|

Crypto News

After Tornado Cash: The Future of Crypto Privacy

Author

Jonathan Gibson

Tags

Reading time

5 mins
Last update

Author

Jonathan Gibson

Tags

Reading time

5 mins
Last update

Author

Jonathan Gibson

Tags

Reading time

5 mins
Last update

Tornado Cash

Join our growing community


The censorship battle over financial privacy escalated when the US Treasury Department’s Office of Foreign Assets Control (OFAC) sanctioned the popular Ethereum-based mixer Tornado Cash in August. This followed similar action against a bitcoin mixer, Blender.io, and its associated wallet addresses. The rationale was the reported use of such services by North Korean hackers to launder stolen crypto funds, despite their legitimate uses for safeguarding privacy and personal information in an array of contexts where doing so is beneficial.

A solid case can be made that Blender.io has enough human-controlled components to make it a sanctionable entity. By putting bitcoin in Blender, users give custody of their tokens to its operators. But in the case of Tornado Cash, the smart contract addresses running the service and any Ethereum address that has ever used it were placed on OFAC’s Specially Designated Nationals list, blocking associated assets and prohibiting any use by US entities.

With newer decentralized privacy solutions on the horizon like Spinner Cash, which works with native bitcoin (currently testnet BTC), the implications of federal overreach against smart contract code will only grow more complicated. Coinbase is already financing a lawsuit challenging the Tornado Cash sanctions filed by six plaintiffs who used the service legitimately, arguing that the government went beyond its authority and violated the First Amendment. 

In 1996, in the ruling of Daniel J. Bernstein v. US Dept. of Justice that permitted the release of encryption software over federal objections, a US court found “no meaningful difference between computer language, particularly high-level languages as defined above, and German or French…. Like music and mathematical equations, computer language is just that, language, and it communicates information either to a computer or to those who can read it.”

This means that code and software are protected speech under the First Amendment, and that the government is trying to ban techniques that simply use math to protect privacy.

Design Distinctions

There are two main implementations of crypto solutions that use code to safeguard financial privacy. The first can be likened to a bag that many people put their coins into. The bag is then shaken and a different set of coins are redistributed to the depositors. CoinJoin privacy software like JoinMarket is an example of this. The problem is that the implementation typically requires a centralized entity taking possession of your coins to do the mixing.

Tornado Cash and the recently launched Spinner Cash are distinctive in that they enhance this practice using a cryptographic method called zero-knowledge proofs (zkSnark). While Tornado Cash is Ethereum-based, Spinner Cash currently interacts with native testnet bitcoin, as part of a direct bitcoin integration via the Internet Computer blockchain that will be generally released this year. Both services have been deployed in a way that eliminates any operational reliance on centralized entities. 

As the Coin Center think tank put it in a comment against the Tornado Cash sanctions: “This is sometimes difficult for persons unfamiliar with decentralized blockchain technology to understand, but an application (also known as a smart contract) can be installed on the Ethereum network in such a way that, once installed, the person who installed it no longer has any control whatsoever over it.… It will continue to operate as long as the Ethereum network continues to operate.”

Where This Is Headed

Given what we know about the issues with centralized privacy solutions, the government’s willingness to overreach on free speech, and the resilience of decentralized services such as Tornado Cash and Spinner Cash, the ideal service can therefore be defined as follows:

  1.     Once deployed, it cannot be shut down.
  2.     It runs on sufficiently decentralized infrastructure.
  3.     It includes sufficiently decentralized cryptocurrencies such as BTC and ETH, since the freezing of USDC associated with Tornado Cash accounts has shown that USDC is easily able to be frozen and rendered valueless to users.

Tornado Cash and Spinner Cash are the two services that most closely adhere to the above criteria. Though Tornado Cash has come under fire, Spinner Cash is noteworthy because its recent emergence and focus on native bitcoin is a strong indicator of how development within this space is continuing, and how future privacy solutions are likely to be implemented. Spinner Cash shows how new projects in this space see privacy protection as more than “mixing coins.” 

Though relatively unknown, Spinner Cash’s unique design allows it to privately handle bitcoin on-chain, with no bridge, because the Internet Computer’s bitcoin integration and threshold ECDSA signatures allow smart contracts to create bitcoin addresses and directly send and receive bitcoin. Spinner Cash has no record of user accounts or addresses, and no gas fees. Its application of zero-knowledge proofs to the world’s largest, most prominent, and battle-tested cryptocurrency demonstrates the potential for what superior crypto financial services can look like. It plans to provide more utilities too, including token swaps that preserve privacy, promoting more legitimate use cases in the DeFi space. 

The action against Tornado Cash has created uncertainty in this space, with close scrutiny of how legal challenges against the government’s overreach against smart contracts will proceed. It highlights the importance of having safe and effective privacy-oriented services, and the difficulties of implementing them with necessary resilience. 

Though Spinner Cash has yet to receive mainstream attention or adoption from the bitcoin community, it shows where this space is headed. Bitcoiners naturally resist using anything that isn’t native to bitcoin’s base chain or the Lightning Network, but bitcoin-enabled smart contracts on the Internet Computer are about as native to bitcoin as it gets. The smart contracts handle actual bitcoin UTXOs in a trustless manner and with atomicity, which could be the best approach to decentralized privacy solutions we’ve seen so far.