Tutela: an Ethereum and Tornado Cash Anonymity Tool

Related tags

Cryptographyprivacyclusteringethereumtornado-cash
Overview

Tutela: an Ethereum and Tornado Cash Anonymity Tool

The repo contains open-source code for Tutela, an anonymity tool for Ethereum and Tornado Cash users.

About Tutela

In response to the Tornado Cash (TC) Anonymity Research Tools Grant, we have built Tutela v1, an Ethereum wallet anonymity detection tool, to tell you if your blockchain transactions have revealed anything about your identity. What does this mean? Well, for example, if you have used multiple Ethereum wallets to send tokens to a single centralized exchange deposit address, you may have revealed that your wallets are owned by the same entity.

We'd love to get user feedback! Tell us what you like, what you don’t and what you think is missing! Please leave your feedback in the Tutela-Product-Feedback channel of the Tornado Cash Discord.

The Tornado Cash User's Dilemma

Tornado cash users have multiple addresses and use Tornado Cash to hide this fact. We believe the most important need for this user base is to know whether their addresses can already be connected by third parties.

Tutela, an Anonymity Detection Tool

In response, our initial MVP has focused on informing users which of their Ethereum addresses are "affiliated" (a non-blockchain analogy would be haveibeenpwned.com). This involves using a clustering algorithm and two heuristics (i.e. reveals) so far, the Ethereum deposit address reuse heuristic and the Tornado Cash unique gas price heuristic. We plan to refine and add additional heuristics over time.

Current Heuristics

Ethereum Deposit Address Reuse Heuristic

When you send tokens from an Ethereum wallet to your account at a centralized exchange, the exchange creates a unique deposit address for each customer. If you reuse the same deposit address by sending tokens from multiple Ethereum wallets to it, your two wallets can be linked. Even if you send tokens from multiple wallets to multiple deposits, all of these addresses can be linked. In this way, it is possible to build a complex graph of address relationships.

Tornado Cash Pools Unique Gas Price Heuristic

Pre EIP-1559 Ethereum transactions contained a gas price. Users can set their wallet gas fee and pay a very specific gas fee (e.g. 147.4535436 Gwei) when they deposit in a Tornado Cash pool. If they also withdraw from that same Tornado cash pool, using the same wallet application (e.g. Metamask), but a different wallet address and haven’t changed the gas fee, it could reveal that two addresses are connected.

Tornado Cash Pools Synchronous Tx Heuristic

If a deposit transaction and a withdrawal transaction to a specific Tornado Cash pool share the same wallet address, then this address is now compromised, and should not add to the anonymity of future Tornado Cash transactions for that pool.

We Need Your Help!

Tutela is still in its very early stages and we are looking for feedback at all levels. Let us know your thoughts, critiques, and suggestions in the Tutela-Product-Feedback channel of the Tornado Cash Discord.. How can we make Tutela something useful for you? What features or heuristics are we missing?

Next Steps

Our plan for the next two months is to refine and develop Tutela v1 by:

  1. Getting your feedback!
  2. Refining the deposit reuse heuristic
  3. Adding anonymity set scoring for Tornado Cash pools
  4. Providing transaction by transaction reveal data (studying anonymity over time)
  5. Identifying, testing and implementing Tornado Cash Specific Heuristics:
    1. Transactions between deposit and withdrawal addresses from a specific TC pool
    2. Linking equal value deposits and withdrawals to specific deposit and withdrawal addresses - if there are multiple (say 12) deposit transactions coming from a deposit address and later there are 12 withdraw transactions to the same withdraw address, then we could link all these deposit transactions to the withdraw transactions
    3. Careless TC anonymity mining - anonymity mining is a clever way to incentivize users to participate in mixing. However, if users carelessly claim their Anonymity Points (AP) or Tornado tokens, then they can reduce their anonymity set. For instance, if a user withdraws their earned AP tokens to a deposit address, then we can approximate the maximum time a user has left their funds in the mixing pool. This is because users can only claim AP and TORN tokens after deposit transactions that were already withdrawn.
    4. Profiling deposit and withdrawal addresses - collect and analyze the behaviour of all addresses that have interacted with Tornado cash pools
    5. Wallet fingerprinting - different wallets work in different ways. We have several ideas on how we can distinguish between them. It will allow us to further fragment the anonymity sets of withdraw transactions.

Technical Summary

Ethereum and Tornado Cash transactions are downloaded using BigQuery. The deposit address reuse algorithm was adapted from the existing implementation in etherclust. Our Python implementation can be found in src/; it is written to scalably operate over the >1 Tb of Ethereum data. The Tornado-specific heuristics can be found in scripts/tornadocash, again written in Python. The Tutela web application lives in webapp/ and is written in Flask with a PostgreSQL database for storing clusters. The frontend is written in Javascript, HTML, and CSS.

Updates

We aim to provide consistent updates over time as we improve Tutela.

  • (11/17) We posted a pre-beta version of Tutela to the Tornado Cash community for feedback.
  • (11/23) We open-sourced the Tutela implementation and will make all future improvements public through pull requests. Since 11/17, we increased the number of CEXs for clustering from 171 to 332, and added a list of common addresses that we omit from consideration when classifying deposits. Improvements were made to the gas price and synchronous TCash reveals: searching by address will now return TCash specific information in the backend. Several bugfixes were implemented, such as address casing, incorrect deposit names, deposit reuse hyperparameters.

Contributors

Development of the web application and clustering was done by mhw32, kkailiwang, Tiggy560, and nickbax, with support from Convex Labs. Development of TCash heuristics was done by seresistvanandras, unbalancedparentheses, tomasdema, entropidelic, HermanObst, and pefontana.

Owner
TutelaLabs
Privacy tools for Blockchain
TutelaLabs
GitHub Repository http://tutela.xyz
Small utility to encrypt and decrypt messages

Safe Safe is a small utility to encrypt and decrypt messages using a pair of public and private keys. Installation You need to have GPG installed in y

Gustavo Eguez 2 Dec 21, 2021
Tool to compare smart contracts source code

smartdiffer Tool to compare smart contracts source code. Heavily relies on API of Etherscan and Diffchecker. Installation pip install smartdiffer API

Roman Moskalenko 23 Nov 16, 2022
Persian caesar and rot16 encryptor and decryptor

persian caesar and rot16 encrypt and decrypt how to install if you use windows python -m venv .venv .\.venv\Script\activate python -m pip install -r r

Mehdi Radfar 5 Oct 28, 2022
PyBeacon is a collection of scripts for dealing with Cobalt Strike's encrypted traffic.

PyBeacon is a collection of scripts for dealing with Cobalt Strike's encrypted traffic. It can encrypt/decrypt beacon metadata, as well as pa

NCC Group Plc 162 Dec 21, 2022
Mysterium the first tool which permits you to retrieve the most part of a Python code even the .py or .pyc was extracted from an executable file, even it is encrypted with every existing encryptage. Mysterium don't make any difference between encrypted and non encrypted files, it can retrieve code from Pyarmor or .pyc files.

Mysterium the first tool which permits you to retrieve the most part of a Python code even the .py or .pyc was extracted from an executable file, even it is encrypted with every existing encryptage.

Venax 116 Dec 21, 2022
Hide secret data within a digital image using good ol' terminal

pystego Hide secret data within a digital image using good ol' terminal Installation The recommended way for installing this package is using, python

Ayush Gupta 1 Jan 06, 2022
Maximal extractable value inspector for Ethereum, to illuminate the dark forest 🌲 💡

mev-inspect-py Maximal extractable value inspector for Ethereum, to illuminate the dark forest 🌲 💡 Given a block, mev-inspect finds: miner payments

Flashbots 563 Dec 29, 2022
Bridge between L1 (Ethereum) and L2 (cheapETH)

The ETH chain and the cheapETH chain. We can assume the ETH chain has ~1000x more value than the cheapETH chain.

107 Oct 12, 2022
This is a webpage that contains login and signup page by which the password is stored using elliptic curve cryptography

LoginPage_using_Elliptic_curve_cryptography- This is a webpage that contains login and signup page by which the password is stored using elliptic curv

1 Oct 15, 2021
💰 An Alfred Workflow that provides current price of cryptocurrency

Coin Ticker for Alfred Workflow An Alfred Workflow that provides current price and status about cryptocurrency from cryptocompare.com. Supports Alfred

Bumsoo Kim (Ian) 14 Nov 17, 2022
Retrieve ECDSA signature R,S,Z values from blockchain rawtx or txid.

rsz Retrieve ECDSA signature R,S,Z values from blockchain rawtx or txid. Info The script parse the data of rawtx to fetch all the inputs in the transa

iceland 29 Nov 18, 2022
PySETO is a PASETO (Platform-Agnostic SEcurity TOkens) implementation written in Python

A Python implementation of PASETO.

Ajitomi, Daisuke 33 Dec 17, 2022
obj-encrypt is an encryption library based on the AES-256 algorithm.

obj-encrypt is an encryption library based on the AES-256 algorithm. It uses Python objects as the basic unit, which can convert objects into binary ciphertext and support decryption. Objects encrypt

Cyberbolt 2 May 04, 2022
Repository detailing Choice Coin's Creation and Documentation

Choice Coin V1 This Repository provides code and documentation detailing Choice Coin V1, a utility token built on the Algorand Blockchain. Choice Coin

Choice Coin 245 Dec 29, 2022
SimpleWallet - Simple wallet for Bitcoin

Simple Wallet This is a basic python starter package to be used as a template fo

Mystic 1 Jan 08, 2022
Token drop template on Tezos blockchain, based on Merkle Tree Distribution mechanism.

🛬 Token Drop Template This is a template to perform token drops efficiently on Tezos blockchain. The drop is handled using Merkle Tree Distribution m

Anshu Jalan 5 Oct 11, 2022
Generate bitcoin public and private keys and check if they match a filelist of existing addresses that have a nonzero balance

btc-heist Running Install deps, i.e., python3 -m pip install -r requirements.txt Download the CSV dump of all bitcoin addresses with a balance and cut

Denis Khoshaba 103 Dec 05, 2022
Python binding to the Networking and Cryptography (NaCl) library

PyNaCl: Python binding to the libsodium library PyNaCl is a Python binding to libsodium, which is a fork of the Networking and Cryptography library. T

Python Cryptographic Authority 941 Jan 04, 2023
The Qis|krypt⟩ is a software suite of protocols of quantum cryptography and quantum communications

The Qis|krypt⟩ is a software suite of protocols of quantum cryptography and quantum communications, as well, other protocols and algorithms, built using IBM’s open-source Software Development Kit for

Qiskrypt 14 Oct 31, 2022
This is simple Blockchain ,miner and wallet to send crypto using python

pythonBlockchain-SImple This is simple Blockchain ,miner and wallet to send crypto using python It is simple Blocchain so it can only dobasic work usi

3 Nov 22, 2022