Tornado.cash has been an early and promising prospect in Ethereum’s advancing privacy arena.
Its potential? To be a solution anyone can use to make anonymous Ethereum transactions in a non-custodial manner, meaning users would maintain control of their funds every step of the way.
However, due to the security trade-offs and the financial stakes around a rising project like Tornado, the tool isn’t entirely non-custodial yet — its admins could still materially exert control over the system if put under duress, for example.
“The dirty secret of Tornado Cash is that it is controlled by a multisig, and the trusted setup was done on a single machine,” SpankChain CEO and MolochDAO grassroots Ethereum funding group founder Ameen Soleimani said in a recent proposal to fund $40,000 toward a new Tornado trusted setup ceremony.
Such a ceremony would set up the parameters of a new non-custodial version of Tornado in a verifiable way, and the good news for the project and for Ethereum in general is that funding proposal did pass. The passage kicked off work on an audit by NCC Group Security Services, an auditing firm recommended to Soleimani by Zcash pioneer Zooko Wilcox.
Toward Better, More Secure Privacy
This will set Tornado on a trajectory to fulfilling its full potential, Soleimani has said:
“The objective is to perform a legit trusted setup, then ditch the admin multisig and lock the contract open, so we have privacy on Ethereum until the heat death of the universe or the end of time, whichever comes first.”
Notably, the NCC audit of the new Tornado trusted setup codebase comes after MolochDAO facilitated a prior $10,000 proposal aimed at optimizing the user interface and design of the ceremony.
As for the newly approved funding, it’s put Tornado on course to be fully decentralized in short order. In responding to criticism that the tool has previously been hailed as non-custodial when it wasn’t, Soleimani separately noted:
“I’ve never called it safe yet, pretty sure the team advertises it as ‘highly experimental.’ In less than 1 month it will be legitimately decentralized though.”
A Win for MolochDAO
Actualizing better privacy on Ethereum is a major point of need for the platform and frankly for blockchain projects in general. Tornado has been an early star in Ethereum’s young horizon accordingly, but it’s needed help getting across its finish line potential-wise faster.
To that end, MolochDAO’s $40,000 grant was hugely helpful — surgical, conducted fleetly and with focus for something that is extremely consequential for the Ethereum community on an indefinite basis going forward.
As such, the episode shows in stark fashion just how much of a force for good that the MolochDAO group can be in the Ethereum ecosystem.
The organization was first launched in early 2019, and since then it’s gone on to fund thousands of dollars of grants toward dozens of Ethereum projects. Its funding of the Tornado trusted setup audit is hardly the group’s first consequential efforts, then, but it may very well go down as some of its most important and long-lasting work when all is said and done.
Ethereum is itself a flexible platform, so the blockchain’s flexibility combined with the privacy offered by Tornado can eventually prove to be quite a dynamite combination.
For insance, consider the coming bitcoin-pegged tBTC Ethereum token, which is slated to launch in a few weeks and will bring a trustless version of the OG cryptocurrency into Ethereum’s DeFi arena. In the future, it’s possible that Bitcoiners will be able to most effectively “mix” their bitcoins atop Ethereum using solutions like Tornado.
Moreover, that’s just one contemporary example out of many possible ones. At this point, it seems hard to overstate the utility of a mature Tornado project all things considered.