Tornado Cash is a coin mixer that you can use to anonymize your Ethereum transactions. Because of the logic of the blockchain, every transaction is public. If you have some ETH on your account, you cannot transfer it anonymously, because anybody can follow your transaction history on the blockchain. Coin mixers, like Tornado Cash, can solve this privacy problem by breaking the on-chain link between the source and the destination address by using ZKP.
Users deposit the same amount of ETH to the contract.
Actual Process.
Deposit and get the private note.
_commitment the note commitment, which is PedersenHash(nullifier + secret)
Smart contract checks the hash of secret and nullified, if equal it returns true.
It sends 1 ETH back to the user after correctly checked
Actual Process:
Hash function is a one-way function so we can deduce the user who deposited ETH according to the parameters which we can find on-chain.
To solve this problem, Tornado Cash uses Zero Knowledge Proof.
Another problem arises: hackers can withdraw many times if Tornado Cash doesn’t know who is withdrawing.
zk-SNARK prevent this:
When you send proof you also need to send hash of nullifier.
Inside of zk-snark, it would check 2 things:
check the hash of secret and nullififer is recorded on the Tornado Cash.
check the hash of nullififer is equal to nullifier hash.
The purpose of nullifier is to prevent double-spending.
Input data of withdraw funciton:
proof is a zkSNARK proof data, and input is an array of circuit public inputs input array consists of:
merkle root of all deposits in the contract
hash of unique deposit nullifier to prevent double spends
the recipient of funds
optional fee that goes to the transaction sender (usually a relay)
Use Merkle Tree
HicssGas Optimization Tips
Minimize on-chain dataUse librariesUse ERC1167Turn on the Solidity optimizerUse eventsUse literal instead of computed valuesAvoid to copy arrays in memoryAvoid for-loop over dynamic rangesOptimize order of variable declarationUse eth-gas-reporter
HicssEIP-712: Quick Intro and Use case
https://eips.ethereum.org/EIPS/eip-712 Abstract This is a standard for hashing and signing of typed structured data as opposed to just bytestrings. It includes a theoretical framework for correctness of encoding functions, specification of structured data similar to and compatible with Solidity structs, safe hashing algorithm for instances of those structures, safe inclusion of those instances in the set of signable messages, an extensible mechanism for domain separation, new RPC call eth_sig...
HicssBytes and String in Solidity
1. If we know the size of the bytes we want to store, the best approach is to use the fixed size byte array type To initialize a fixed size byte array, we need to specify the size of how many bytes we would like to store.bytes1 b1 = hex"41"; Bytes can be initialized with either a hex string hex"41" or a hex value 0X41 which is the letter A according to ASCII. 2. Fixed size bytes can be passed between smart contracts in the Solidity programming language. 3.bytes and bytes32 Bytes is a dynamic ...
Blockchain Developer
Tornado Cash is a coin mixer that you can use to anonymize your Ethereum transactions. Because of the logic of the blockchain, every transaction is public. If you have some ETH on your account, you cannot transfer it anonymously, because anybody can follow your transaction history on the blockchain. Coin mixers, like Tornado Cash, can solve this privacy problem by breaking the on-chain link between the source and the destination address by using ZKP.
Users deposit the same amount of ETH to the contract.
Actual Process.
Deposit and get the private note.
_commitment the note commitment, which is PedersenHash(nullifier + secret)
Smart contract checks the hash of secret and nullified, if equal it returns true.
It sends 1 ETH back to the user after correctly checked
Actual Process:
Hash function is a one-way function so we can deduce the user who deposited ETH according to the parameters which we can find on-chain.
To solve this problem, Tornado Cash uses Zero Knowledge Proof.
Another problem arises: hackers can withdraw many times if Tornado Cash doesn’t know who is withdrawing.
zk-SNARK prevent this:
When you send proof you also need to send hash of nullifier.
Inside of zk-snark, it would check 2 things:
check the hash of secret and nullififer is recorded on the Tornado Cash.
check the hash of nullififer is equal to nullifier hash.
The purpose of nullifier is to prevent double-spending.
Input data of withdraw funciton:
proof is a zkSNARK proof data, and input is an array of circuit public inputs input array consists of:
merkle root of all deposits in the contract
hash of unique deposit nullifier to prevent double spends
the recipient of funds
optional fee that goes to the transaction sender (usually a relay)
Use Merkle Tree
HicssGas Optimization Tips
Minimize on-chain dataUse librariesUse ERC1167Turn on the Solidity optimizerUse eventsUse literal instead of computed valuesAvoid to copy arrays in memoryAvoid for-loop over dynamic rangesOptimize order of variable declarationUse eth-gas-reporter
HicssEIP-712: Quick Intro and Use case
https://eips.ethereum.org/EIPS/eip-712 Abstract This is a standard for hashing and signing of typed structured data as opposed to just bytestrings. It includes a theoretical framework for correctness of encoding functions, specification of structured data similar to and compatible with Solidity structs, safe hashing algorithm for instances of those structures, safe inclusion of those instances in the set of signable messages, an extensible mechanism for domain separation, new RPC call eth_sig...
HicssBytes and String in Solidity
1. If we know the size of the bytes we want to store, the best approach is to use the fixed size byte array type To initialize a fixed size byte array, we need to specify the size of how many bytes we would like to store.bytes1 b1 = hex"41"; Bytes can be initialized with either a hex string hex"41" or a hex value 0X41 which is the letter A according to ASCII. 2. Fixed size bytes can be passed between smart contracts in the Solidity programming language. 3.bytes and bytes32 Bytes is a dynamic ...
Share Dialog
Share Dialog
Blockchain Developer
Subscribe to Hicss
Subscribe to Hicss
<100 subscribers
<100 subscribers
No activity yet