How to use Tornado Cash Nova
Learn how to protect your privacy on Ethereum with Tornado Cash Nova
TLDR:
This is a tutorial for Tornado Cash Nova that highlights how to preserve your privacy on Ethereum.
Warning - Omnibridge used at the end to withdraw your funds can take a long time to return them. It took me 3 days to receive my funds.
Ethereum is immutable and un-censorable so even though Tornado Cash has been added to OFAC’s sanctioned list it can still be used.
Last week I discussed the importance of privacy in world of public blockchains! However, the options for privacy on Ethereum have become very limited since Tornado.Cash was sanctioned by OFAC around this time last year.
My goal this week was to create a tutorial on how to use Tornado Cash regardless since the code is immutable and on-chain. In particular I wanted to focus on Tornado Cash Nova, which is a simplified version of Tornado.Cash that has an easier UX and apparently better way of anonymising your ETH.
In creating this tutorial I ran through all the steps below but only received my funds 3 days later! My original article incorrectly stated that the service would burn your ETH, but I’ve now fixed it accordingly after a correction on the Tornado Cash forum. Nonetheless, be warned that it may take time for the service to return your ETH!
What is Tornado Cash Nova
Tornado Cash Nova is a version of Tornado Cash ran by the community that created a better UX than the original but under the hood use much of the same audited contracts and code.
Tornado Cash Nova is completely decentralized and non-custodial, ensuring that your transactions remain private and secure at all times. It uses zero-knowledge proofs to break the link between depositor and recipient addresses.
The original Tornado Cash has support for ETH, DAI, cDAI, USDC, USDT and WBTC, while Tornado Cash Nova only supports ETH. The real key difference is that Tornado Cash is a little bit more complicated while Nova is just super simple.
Tornado Cash was sanctioned by OFAC (ie. banned by the US government) in August last year yet its still running, which is a testament to how Ethereum is immutable and un-censorable!
Follow along the steps below but be warned that it may take some time to receive your funds back in the end. In particular I waited 3 days for the ETH to make it back to my wallet.
Setting up your RPC
Since Tornado Cash has been banned by OFAC, companies like Consensys who are behind Metamask have stopped allowing you to transact with Tornado Cash contracts through their Infura RPC. Instead you need to use another RPC provider to be able to transact with Tornado Cash (as described here).
If you’re interested you can find the list of all OFAC sanctioned addresses on Etherscan here: https://etherscan.io/accounts/label/ofac-sanctions-lists.
To interact with Tornado Cash you therefore need to change the RPC provider away from Infura to another one that doesn’t block OFAC sanctioned addresses. You can find a list of different RPCs for Ethereum at https://chainlist.org/chain/1, and when testing I found that the very first one “https://eth.llamarpc.com” worked fine.
To update the RPC, open up Metamask’s Network settings and create a new network connection to the Ethereum mainnet with your new RPC as shown in the GIF below:
Open Tornado Cash Nova
Tornado Cash Nova is then super easy to use as I’ll show below. First start by just opening it at here https://nova.tornadocash.eth.link/, and you’ll see the screen below.
Press the “Set up account” button on the top right side.
You’ll be asked to download a key to your computer. This key ensures control of your funds even if you lose access to your wallet so its super important to back up and save.
Next it will ask to run a transaction to register that account that you’ll need to pay a small gas fee for.
Once the transaction has finished the “Set up account” button will change to a“Log In” button that when you press you’ll be asked to sign to confirm from your wallet.
Deposit
Now you’re ready to deposit some ETH. I put in 0.02 ETH for this tutorial since there’s an approximate 0.01 ETH gas cost of withdrawing later.
Next the process begins generating a ZK proof in the background. This can take upwards of 5 minutes.
Once the proof is finished you’ll be asked to sign a transaction that will transfer the ETH itself. Note that this transaction spends a notable amount of gas compared to the previous “register” transaction.
Wait
You’ll now need to wait for around 10 minutes for 20 transaction confirmations to go through and then another another 10 minutes for the OmniBridge transaction.
After the wait you’ll get a pop-up letting you know that the deposit has been received!
Once this step is completed your ETH will have been removed from your wallet and thrown into the Tornado Cash anonymity pool along with everyone else’s ETH who’s also made use of the service.
Realistically you should now wait a while before you withdraw what you put in. In principle the larger the gap between deposit and withdraw, the more your ETH gets mixed with others’ in the anonymity pool and the more challenging it is for blockchain analysis to connect up sender and receiver.
When you log in again with your account you can see the “shielded balance” at the top-right showing how much ETH Tornado Cash Nova holds for you.
Withdraw
Withdraws can be done in any custom amount of ETH, however to make it harder to connect the sender and receiver addresses its ideal to use the pre-suggested amounts shown below since no single transaction will stand out from the rest.
In our example we’ve not sent enough to Nova to fit the 0.1 ETH band suggested, so instead we’ll just use a custom amount and try to retrieve the full 0.02 ETH.
So next, write the amount to receive and recipient address into their respective fields.
There’s a fee that is approximately 0.01 ETH depending on gas prices, so with my 0.02 ETH I could only recover 0.01 ETH. With more ETH this fee becomes less noticeable.
Select withdraw and the equal and opposite process to deposit will kick off. As before you’ll first need to wait for the ZK proof to be generated.
After the proof, the withdrawal transaction will be created, but you do not need to sign a transaction for it, you only need to confirm the withdrawal on the UI.
Once confirmed you just play the waiting game again.
Eventually after another 10 minutes waiting for the 20 transaction confirmations plus another 10 minutes for the OmniBridge, you’ll get a withdrawal confirmation!
Congrats! You’ve now sent ETH between two addresses without them having directly interacted with one another keeping your on-chain anonymity!
As you can see it’s all pretty straight forward. You just deposit some ETH, wait some time, then withdraw it with another wallet!
The UX for Tornado Cash Nova is impeccable, albeit a bit slow.
Warning!
I had to wait 3 days to receive my ETH back!
Originally I wrote this article stating that my ETH had simply been burned as I had waited over 24h and the only thing I had to show for it was the transaction below on the Gnosis chain from Omnibridge showing that the money had been transferred out of Tornado Cash and burned.
I’d seen a similar pattern on other transactions too where the ETH on gnosis chain had been burned too.
I guessed that the Omnibridge contract may have been re-written in such a way that it was burning the ETH coming out of the sanctioned Tornado Cash addresses! This post even made its way onto the Tornado Cash forum where someone questioned whether “Omnibridge was censoring Nova withdrawals?”
Thankfully, I was wrong!
It just took a long time for the relay to send me my ETH back, probably because of a low gas issue.
Regardless, if you use this service be warned that you may encounter a similar issue and have to wait a few days for the money to make it back into your wallet.
We need Privacy preserving tools!
Privacy is a fundamental human right, and it's no different in the world of blockchain as I discussed last week!
The US government has overreached with the OFAC sanctioning of Tornado Cash and subsequent jailing of the developer behind it. This means few people want to take the risk and build privacy tech now.
Other than the Tornado Cash community who are still keeping it alive, I know of only one other team working on Ethereum privacy tech called Aztec who had a similar service called Aztec Connect but have since sunsetted it, although I believe they are working on a new privacy oriented L2 that I’ll keep a keen eye out for.
Either way by following this tutorial you now know how a privacy service’s user-experience can be relatively simple and yet very effective. Armed with that knowledge and the contract code on Github perhaps someone reading this will make an even more improved service like Tornado Cash that doesn’t use the sanctioned addresses.
Best of luck out there and keep building!
The information in this article is incorrect, the funds have successfully reached the recipient.
Details in the post of the current Tornado developer on the official forum: https://forum.tornado.ws/t/is-omnibridge-censoring-nova-withdrawals/152/3