado Cash
Once the funds are withdrawn by a new address from those pools, the on-chain link between the source and the destination addresses is broken through anonymity. While assets are in anonymity pool the management of are non-custodial, individuals are the only ones in the control of their assets given that sufficient operational security is maintained.
To achieve privacy, Tornado Cash **uses smart contracts that accept token deposits from one address and enable their withdrawal from a different address**. Those smart contracts work as pools that mix all deposited assets.
**Classic anonymity pools**
Once the funds are withdrawn by a complete new address from those pools, the on-chain link between the source & the destination is broken. The withdrawn crypto-assets are therefore anonymized.
* When a user transfers assets into a pool (deposit), a private note is generated. This private note works as **a private key or secret** to access the assets
While tokens are in a Tornado Cash pool, the custody remains in users hands. Users, therefore, have complete control over their tokens.
**Nova anonymity pools**:
**For traditional Tornado Cash fixed-amount pools**:
* Asset management is fufilled through a shielded key, which can be generated signing a message with an Ethereum address for reusable access
* Custody is obtained by either transferring assets to the pool or registering a shielded key to recieve shielded transfers
* When a user puts funds into a pool (a.k.a. the deposit), a private note is generated. This private note works as a private key for the user to access those funds later. To withdraw them, the same user can use a different address - an old or a new one - and recover his/her funds thanks to this private key.
The strength of such protocol is linked directly to its amount of users and the size of its pool. The more users deposit into the pool the larger the probability of correlation. However, to ensure anonymity individuals must be concious of:
**For Tornado Cash Nova, the new ETH pool with arbitrary amounts & shielded transfers**:
* Using a relayer for withdrawal gas fees and maintain a shielded balance
* Waiting for sufficient subsequent deposits for decreased chances of probability or relation to the withdrawal
* Funds are directly linked to a given wallet address. There is no private note or key. Users can access their funds by connecting to the pool with the appropriate address.
* Custody is either acquired by the act of depositing tokens into the pool or by registering in the pool & receiving shielded transfers from another address.
_For a more detailed explaination see guide_ [_Tips to remain anonymous_](guides/opsec.md)_._
The strength of such protocol is linked directly to its number of users and the size of its pool. The more users deposit into the pool the merrier. However, to preserve privacy & anonymity, the user must keep in mind some basic rules, such as:
### Zero knowledge
* Using a relayer to pay gas at withdrawal;
* Allowing time to lapse between the deposit & the withdrawal action;
* Mixing its funds with the crowd by waiting for several transactions before recovering its assets.
Tornado Cash uses Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (zkSNARK) to maintain non-custodial shielded transactions.
_More recommendations are provided in:_ [_Tips to remain anonymous_](tips-to-remain-anonymous.md)_._
### Contribution of zk-SNARK and hashing process
Tornado.Cash uses Zero-Knowledge Succinct Non-Interactive Argument of Knowledge (also called zk-SNARK) to verify & allow transactions.
To process a deposit, Tornado.Cash generates a random area of bytes, computes it through the [Pedersen Hash](https://iden3-docs.readthedocs.io/en/latest/iden3\_repos/research/publications/zkproof-standards-workshop-2/pedersen-hash/pedersen.html) (as it is friendlier with zk-SNARKs), then sends the token & the 20 MiMC hash to the smart contract. The contract will then insert it into the Merkle tree.
To process a deposit a random slice of bytes is generated by the individual, it is then encrypted using [Pedersen hashing](https://iden3-docs.readthedocs.io/en/latest/iden3\_repos/research/publications/zkproof-standards-workshop-2/pedersen-hash/pedersen.html). Pedersen hashing is optimised for the arimithic circuits for zero-knowledge proofs and maintain low transactional costs in the Ethereum virtual machine. Depositing is fufilled through inputing the hash for insertion into the Merkle tree.
To process a withdrawal, the same area of bytes is split into two separate parts: the **secret** on one side & the **nullifier** on the other side. The nullifier is hashed. This nullifier is a public input that is sent on-chain to be checked with the smart contract & the Merkle tree data. It avoids double-spending for instance.

46
general/resources/compliance-tool.md
View file

@ -1,53 +1,45 @@
# Compliance tool
By design, everything is public on the blockchain, which can deprive users from their right to privacy. Anyone can have access to everyones whole transaction history. In response to this core problem,Tornado.Cash protocol allows cryptocurrency holders to earn back their privacy and gain anonymity. Indeed, it enables users to break the on-chain link between a source and a destination address.
By design, everything is public on the blockchain, which can deprive users from their right to privacy. Anyone can have view everyone elses entire financial history. Tornado Cash breaks the on-chain link between the source and destination address, although not at expense of non-compliance. The right of privacy lies in the ability to have control over the information we provide and to whom we provide it.
However, maintaining privacy and preserving financial freedom should never come at the expense of non-compliance. The right of privacy lies in the ability to have control over the information we provide and to whom we provide it.
To this extent, **Tornado.Cash Compliance Tool enables users to prove the origin of their funds.** Thanks to the Note generated after each deposit, **this tool will issue a cryptographically verified proof of transactional history** using the Ethereum addresses used to deposit & withdraw assets.
You can visit the Medium post related to this tool to learn more about its development and launch: [**compliance tool Medium post announcement**](https://tornado-cash.medium.com/tornado-cash-compliance-9abbf254a370).
Therefore, if you are ever in need to prove the origin of held assets withdrawn from one of Tornado.Cash pools, we invite you to use the compliance tool.
To this extent, **the compliance tool enables users to prove the origin of their funds through selective disclourse.** Each note translates to a unique deposit, **this tool will issue a cryptographic proof of a deposit** allowing a third party to authethicate one's transactional profile.
![](/.gitbook/assets/capture-de-cran-2021-09-02-a-14.57.11.png)
## How to use the compliance tool?
With each deposit made through the application, a new Note is generated by the protocol. This Note is necessary to withdraw the deposited assets later on any withdrawal address. It is this same Note that, if needed, allow users to generate a Compliance Report to prove the origin of their assets.
With each deposit made through the application, a new note is generated by the protocol. This note is necessary to withdraw the deposited assets later on any withdrawal address. It is this same note that, if needed, allow users to generate a compliance Report to prove the origin of their assets.
_More information see section on_ [_Deposit / Withdraw_](deposit-withdraw.md)_._
_More information see section _[_Deposit / Withdraw_](deposit-withdraw.md)_._
To get a compliance report, the user solely need to copy the Note, generated after the deposit, in the dedicated box.
To get a compliance report, the user solely need to copy the note, generated after the deposit, in the dedicated input.
### Before withdrawal
If the Note wasn't spent yet (i.e. assets have still not been withdrawn), the Compliance tool will only provide you with information about the deposit:
If the note wasn't spent yet (i.e. assets have still not been withdrawn), the compliance tool will only provide you with information about the deposit:
* Transaction hash of the deposit;
* The source address;
* The Commitment hash.
* Transaction hash of the deposit
* The source address
* The commitment hash
The commitment is the hashed random area of bytes generated at each deposit that is sent to Tornado.Cash smart contract to characterize the transaction.
The commitment is the hashed random area of bytes generated at each deposit that is sent to anonymity pool to characterize the transaction.
![](../.gitbook/assets/capture-de-cran-2021-09-02-a-15.07.01.png)
![](../../.gitbook/assets/capture-de-cran-2021-09-02-a-15.07.01.png)
_You can find more information about how Tornado.Cash achieve to provide privacy by reading_ [_How does Tornado.Cash work?_](../how-does-it-work.md)_._
To can find more information about how Tornado Cash achieves privacy see section [_How does Tornado Cash work?_](../how-does-it-work.md)_._
### After withdrawal
If the note was spent (i.e. assets were withdrawn to a given address using the note), the compliance tool will complete the information above by adding:
* Transaction hash of the withdrawal;
* The destination address;
* The Nullifier Hash.
* Transaction hash of the withdrawal
* The destination address
* The nullifier hash
The nullifier hash is a public input that is sent on-chain to get checked with the smart contract & the Merkle tree data to allow the withdrawal.
The nullifier hash is a public input that is sent on-chain to get checked with the smart contract and authenthicate the presence of the note's secret in the Merkle tree for the withdrawal.
![https://app.tornado.cash/compliance/](/.gitbook/assets/capture-de-cran-2021-09-02-a-15.12.23.png)
![](../../.gitbook/assets/capture-de-cran-2021-09-02-a-15.12.23.png)
Therefore, the tool allows users to re-link source & destination addresses in order to prove transaction history for assets used on Tornado Cash.
Therefore, the tool allows users to re-link source and destination addresses in order to prove transaction history for assets transacted through Tornado Cash. The compliance report can be downloaded as a PDF format for accessible disclosure.
This information can also be downloaded under a PDF format, making it is easier to get sent to any desired third part:
![https://app.tornado.cash/compliance/](/.gitbook/assets/capture-de-cran-2021-09-02-a-15.12.53.png)
![](../../.gitbook/assets/capture-de-cran-2021-09-02-a-15.12.53.png)

2
general/resources/tutela.md
View file

@ -6,5 +6,5 @@ Interest gathered from external actors and over the the span of 3 months, a grou
https://arxiv.org/abs/2201.06811
You can try out the application publicly, [tutela.xyz](https://tutela.xyz) and view the source code of the [clustering algorithim](https://github.com/TutelaLabs/tutela-app) used.
You can try out the application publicly, [tutela.xyz](https://tutela.xyz) and view the [source code](https://github.com/TutelaLabs/tutela-app).

24
general/token/anonymity-mining.md
View file

@ -3,7 +3,7 @@
Anonymity mining was an incentive to increase the level of privacy in any coin-joining or coin-mixing protocols by rewarding participants anonymity points (AP) dependent on how long they hedge their assets in a pool.
{% hint style="warning" %}
_Tornado Cash anonymity mining program began on December 18, 2020 and has ended on December 18, 2021._
_Tornado Cash anonymity mining program began on December 18, 2020 and ended on December 18, 2021._
{% endhint %}
Individuals deposit to any one of the anonymity pools that are supported (ETH, WBTC, DAI or cDAI) and are rewarded a fixed amount of AP per block, over the period their deposit remains in the pool. These points can then be exchanged for TORN once claimed.
@ -18,17 +18,17 @@ One of the community members created the resource of [a mining spreadsheet 13](h
1\. Decide what amount and asset to deposit by selecting it through the dropdown menu, before clicking on "Connect" and "Deposit".
![](/.gitbook/assets/m3fh0gl.png)
![](../../.gitbook/assets/m3fh0gl.png)
2\. Take a record of your depositing note and back it up safely, **do not share this with anyone or risk losing your deposit and reward.**
![](/.gitbook/assets/vhustru.png)
![](../../.gitbook/assets/vhustru.png)
3\. Generate the proof and submit the transaction.
4\. Your deposit should now be viewable on the bottom of the page, you can track how much AP it earns here; remember the longer your deposit remains active, the more AP you earn.
![](/.gitbook/assets/k6juetp.png)
![](../../.gitbook/assets/k6juetp.png)
_Notes that are active (not withdrawn) are known as “unspent” notes._
@ -36,39 +36,39 @@ _Notes that are active (not withdrawn) are known as “unspent” notes._
1\. First you must create a mining account and store those credentials on-chain for easy recovery (requires a transaction), **like depositing notes, you should never share your mining recovery key with anyone** and ensure to back it up in a safe place. This feature is not supported by hardware wallets so its encouraged to store the information as presented\_.\_
![](/.gitbook/assets/lskzkgk.png)
![](../../.gitbook/assets/lskzkgk.png)
2\. Take an active deposit through providing an unspent note and withdraw to an address of preference and decide whether to use a relayer or not (_to maintain a deposits anonymity it is always advised to use a relayer_), this will bring the note into a “spent” state.
![](/.gitbook/assets/aid86cj.png)
![](../../.gitbook/assets/aid86cj.png)
**Remember to still keep your depositing notes a secret even after withdrawing, as they still retain the ability to redeem AP.**
![](/.gitbook/assets/bpsqxxr.png)
![](../../.gitbook/assets/bpsqxxr.png)
3\. Visit the mining route of the application and enter your spent note, you may be faced with one of the following situations.
* **The ability to claim your spent note**: click the “Claim reward” button and submitting the transaction either by using a relayer or not, once confirmed your AP balance should update to reflect the action.
![](/.gitbook/assets/e9jyqhu.png)
![](../../.gitbook/assets/e9jyqhu.png)
* **The inability to claim a spent note:** _“Warning: The note is not yet ready for anonymity mining. You can wait few days before trying again”_ - This means the Merkle trees are out of sync and require a transaction to be updated.
![](/.gitbook/assets/i6qtr0f.png)
![](../../.gitbook/assets/i6qtr0f.png)
Updating the trees can be an expensive process, **it is recommended that users with small deposits wait for the larger miners to update the trees, this could take anywhere from a few days to a week**. If you want to view your event relative to the current pending batches. Click the _“Show mining note information”_ hyperlink, here you can also pay the transaction fees to sync the tree relative to your withdrawal through the “Update trees” button.
![](/.gitbook/assets/d8dmxjj.png)
![](../../.gitbook/assets/d8dmxjj.png)
### How to exchange AP
1\. Navigate over to the “Swap” tab on the mining page which can be accessed through the second navigation bar from the top of the page.
![](../.gitbook/assets/ahrjxbq.png)
![](../../.gitbook/assets/ahrjxbq.png)
2\. Enter the amount of AP requested to exchange or select the “Maximum” option to convert your active balance. Below this input, information regarding the current AP/TORN rate and reward output will be displayed. Provide an address of preference to receive the reward, finalise by generating the proof and submitting the transaction through a relayer or not.
![](../.gitbook/assets/wo55lao.png)
![](../../.gitbook/assets/wo55lao.png)
3\. If all steps were followed correctly, TORN will be transferred to the address of preference provided in step 2 of this section.

26
general/token/index.md
View file

@ -1,35 +1,33 @@
# TORN
## Token
TORN is an ERC20 compliant token with a fixed supply that governs the protocol, token holders can submit proposals and vote to contribute.
TORN is an ERC20-compatible token with a fixed supply that governs Tornado Cash, TORN holders can make proposals and vote to change the protocol via governance.
**Heres how the initial distribution of TORN would break down:**
**Initial token distrbution**
* **5% (500,000 TORN):** Airdrop to early users of ETH pools
* **10% (1,000,000 TORN):** Anonymity mining for ETH pools, distributed linearly over 1 year
* **55% (5,500,000 TORN):** DAO treasury, will be unlocked linearly over 5 years with 3 month cliff
* **30% (3,000,000 TORN):** Founding developers and early supporters, will be unlocked linearly over 3 years with 1 year cliff
![](/.gitbook/assets/1-bjggju1rn4\_qoxgcljfneq.png)
![](../../.gitbook/assets/1-bjggju1rn4\_qoxgcljfneq.png)
![](/.gitbook/assets/1-gmc0jw8zr5xfvrk5zyqmya.png)
![](../../.gitbook/assets/1-gmc0jw8zr5xfvrk5zyqmya.png)
## Airdrop
Users who have believed in Tornado Cash from early on should have a say in governing the protocol. For this reason, early adopters of the protocol did receive an airdrop of TORN.
Early adopters who used in Tornado Cash were allocated a share in governing the protocol on launch to aspire for an equitable demographic in the asset's economics.
TORN has been airdropped to [all addresses](https://github.com/tornadocash/airdrop/blob/master/airdrop.csv) that made deposits into ETH pools before block `11400000`. TORN were airdropped in the form of a non-transferable TORN voucher (vTORN) that can be redeemed 1:1 to TORN within 1 year, from December 18, 2020, to December 18, 2021. TORN that arent redeemed will be swept into the governance contract after 1 year and become part of the DAO Treasury. Redeemed TORN will be available immediately.
The [early adopter addresses](https://github.com/tornadocash/airdrop/blob/master/airdrop.csv) that made deposits into ETH pools before block `11400000` were allocated a non-transferable TORN voucher (vTORN) that could be redeemed 1:1 to TORN within 1 year, from December 18, 2020, to December 18, 2021. The expired assets are then reallocated back to the treasury and participants that failed to claim can no longer redeem.
The airdropped amount depends on users deposit size and age — larger deposits and older deposits will receive more TORN. Multipliers for deposit size are logarithmic:
The airdropped amount depended on a users deposit size and age, larger deposits and older deposits would have a greater allocation. Multipliers for deposit size are logarithmic:
![](/.gitbook/assets/1-ogfrad8p3gez14zh4jndiq-2x.png)
![](../../.gitbook/assets/1-ogfrad8p3gez14zh4jndiq-2x.png)
So a 100 ETH deposit get twice as many tokens as a 1 ETH deposit. The multiplier allows large and small users of Tornado Cash to both have a say in governance.
So that a larger deposits like 100 ETH only got twice as many tokens as a 1 ETH deposit, the multiplier aspired to reduce any skews by focusing on proactive usage and not purely volume.
The exact curve for the time multiplier looks like this:
![](/.gitbook/assets/1-bje88nlnkbe29-zcs5agkw-2x.png)
![](../../.gitbook/assets/1-bje88nlnkbe29-zcs5agkw-2x.png)
The exact airdrop formula is the following:
The exact airdrop formula was the following:
![](/.gitbook/assets/1-megm4amqrrkx0qxva9iska-2x.png)
![](../../.gitbook/assets/1-megm4amqrrkx0qxva9iska-2x.png)

6
general/token/staking.md
View file

@ -1,6 +1,6 @@
# Staking
Since the execution of [proposal #10](https://etherscan.io/address/0xEC2412368be52107Fa549c3fb78DE1e3e6bF18EB#code), an additional utility was enabled for the asset aside from governance. Through the deployment of the relayer registry, which acts as a official store of active relayers. This is then referenced on the frontend through referencing the registry contract. Relayers pay a percent of withdrawal fees to governance to have an active registration in the registry.
Since the execution of [proposal #10](https://etherscan.io/address/0xEC2412368be52107Fa549c3fb78DE1e3e6bF18EB#code), an additional utility was enabled for TORN aside from governance. Through the deployment of the relayer registry, which acts as a official store of active relayers. Which grants the access to referencing on the frontend through querying the registry contract. Relayers pay a percent of withdrawal fees to governance to have an active registration in the registry.
The fee mechanisim functions by relayers locking a listing amount (currently `300 TORN`) and everytime a withdrawal is processed the registry fee (currently `0.3%` of the relayer's arbitary fee) is deducted from their locked balance. This fee is then distributed proportionally to tokenholders locked into the governance contract. Relayers must keep a locked balance greater than the minimum balance (currently `40 TORN`) to be marked as an active relayer and be recommended on the frontend.
@ -17,13 +17,13 @@ As mentioned above, the process to lock TORN tokens has remained unchanged.
* Once the approval is confirmed, you can chose the amount of token to lock, then click on **`Lock`**
* All you have to do after that is to confirm the transaction in your wallet & wait for the confirmation to come through
![](/.gitbook/assets/c05e5a1813edad280544b627b24002dc8d5adcf2.png)
![](../../.gitbook/assets/c05e5a1813edad280544b627b24002dc8d5adcf2.png)
### How to claim your staking reward?
To do that click the **`Voting`** button on the navigation bar at the top of the page to be directed to the governance route of the application. As soon as you connect your wallet, you will be able to see your staking reward at the top if you have a balance.
![](/.gitbook/assets/head.png)
![](../../.gitbook/assets/head.png)
* Click **`Manage`** -> **`Claim`** tab -> **`Claim`** _button._