Tornado.cash is a recently announced dApp on Ethereum that allows private
transactions on the otherwise public Ethereum network. Private transactions have
been a lot sought after feature on Ethereum, with many projects developing such
features. Private transactions are a transfer of funds that provide a measure of
privacy in the otherwise quite-public Ethereum network. In the case of
Tornado.cash, the measure of privacy is in disconnecting between the entity
sending the funds, and the one receiving the funds.
To do this, Tornado.cash uses a mixer contract, in which the funds mix together.
Using Zero-knowledge-proofs, Tornado.cash provides mechanisms for deposits to
and withdrawal from this mixer contract while hiding the relationship between
the sender and the receiver. Each withdrawal could be from any previous deposit.
The Tornado.cash contract is designed to be decentralized and non-custodial,
leaving users in full control of their funds throughout the process. Under the
Tornado.cash implementation, the operator of the mixer receives a predetermined
fee for each transaction.
The Tornado.cash project is an elegant solution to enabling somewhat private
transactions over Ethereum, and uses existing technologies and is already
available for use today on the mainnet. The Tornado.cash team have highlighted
the project is still in beta phase, and use is still risky. This project is a
great example of community projects and their benefit to the entire ecosystem,
pushing the technology to its extremes.
Reviewing the Tornado.cash contracts, we can see once again proof that truly
decentralized applications are a difficult thing to create. While we have no
doubt the team had the greatest of intentions, constructing systems that are
secure against their own creators is a challenging task.
Reviewing the contracts in-depth, our analysis shows the current contract
implementation allows the contract's operator to halt all withdrawals from the
mixer. The full technical details are available below. The direct meaning of
this issue is that the Tornado.cash team or any future operator of the mixer can
freeze all funds currently in the mixer. We're confident the team has no
intention to use this bug to their advantage, and the team has been very vocal
that the contracts are still being reviewed.
Nevertheless, we see this as proof once again, that writing contracts that are
safe and decentralized is a challenging task, and can be impacted by even the
ABOUT VALID NETWORK
Valid Network provides a comprehensive cybersecurity platform for DApps
(Decentralized Applications). Valid Network's unique value proposition is well
defined in its DevSecOps approach that protects organizations from the first
line of code developed, through supplying assurance and governance for live
business transactions. Valid Network’s experience in distributed systems brought
the team to exhibit several breakthrough technologies for detection, monitoring,
FULL ISSUE TECHNICAL DETAILS
Tornado.cash contract's withdraw function transfers a constant allowed value
minus a fee to the receiver and then transfers the fee to the contract's
operator. The contract's operator is an address determined in the constructor,
and that can be changed only by the current operator. If the contract's operator
itself happened to be a contract where Ether can not be received, e.g. there is
no payable function in the contract or the existing payable function reverts, or
the payable function is gas heavy, then the whole transaction would be reverted,
including the receiver's withdrawal. In other words, funds that have been
deposited are locked until the flawed operator contract is replaced, and it puts
the operator in a spot of a centralized single point of failure component.
Tornado Cash Mixer source [/img/blog/tornado-cash-transfer-code.png]
Put the operator's fee transfer logic in a different function, that can only be
invoked in a different transaction, and this way eliminate the receiver
dependence on the operator's contract.Read More
Blockchain Front Running simplified|
Aug 15, 19
In this video we explain how can you detect and prevent your contract from
containing one of the most well known vulnerabilities, the front running.View
Applications of Zero-Knowledge Proofs|
Jul 11, 19
Zero-Knowledge Proofs are a way of verifying data to an external party without
revealing the data itself. They work by taking questions from the external party
or the ‘verifier' and answering in a simple yes or no. The lack of data shared
with the ‘verifier' in the transaction of this information makes Zero-Knowledge
Proofs very attractive to data security and privacy advocates.
The simplest example is if a bank needed to know if you fulfill the requirement
of having a minimum wage required to acquire a loan. As it is currently, you
have to submit a number of documents such as your identification, salary slips
among other things to the back. With these documents, the bank now knows much
more about you than whether or not you meet the minimum salary requirement for
With Zero Knowledge Proofs you would be able to confirm to the bank that you do
fulfill that requirement without telling them any additional information or even
your exact salary. There are many other applications of Zero-Knowledge Proofs
despite asking the bank for a loan. Let’s go into detail about some of them.
Authentication systems are what inspired the birth of Zero-Knowledge Proofs in
the first place. Through Zero-Knowledge Proofs one party would be able to prove
its identity to a second party without revealing any specific information.
This comes in handy when there is a threat of middle-men listening in on your
communication. In such a scenario, simply sharing a secret that both parties
know would not be ideal since it would also reveal the secret to the middle-man
listening in. Hence, providing proof of identity without sharing a shared secret
such as a password is much safer.
With Zero Knowledge Proofs we can dictate a user to only act in a manner that is
allowed for them. Whenever a user tries to access information or perform an
action that they are not allowed to do, they will be rejected.
This is possible due to a special quality of the Zero Knowledge Proofs called
‘Soundness’, which states that a verifier will almost always know when a
dishonest prover's statement is false. Hence, whenever a user tries to lie about
whether they are authorized to access a resource or issue an order, they would
Another use case for a ZKP is transactions which require confidentiality. In a
blockchain like Ethereum, whenever there is a transaction, typically, the
blockchain records some information regarding the sender, receiver and the
amount transferred. Since all blockchain records are public, anyone can look at
that information and make some assumptions about the financial status of the
sender and receiver.
ZKPs can help avoid a situation like this by hiding the sender and receiver
information. They can vouch for the validity of a transaction without revealing
the information about the participants.
BONUS: SHARING PERSONAL INFORMATION
This is where our example of the bank-loan fits in. It is the ideal scenario
where you need to conform to the bank whether you are qualified for a loan but
you don't want to reveal unnecessary information to the bank. ZKPs would help
the bank confirm your qualification for the loan and help you avoid having to
share more information with the bank.
Zero Knowledge Proofs are an important concept that is going to have an impact
on how we transfer and confirm data in the future. Especially in the case of
digital assets such as cryptocurrencies and tokens. Furthermore, ZKPs can also
help push back against the constantly snooping and spying corporations that
collect user data to sell at a profit.Read More
Zero Knowledge Proofs – Personal Data Security and Privacy|
Jul 04, 19
Over the course of the last year and a half, Facebook and Google combined have
been involved in over a dozen scandals relating to a violation of customers’
Google is shamelessly introducing more and more intrusive programs into its
plethora of apps and services to track everything their users are doing on the
internet. Facebook allowed companies access to the personal data of millions of
their users for a price. They went as far as to allow companies like Netflix
access to users’ private messages.
This relentless and predatory behavior from corporations shows no signs of
slowing down and they are continuously evading accountability for their actions.
Even when they are forced to face the consequences of their actions, they are
simply asked to pay a fine. But for these companies, the fines are simply a cost
of doing business since the profits they gain from these practices are way
higher than the fines they have to pay.
We need to provide our data in order to avail some services such as health
insurance or bank loans. However, as long as these companies have access to our
data, we can’t be sure that our data will remain private.
So, how do you confirm that you are eligible for a loan or an insurance package
without allowing these companies access to your medical and financial data? The
answer is Zero-Knowledge Proofs.
COMPLETE & SOUND YET ZERO KNOWLEDGE
With Zero-Knowledge Proofs, a ‘verifier' is able to confirm some fact about the
‘prover' without learning anything else about the ‘prover'.
A Zero Knowledge System builds trust in a data-free process through these three
A verifier can trust that an honest prover's statement is true.
A verifier will almost always know when a dishonest prover's statement is false.
The prover can trust that the verifier learns nothing beyond the fact the
statement is true.
If you want to learn how a Zero-Knowledge Proof works, you can read more here
(Link Article 1 here).
SUPPORTING DATA PRIVACY & SECURITY
For the average reader, it is hard to wrap your head around Zero-Knowledge
Proofs. However, it is a way of data verification that could free us from the
plethora of spying corporations that are constantly logging our every whim and
trying to squeeze out more profit. Which is why Zero-Knowledge Proofs are
considered to be the ultimate solution to the problem of data verification. You
can still confirm for a verifier that you have the data that is required without
revealing additional information.
Furthermore, for any hacker, the only outcome of value out of an attack is the
data. A very significant loophole in the current system of internet is the
medium of data transfer. Any hacker that has access to any device used in the
process of data transfer has a chance of listening in and altering that data.
But Zero-Knowledge Proofs we can avoid this loophole completely. Since
Zero-Knowledge Proofs offer no data during a transaction, there is no data to
steal for someone listening in.
Zero Knowledge Proofs could really be the solution to the problems of data
privacy and security of today.Read More
Trusted Setups, zkSNARKs, zkSTARKs, bulletproofs, and zkSHARKs – An Overview|
Jun 29, 19
Zero-Knowledge Proofs are integral to the implementation of a truly private
cryptocurrency. They can be trusted for data verification without the need to
actually share any data. This means that a transaction in a digital environment
can be successfully carried out without the need to share sender, receiver or
account specific information.
However, when forming a blockchain supported by Zero-Knowledge Proofs (ZKPs) to
run a private cryptocurrency on, the first problem that needs to be tackled is
the formation of the Genesis block. The genesis block is the first block of any
Because of our dependence on ZKPs, in order to achieve the genesis block, we
need to perform a separate ‘ceremony' that creates the parameters for the
Zero-Knowledge Proving System. This additional step is what’s commonly known as
the “Trusted Setup”.
In order to understand what a “Trusted Setup” is, we first need to define what
The acronym zk-SNARK stands for “Zero-Knowledge Succinct Non-Interactive
Argument of Knowledge,” and refers to a proof construction where one can prove
possession of certain information, e.g. a secret key, without revealing that
information, and without any interaction between the prover and verifier of a
Zero-Knowledge Proof system.
Zero-knowledge proofs allow one individual to prove to another that a statement
is true, without disclosing any information beyond the validity of the
statement. The main objective of a Zero-Knowledge Proof system is the fact that
little to no information sharing is required in order to build trust between the
The “Succinct” part of the acronym means that these proofs are smaller in size
and can be quickly verified. “Non-interactive” means that there is little to no
interaction between the prover and the verifier of the Zero-Knowledge Proof
The “Arguments of Knowledge” part of the acronym points to the fact that
zk-SNARKs are considered computationally sound. What this means it that a
“dishonest” or invalid prover has a very low probability of guessing the right
answers to the questions asked by the verifier.
To sum up, zk-SNARKs are the engine that allows for a transaction to be quickly
and efficiently verified and added to the blockchain without revealing any
details to the public. However, zk-SNARKs work under the assumption that the
prover does not have the computing power to correctly guess the proofs. However,
a computational limitation is eventually going to stop working as processors
become more powerful.
zk-SNARKs require a pre-existing setup between the prover and verifier. A set of
public parameters define the “rules of the game” for the construction of
zk-SNARKs. On a blockchain, these parameters are required to prove the validity
of a transaction.
However, this creates a centralization issue for the first or “Genesis" block
because the parameters are often formulated by a very small group. Furthermore,
the keys generated for the proof system to work can be used to create unlimited
tokens on the chain undetected.
Only when you have trust that the keys generated for the initial setup were
destroyed, the setup is called a Trusted Setup.
zk-STARK stands for “zero-knowledge succinct transparent argument of knowledge”.
Depending on the implementation, a zk-STARKs are the more efficient and cheaper
variant of zk-SNARKs. However, the distinctive feature in zk-STARKs is the fact
that they do not require a Trusted Setup.
Technically speaking, zk-STARKs do no require an initial trusted setup because
they rely on leaner cryptography through collision-resistant hash functions.
Furthermore, zk-STARKs are prone to attacks from powerful computers of the
future because of the number-theoretic assumptions of zk-SNARKs that are
zk-STARKs are safer versions of zk-SNARKs and provide a simpler structure in
terms of cryptographic assumptions. However, zk-SNARKs are much smaller in size
as compared to zk-STARKs which means they have limitations of their own when
Bulletproofs are short non-interactive zero-knowledge proofs that were first
proposed in 2017 in a whitepaper by Stanford University. They are an efficient
and secure form of range proofs that utilize zero-knowledge proofing methods
like zk-SNARKS and STARKs, but do not require the trusted setup as required with
zk-SNARKS but are closer to zk-STARKs in size.Read More
Zero Knowledge Proofs – An Overview|
Jun 22, 19
Whenever you want to login into your social media account, say Twitter, you are
expected to provide a secret passage – a password. The website checks if your
password is correct and if it is, you are granted access.
This mechanism works because Twitter assumes that you are the only one who knows
the password to your account and that you wouldn’t share your password with
anybody else that you don’t want accessing your account.
However, imagine you find out that there is someone spying on you and wants to
know your Twitter password so they can tweet something embarrassing and untrue
about you; like ‘I don’t like pizza!’
Now, you want to use your Twitter account but you can’t reveal your password.
You have to convince Twitter that it really is you who are trying to access this
account without revealing your password and Twitter needs a mechanism to confirm
that you are who you claim you are and it’s OK to let you in. This is where Zero
Knowledge Proofs (ZKPs) come in handy.
Zero Knowledge Proofs is an encryption scheme, first proposed by MIT researchers
Shafi Goldwasser, Silvio Micali, and Charles Rackoff in their paper "The
Knowledge Complexity of Interactive Proof-Systems" in 1989.
An encryption scheme is responsible for changing the contents of a message in
such a way that anyone listening in on the communication can’t make any sense of
it. However, the receiver knows how to decipher the message and is able to
In their paper, the MIT researchers gave the first zero-knowledge proof for a
concrete, real-world problem and won the Godel Prize for their work in 1993.
HOW IT WORKS
Zero-Knowledge Proofs allow some data to be verified without revealing that
data. Each ‘transaction’ of data verification has a ‘verifier’ and a ‘prover’.
The prover attempts to prove something to the verifier without telling the
verifier anything else about that thing.
By providing only the final output, the prover proves that they know something
without revealing the process by which they know it. Meanwhile, the verifier
only learns about the output and that is enough.
THE ISSUES AT HAND
Data privacy is one of the most important subjects nowadays. People are becoming
more and more aware of their right to privacy and the intrusive and exploitive
practices of tech giants like Google and Facebook to collect, resell and probe
through personal data, all for a profit.
Even if you are not a social media person and rarely go to those websites, your
mobile network provider and even the OS in your smartphone (Android, iOS, etc.)
is gathering data on you.
So, what is the solution? Do you just disconnect from the internet and go off
the grid? Do you block out all companies from accessing any of your data
You can’t do any of that because life without internet is not possible in this
day and age. Furthermore, there are services that we depend on that require our
data. Examples include insurance companies who need our medical data to provide
us their health insurance and banks that need access to our credit score to give
us a loan.
With Zero-Knowledge Proofs, we can still enable insurance companies and banks to
verify the parameters that they need to verify without revealing specific
We can exercise our right to privacy while continuing to enjoy the services that
really do need our data to function and blocking intrusive companies who exploit
their access to our data and violate our privacy.Read More
Ethereum reentrancy hack explained|
Jun 16, 19
The re-entrancy hack detection, exploitation and prevention explained.View
Integer Overflow vulnerability prevention explained|
Jun 16, 19
Webcast presented on the 26th of May 2019 By Ilan Sernov from Valid Network.View
Valid Network was built on the understanding that Blockchain (Distributed Ledger Technology) has the
potential to change how we do business globally and have a huge impact on our day to day life. We
founded Valid Network with the mission to become the enablers of faster adoption of blockchain
technology for our customers.