How to make your Ethereum private with tornado.cash

The Defi world has been evolving these last couple of years and many new dapps have come to life. One of them is Tornado.cash.

What problem is Tornado.cash solving?

As many of you might already know – All transactions made on the Ethereum blockchain are completely visible, transparent and public. Every time you interact with the blockchain in any way, for example when sending a transaction – it is completely visible to anyone that might be watching.

You should know that it is very easy to follow everything you are doing on the blockchain, and this includes all tokens and contracts that you are interacting with or holding. There are tools and services that have been crafted only for this simple purpose. Tying you to a specific Ethereum address might be easier than you think. You can easily follow all transactions in real time on Etherscan.

Many times you might not care to be anonymous or private, however if you have these concerns you now have the possibility to easily make your Ethereum history more private with Tornado.cash.

What is Tornado.cash?

Tornado.cash is a Non-custodial privacy solution for Ethereum. It is a smart contract on the Ethereum blockchain that users can deposit funds to. The user can then immediately after, withdraw the same funds to a different address. However, it is preferred to keep the funds in the contract for some time before withdrawing, more on that here below.

How it works

1. DEPOSIT – A user generates a note which is a random key. The user then proceeds by depositing Ethereum or any ERC20 token, together with a hash of the generated note to the smart contract. It is important to keep the note, users should treat it as a private key. The note will be used in the withdrawal process.
2. WAIT – Now, depending on the amount of privacy and anonymity that the user wants to achieve the user should wait an arbitrary long amount of time. The longer you wait the more privacy and anonymity you can expect.
3. WITHDRAW – To withdraw the deposited funds the user has to submit the note to the contract. The contract will use the note to confirm that funds have been deposited. The contract will then send the deposited funds to the specified recipient.

How is this anonymous?

Tornado.cash achieves privacy by breaking the link between recipients and their deposit address. Observers will be unable to link the withdrawal to the deposit. This is possible by using zero knowledge proofs, more specifically in this case zk-SNARKs. It is the same type of cryptography that the Zcash cryptocurrency uses to keep transactions private on their blockchain.

When a user deposits funds to the Tornado.cash smart contract the funds will be pooled with all the other funds that have previously been sent to it (of equal size) and that hasn’t yet been withdrawn. Therefore the efficacy of the protocol increases the more users there are. This is called an Anonymity set – the more deposits in the smart contract the bigger the anonymity set is and thus the more anonymous you will become.

This part is easier to understand if we compare it to some real life scenario. For example, imagine if you are standing at a stage inside a stadium looking out. If there are lots of people in the crowd, it will be hard to single out any specific person. However, if there is only one person in the crowd you will quickly identify him or her.

Is this 100% private?

Nothing is 100% private but if you use it with care you could make it really hard to trace you. The protocol isn’t broken, however most users will not take all the precautionary measures needed to become untraceable.

Steps to take for improving anonymity when using the tool

• Use at least a VPN to hide your source IP-address. This is a very important step.
• When depositing the funds you should do it from one IP-address and when withdrawing you should do it from another.
• Use the TOR-browser for that extra peace of mind. If using VPN and TOR you will have real good protection.
• Make sure all eventual browser trackers and cookies are cleared.
• Try to connect to different Ethereum nodes when doing each transaction. The best is to connect to your own if you have one.
• Don’t send the funds back to the same address that you used when depositing the funds, that would be completely useless.
• WAIT. After you have deposited funds to the Tornado.cash you should wait as long as possible before you withdraw them again. The longer you wait the greater anonymity you will receive.

Privacy Coins

If you like your privacy (You should) there are actually cryptocurrencies that exists only for this sole purpose. The most popular and proven ones as of right now (spring 2021) are Monero and ZCash. If you haven’t already you should check them out.