Introduction to Tornado Cash

Tornado Cash is a non-custodial privacy protocol allowing permissionless shielded transactions on Ethereum and derivative networks. Tornado Cash is not a mixer, as assets are never commingled due to the presence of zero knowledge cryptography. The core of the protocol is ungovernable and immutable, given Ethereum's distributed state and the provenance of the contracts, they can neither be changed nor tampered with.

Therefore, nobody - including the original developers - can modify or inhibit the protocol. All governance and associated smart contracts are deployed by the community. As a non-custodial protocol, users keep custody of their cryptocurrencies while using Tornado Cash. This means that at each deposit, they are provided with a secret "note" that grants the access to the deposited funds, allowing self-soverginity over one's assets.

How is anonymity achieved?

Tornado Cash achieves anonymity by breaking the on-chain link between source and destination addresses through "anonymity pools". These are immutable smart contracts that accepts fixed denominations of a currency, acting as what is known as a mix network. Although anonymity is only obtained with use of a "relayer", which acts as a withdrawal proxy to mask the link between destination and source addresses.

Learn more about How does Tornado Cash work? and Tips to remain anonymous.

Where is Tornado Cash deployed?

Since its inception in 2019, Tornado Cash has been mainly operating on the Ethereum network, with anonymity pools for ETH, DAI, cDAI, USDC, USDT and WBTC.

Since June 2021, the smart contracts have also been deployed on other side-chains & blockchains. These deployments enabled network agnostic functionality, allowing for faster and cheaper transactions.

• Ethereum
  • ETH (Ethereum)
  • DAI (Dai)
  • cDAI (Compound Dai)
  • USDC (USD Coin)
  • USDT (Tether)
  • WBTC (Wrapped Bitcoin)
• Binance Smart Chain
  • BNB (Binance Coin)
• Polygon
  • MATIC (Polygon)
• Gnosis Chain (formerly xDAI)
  • xDAI (xDai)
• Avalanche
  • AVAX (Avalanche)
• Optimism
  • ETH (Ethereum)
• Arbitrum One
  • ETH (Ethereum)

Until December 2021, governance enabled "anonymity mining" - a mechanism to incentivise proactive usage of selected anonymity sets to compliment pool entropy, allowing depositors to earn the native governance token (TORN).

See sections Anonymity mining and the TORN token for more information.

The protocol's native governance token, TORN, allows open and decentralized collaboration to shape the direction of the protocol through voting.. The community has a strong influence over the evolution of Tornado Cash, it's development and management of the protocol's treasury.

Anonymity pools operate under the principle of fixed-amount deposits and withdrawals. Meaning that each supported asset has multiple pools which make up an "anonymity set", each pool restricts transactions to be a fixed amount (e.g. ETH has four different pools, one for each of these amounts: 0.1, 1, 10 and 100 ETH).

Tornado Cash Nova

With the release of a new experimental version of Tornado Cash; Nova, provides an upgraded experience for anonymity pools. Users are no longer constrained by fixed-amount transactions, possible through the UXTO model allowing arbitrary (customized) amounts and shielded internal transfers.

Tornado Cash Nova is deployed on Gnosis Chain (formerly xDAI) with the original hopes to improve speed and cost by bridging from Ethereum Mainnet using the AMB Omnibridge.

Please note Tornado Cash Nova has a low relayer count, is in an experimental state and regularly faces issues with Omnibridge because of bridge limits and validator censorship.

How does Tornado Cash function?

Tornado Cash is represented by it's community, collaboration is facilitated through the governance contract or Decentralized Autonomous Organization (DAO). No singular entity or person controls Tornado Cash.

All protocol related code is open-source and is published to two independent git instances:

• Community git: store of the latest community maintained repositories
• Sanctioned Github: public archive after the OFAC sanctions

The existence of zero knowledge in the protocol was based on open-source research authored by ZCash. To implement a zero knowledge scheme, a trusted setup is required, which is essentially a store of random data from various sources defining robustness in generation of proving and verifying keys. Which successfully occured for the protocol on May 2020 with 1114 contributions. This significant number of contributors makes it implausible to compromise the protocol by faking zero-knowledge proofs.

Tornado Cash user interfaces are hosted on IPFS (InterPlanetary File System) deployed by the community, minimizing the risk of censorship. These interfaces will be accessible as long as IPFS nodes pin the content, the latest IPFS content hashes are available at tornadocash.eth and nova.tornadocash.eth. Please see how to pin IPFS content if you wish to contribute.