Epicenter - Learn about Crypto, Blockchain, Ethereum, Bitcoin and Distributed Technologies - Roman Semenov: Tornado Cash – Keeping Your Ethereum Transactions Private
Episode Date: June 8, 2021By default, all transactions made on Ethereum are public. Tornado Cash is a decentralized privacy preserving solution built on Ethereum which adds privacy through obfuscation. Users can place Ether an...d some stable coins in prescribed increments [1 Eth, 10 Eth, 100 Eth...] into the Tornado Pool. In return, they are issued a private note, with which they can withdraw funds at a later time to a different address.We were joined by Roman Semenov, co-founder of Tornado Cash, to talk about how the protocol works, how it was set up, community governance, and where he sees Tornado Cash's position in the quickly growing privacy ecosystem on Ethereum.Topics covered in this episode:Roman's background and how he got into cryptoThe problem Tornado Cash solves and how the protocol worksWhat tokens are supported and can you swap tokens?Smart contracts and zero knowledgeCosts involved for deposits and withdrawlsWeaknesses of the protocolThe Compliance Tool featureThe regulatory threat to private coins in the futureTornado Cash's roadmap and how they see themselves positioned in the wider ecosystemEpisode links:Tornado.cashDune AnalyticsTornado Cash on TwitterRoman on TwitterSponsors:Exodus: Exodus the easy-to-use crypto wallet available on all platforms and supporting over 100 different assets. - https://exodus.com/epicenterParaSwap: ParaSwap’s state-of-the-art algorithm beats the market price across all major DEXs and brings you the most optimized swaps with the best prices, and lowest slippage - http://paraswap.io/epicenterSolana: Solana is the high performance blockchain supporting over 50k transactions per second to power the next generation of decentralized applications. - https://solana.com/epicenterThis episode is hosted by Friederike Ernst & Sebastien Couture. Show notes and listening options: epicenter.tv/395
Transcript
Discussion (0)
This is Epicenter, episode 395 with guest, Roman Seminov.
Welcome to Epicenter, the podcast where you need of your crypto founders, builders, and thought leaders.
I'm Sebastian Kui, and I'm here with Felica Ernst.
Today we're speaking with Roman Seminov.
He's the co-founder of Tornado Cash.
It's a fully decentralized protocol for private transactions on Ethereum.
Before we talk to Roman, I'd like to tell you about our sponsors this week.
Exodus is an easy-to-use wallet which supports hundreds of assets and has native apps for all platforms, including iOS.
and Android. It's fully non-custodial, and they're firm believers of not your keys, not your coins.
Go to exodus.com and give it a try. Paraswop just came out with a huge update that's even faster
and more liquid. It's cheaper than new swap and it comes with a new gas token that can cut your
gas fees by up to 50%. Paraswap is now multi-chain and has expanded to Polygon and Binance,
smart chain, and you can start trading at pariswop.io slash epicenter.
And Solana is the next generation blockchain with lightning fast blocks and fees.
less than one cent per transaction.
Scalability is perhaps the biggest single challenge
preventing crypto from becoming the backbone of the financial system.
Go to salada.com slash epicenter to learn more.
So, Ramon, thanks for joining us today.
Tell us a bit about yourself, what's your background
and how did you get involved in crypto?
My background is I learned, studied physics originally,
but then I got into programming,
founded a few startups, web services.
Then I got into blockchain, I think four years ago.
Worked on Ethereum scalability solutions.
At this time, it was plasma, but then switched to ZK Snarks and privacy.
What did you do in physics?
I'm a physicist by training also.
It's quantum statistics and field theory,
so the black holes, small particles and all this stuff.
When you got started on the privacy,
side of Ethereum applications. What kind of drew you to that? I started by learning ZKSnark's
to do some scalability stuff and they can also be applied to oracles and other things. But one of
the main applications is privacy. So I've built a few privacy projects on Ethereum hackathons
and then we just decided to build something for production. The thing that you built for
production was tornado cash, right? So tell us about tornado cash in a nutshell. So we'll dive deep
into how it actually works in a bit. But what problem is it that tornado solves?
The privacy, because by default, all Ethereum transactions are public and not many people are
comfortable with all their financial history being public. So it solves this problem.
Can you describe in a nutshell how that works?
How do I make my transaction not public?
If you have Ethereum wallet, if you just transfer some funds to a new wallet,
the wallet can be connected.
Like everyone can see that funds went to this new address.
But with Tornado Cash, you can put your funds into Tornado Pool.
And when you do this, Ternada Cash generates a private note for you.
This note will be used to access your funds later.
it's kind of similar to a private key.
Then when you want to withdraw, you generate a new address
and use this private note to withdraw your funds to this new address.
And nobody will see how your old address is connected to a new one.
The way I see Trennaicash is it's like this black box where you throw funds into it.
And then on the other end, you can withdraw funds.
And there's no way of knowing where those transactions are connected,
because everything is obfuscated by the cryptography in Tornado Cash.
Can you walk us through some of the usage scenarios?
What does a user use Tornado Cash for?
Who are your users?
If you want to get a new identity on blockchain,
you can put some of your funds to Tornado Cash pool
and withdraw to your fresh address
and use it for some things that you don't want to be connected
with your previous identity.
When people deposit into tornado cash,
they're given a zero knowledge-based note
that allows them to withdraw
as much as they put in minus a fee.
This kind of hinges on the fact
that other people use that service as well.
So, right?
So basically, if I'm the only one who uses tornado cash,
it's no good,
because everyone knows exactly one person put money in
and exactly one person pulled money out.
So what do you recommend to users of Tornado Cash?
So I assume it's advisable to leave,
to not withdraw immediately after depositing?
Correct.
You can imagine Ternada Cash Pool as a bag of coins
that are all the same.
And some people come along and throw a new coin into this bag.
And then some other people come and take the coin,
take some coins from this bag.
So there is some activity like people come and go, but for example, if someone puts a coin into this bag and then someone else immediately takes coin out,
someone can think that probably this is like the same person.
It is better if you mix with the crowd.
So you put your funds into the pool, wait until at least few more people interact with this pool,
and then take some funds out.
So basically it's better to use the protocol
when there's a lot of noise
to kind of obfuscate the lineage
between your deposit transaction
and your withdrawal transaction.
Yeah.
And there are also fixed denominations, right?
So basically there's different pools
for different increments of tokens.
Yeah, and those pools are completely separate.
This is done because, for example,
if we would allow any amount,
if you put some specific amount like 1.33 Ether in there and then take out the same amount,
people can see that probably this is like the same user.
So what's the typical daily volume that goes through your protocol and how many users interact with it?
It's usually dozens.
You can check the actual stats on the, we have the Dune Analytics dashboard.
It can be accessed from Ternata Cash up.
it's in the main menu.
But basically it's dozens of transactions for each pool,
and the total number of transactions are around like 10,000 plus plus.
And which tokens do you support?
So I assume Ether is supported, but what about other tokens?
Ether is the most popular one, and it provides the best anonymity set.
But Turned the cache also supports
die, C dye and rubb BTC.
And people can also use those, but there are fewer users,
so less anonymity at the moment.
I assume this only works for tokens which reasonably liquid, right?
So basically where there's quite a lot of demand for obfuscating the origin of these coins.
Do you have an idea of how to extend that to less liquid coins?
the easiest solution is you can exchange less liquid coins to ether, use Ternada Cash for
ether, and then you can exchange back to those coins.
Basically, the assets that are chosen for Ternada Cash pools are the ones where people
want to hold their funds.
For example, if a user wants to hold their funds a long time in Ternada Cash, maybe someone
is not comfortable holding ETH and more comfortable holding stable coins. For example, some users
don't want to be exposed to ETH volatility. They can use DIP pool to put their money there
for a few months, for example. Is there a way, have you thought of, I don't know, like technically
how feasible this is, but for the Tornado Cash from our contract to also include, in addition to the
privacy aspect, some sort of automated market maker type of application that would allow users
to basically swap tokens. So you could have like one person with depositing ETH and wanting to
withdraw die and you could have maybe like another in the same pool wanting to do the inverse.
And you could just basically kind of like have those users like swap their tokens for one
another. It's not easy to do this while preserving privacy. So automated market makers,
are not very friendly with, like, privacy solutions.
Because, for example, in solution that you described,
those two assets can change their relative value.
For example, when you deposited, they were worth, like, the same.
But maybe when you withdraw, one of them are now 10 times more expensive.
And it will be hard to do this, like, matching and exchange.
Let's get to our sponsor, Exodus.
Exodus is a fantastic cryptocurrency wallet that strikes a right balance between ease of
you, security and great features.
You can get Exodus on the iPhone, desktop app, web app, Android, whatever platform you use.
It's a non-custodial wallet and that is so critical.
Because what's the point of crypto if you don't control your own assets?
With Exodus, you always do.
They're old school and they've been around since 2015.
Over 1.2 million users rely on Exodus so you know that they've stood the test of time.
They have support for over 100 different crypto assets.
And from within Exodus, you can easily change one different asset to the other.
They also allow you to buy crypto with Fiat.
And they even have a great offer where you can buy up to $500 worth of crypto through their iOS app and pay just $1 in fee.
So go to exodus.com slash epicenter and check out their wallet.
We want to thank Exodus for their amazing support of AppCenter.
So let's talk about how Eternate Cash works under the hood.
So we already mentioned that there's different pools, like for 1, 10 or 100th.
Talk about the smart contract and the particular zero-knowledge technologies that
Turner-A-Cash uses.
I wanted to ask you how deep do we want to go.
This is a fatty technical podcast. You can go technical.
So there are basically two actions.
deposit and withdraw.
There is also an immunity mining, but we can talk about this later.
When you deposit, the front end generates some random bytes, to be precise, like 62 bytes,
but that doesn't matter.
Like some random array of bytes computes their hash and sends your if along with this hash
to the smart contract.
It calls deposit function.
And then smart contracts inserts this hash into the
Merkel tree. And the hash function is used Pedersen hash. It's more snark-friendly than regular
Shah 3 or whatever. And then the interesting part happens when you withdraw. Deposit is simple,
but it's quite expensive because this hash function is pretty expensive in solidity. Since you
insert in the Merkel 3, you need to compute a lot of those. But the operation itself is somewhat
simple. When you withdraw, the front end takes the same array of bytes and splits it into. The first
part is called secret and the second part is called nullifier. This time we hash only this last
part, nullifier hash, and using the snark, we prove that we can take this random array of bytes,
your key, and if we hash all of it, we get your commitment. And if we hash only the second part of it,
we get your nullifier. And also it proves that this commitment, the hash of all this key, is present
in the Merkel tree of deposits. So the inputs for Snark's is Merkel root. When you're using
zero knowledge, some inputs are private and some inputs are public. The public inputs are sent
on chain to check them against some smart contract data. And private inputs are only present
when the user generates snark proof. So the public input is Merkel root and smart contract
will check that Merkel route used for this snark proof is the same that he has on the smart
contract, like for three of deposits.
Merkel path is private.
So the external observer only sees that the note is present in this Merkel tree, but
doesn't know where exactly it is located, which leaf exactly it is.
And also, smart contract can verify that all hashers were computed correctly because
it is proven with this snark.
Also, hash of the second part, nullifier hash, is also public.
And it is used to prevent double spends.
When user withdraws funds, the smart contract verifies that this nullifier hash is not present
already in this array of nullifier hashes.
And if it is present, then it means the same node was already withdrawn.
And interesting part is that nullifier hash is.
is not, cannot be linked to commitment, to hash of all this value,
because those are computed from different bytes,
and they seem completely random to external observer.
So you already alluded to the fact that these transactions are pretty costly on-chain.
Can you give us an idea of how much they cost at, say, 100 kwe?
So deposit costs a little bit more than,
1 million of gas.
So this will be, it depends on Ether price too, but I guess like $200 or something like this.
And withdrawal is cheaper.
Withdrawal only computes, like verifies snarkproof and it costs around 400,000 gas.
You can only withdraw in the same increments that you've put in, right?
You can't just say I'll put in 100th and then I'll just withdraw a point.
one of an eth or one eath whenever I need one eath, you have to deposit and withdraw the same
increments.
Exactly.
Yeah.
With current implementation, yes.
Is there a plan to make this more efficient?
Because obviously depositing at, say, 200 euros per transaction or $200 per deposit is pretty
expensive and only pays for a pretty large sum.
So basically, if I want to obfuscate, say, $100,000, that may be worth it.
but if it's only one-eath or something,
it's probably unfeasible, right?
Yes, there are many ways to improve the current solution.
When we developed Ternada Cash,
we were thinking about what the simplest solution we can make
to solve privacy and roll it out to Mainnet faster.
But now we are thinking about how we can make this convenient and cheap.
So currently Ternadecash solves privacy in the simplest, but not very easy to use way.
There are many ways to improve it.
For example, it can be done more similar to Zcash with transactions inside the shielded pool.
So to allow users to deposit any amount into the pool, do transactions to some other users.
like for example you can deposit three-eth, send one-eth to someone else privately,
then withdraw one-eth or whatever.
And also using layer two technology, it can be made much cheaper than it currently is.
And this privacy pool can be very layer-2 friendly, I'd say,
because since you already need to enter the privacy pool and then exit,
the privacy pool when you're done, you can in the same transaction basically enter layer two as well.
With good enough integrations, privacy can be done in such a way that your deposit funds
into the privacy pool. And magically, all transactions inside this privacy pool are done
already on layer two and are cheap and fast. So if I understand correctly, which thing is that
you could deposit funds into tornado cash and then those funds would essentially come out
in a layer two, does that mean that you would need to have different pools for every
layer two solution? Or would there be a way to somehow have like one big pool that sends funds
in one of several layer twos, which would kind of like increase privacy, I guess?
It will result in a separate anonymity pool for each layer two because it's very hard to
synchronize different layer two solutions and prevent double spans.
For example, if someone sends funds in one layer two and then send the same funds in different
layer two, it will likely result in the different pools.
I have a couple more technical questions as to how the protocol actually works.
So when I withdraw from the pool after having waited, say, a couple of days, I would use a
fresh address, right? Because I mean, this is kind of the point of all of this. How do I pay for gas from a
fresh address? Right? Because basically, if it's a fresh address, I won't have any ETH to pay for gas.
So how is this handed? For this, we have a relay network. And basically, how this works is instead of
sending your snag proof and all the call data to Ethereum, you send the same data to relayer.
Relayer submits this for you on chain and then gets part of your deposit as a compensation.
All the parameters including relayer fee and which relayer should receive it are included in SnarkProof.
So if anything changes in this data, the snark proof becomes invalid.
So relayer cannot change anything and the worst thing that it can do is,
just don't do its job and don't send a transaction,
in which case you just choose a new one.
But this is a pretty rare occasion because if relays misbehave,
they will just get deleted from UI.
So when you're looking for a flight,
you go to a flight aggregator to see all the different places
where you can buy the flight,
to get all the options and make sure you get the best price
for your travel plans.
And when you're making a defy swap, just do the same and use pariswap.
It beats the market prices across all the major dexes because it aggregates them.
And thanks to their network of professional market makers, you get zero slippage on your trades.
So they just pushed a huge update that's even faster, more liquid thanks to a brand new algorithm.
Paraswap is now multi-chain and has expanded a polygon and Binan smart chain.
So go and check it out. Give Paraswop a try at Paraswop.I.O.
slash epicenter.
So last year, a paper came out, an academic paper, on misuses of tornado cash, or basically
user faults, mostly, where they looked at the 3,000 tornado cash deposit and withdrawals
until that date, and found that through just looking at the graph, they could actually match
up 400 of these, basically because people used the same deposit and withdrawal address.
People did these immediately one after the other and so on. So this is already quite a large
chunk of users that maybe some of these were tested transactions, but I assume some of the
users genuinely messed up. Do you think you could make it easier for people to use this correctly?
Or do you think you could make it harder for people to mess up? And we all know this is
really difficult because people like messing up.
For this article, I think like the most of transactions that withdraw to the same address were probably just tests.
But in general, I agree, we need to educate people better on how to correctly use Tornado cache to preserve privacy.
But the best way to solve this would be to make a wallet that takes care of all those things for the user.
For example, the most obvious thing is hiding IP address because IP can be considered public information, all those intermediate internet service providers and many other nodes in the network can see it.
And wallet could submit all the requests through Tor, for example.
And also, like, the wallet would be the most convenient way to solve this, but it's a lot of work.
So you also need to connect to an Ethereum endpoint, right?
So basically most wallace actually just connect to infura.
So basically in fewer, if you don't mask your IP, they typically know who you are and which transactions you've sent to the network, right?
Yes.
For users, it's correct to assume that everyone knows their IP address unless they use VPN or something like this.
But if you just want to prevent your neighbor from looking inside your wallet, it can be fine.
Like every user decide for himself which level of anonymity does he want, like whether he wants to just hide his financial history from general public or he maybe doesn't trust governments at all and want nobody to be able to see his financials.
The project goes at length when you're on the website and reading the documentation.
It really goes at length to ensure that every aspect of tornado cache is decentralized.
So there are no admin keys to administer a smart contract.
The website and the interface are hosted on IPFS, and there's all of this documentation around
how the project aims to be fully decentralized.
What kind of constraints is this impose on you as a developer and perhaps also on user?
And was there ever a thought that perhaps you should do this also as like an anonymous founder?
Was this ever considered?
And if not, why not?
Anonymous founders making it as anonymous is harder because it's harder to hire and people basically trust way less to anonymous funders than public figures.
As for immutable smart contracts, it introduces.
a lot of complexity, but users trust more when they see that the system cannot be changed.
For example, one of the difficulty we had is introducing anonymity mining, because if the contracts
would be still updatable, the anonymity mining would be much, much simpler.
But since we couldn't change already existing smart contracts, we had to introduce quite a few
new mechanisms to work around this.
Which new mechanisms?
For example, there is some intermediate step.
The Ternada Cash smart contract, like core smart contracts, don't save at which block
each deposits was made.
And for anonymity mining, this information is needed to compute the reward size because
it's based on time the deposits spent in the pool.
So we had a separate contract that contains Merkel tree of all deposits and all withdrawals, but with block number information.
So it mostly duplicates the court smart contract state, but it's like extra stuff.
And also someone needs to upload updates to this tree.
It is done trustlessly, so you cannot upload incorrect information, but still someone has to do it.
pay for gas.
What's the role of the torn token?
I mean, you use that for anonymity incentivization or anonymity mining, right?
Torn token is used for making governance decision for Ternade a cash protocol.
And currently, there are a few ways to get torn.
Old users got torn as airdrop.
So the people that used Ternadecash.
in the past before Torn Token was released got their Torn Voucher that they can change to Torn Token.
And new users get Torn Tocans as a reward via anonymity mining.
So basically, Torn Tocans are distributed to users that use Torn Addication in the past and in present.
So people that use it the most have the most voting power in the governance.
And what kind of governance decisions?
does the Dow take?
There were some proposals, for example, to update anonymity mining mechanism because at the moment of release, it was too expensive and basically broken because it cost too much.
But then the more efficient one was developed that is 10 times cheaper in terms of gas.
and governance was used to deploy this new contract and migrate all the data there.
Also, there was proposal for new pools, new bigger pools for Dye, C-Dai and WBTC were introduced.
And currently there is one more active proposal to do a community fund for TANADC cash.
So community decided to set up multisic to be able.
to quickly make some decisions that don't need this big governance voting, but basically
it's smaller decisions than governance usually makes.
And I need to know that Tornado Cash team doesn't have a vote in its own governance
because all team tokens are underwesting.
So currently community makes all this decisions without us.
How long are the tokens vested for?
It's for three years, but first cliff, like first unlock, is after one year.
So this would be around December.
So this community pool, what kind of initiatives or applications do you hope to see this pool funding?
I think they want to reward some contributors to Ternada Cash ecosystem.
so maybe some people that write manuals or make videos or maybe even sponsor hackathons or something like this.
Let's get to our sponsor Solana.
Now, this is a special ad for me to read because I've been a deep supporter of this project since meeting the Solana team back in 2018.
I invest personally in the project and my company course one is super deeply involved in the Solana ecosystem,
including running the biggest validator.
So what's so cool about Solana?
Well, we all know that scalability is the single most important issue facing the blockchain
industry today.
And the Solana blockchain is an amazing solution for it.
The network supports thousands of transactions per second with 400 millisecond block times
and over 500 validators.
The special thing about Solana is also that it's not a sharded blockchain.
It's a single blockchain hyper-optimized for performance.
So that makes it really easy to maintain compostability between all.
all of the apps on Solana so that they work together seamlessly now and forever.
The Solano ecosystem is growing at a rapid pace and it's a great place to build your project
or just get involved with the community.
So go to Solana.com slash Epicenter to learn more.
And so tell us a little bit about this ecosystem, like what exists out there in the tornado
cache ecosystem and what kind of things would you like to see develop?
Because it seems like a pretty, I mean, to me anyways, it seems like a pretty straightforward thing.
like it's an immediate pool, but what kind of things can we build on top of that?
There are a few simple things that come to mind, like not a solution, but more like we lack
documentation, for example. So some things, like some simple things are needed to be done.
But in terms of more complex, there are a few proposals about how to manage change or some people
call it dust.
For example, if you withdraw one ether and then spend half of it for something,
now you have half ether sitting in some address and you can't do much with it.
You cannot make it private again.
And everything you do with it will be connected with your previous transactions that spend
this half ether.
So there are a few proposals how to make those small pieces.
is private again.
So one of the things that I thought was really interesting on the Trinitycast website is the
compliance tool.
When I saw it, it's like, are they talking about regulatory compliance or is there some other
form of compliance that I'm not getting here?
But yeah, it is a tool to sort of ensure that transactions and special users can be
compliant with their local tax regulation.
What's the compliance tool?
and why did you choose to build this into Tornado Cash?
Compliance tool allows to prove the link between deposit and withdrawal.
And basically, it gives Ternada Cash user a freedom to disclose his information to someone.
So the financial information is not forced to be completely hidden,
and user has now power to decide who they want to see this information.
For example, if they want to send those private funds to an exchange,
and then exchange asks them about origin of funds or something like this,
they can easily prove where the funds come from and pass all this check.
This can be used for tax compliance or KOC or things like this,
but nobody except the user has the power to disclose it.
Yeah, I remember a while ago there were exchanges who weren't allowing users to send mixed tokens to them.
I think it was an issue with them the Wasabi wallet and Binance, but I'm sure there were also other exchanges who put similar measures in place.
Is that correct?
I'm actually not aware about this, so I can't really comment much, but I didn't hear about like,
mass restrictions of like this.
When you use this compliance tool, I guess as a user, you provide some sort of an
attestation that will allow a third party to read the information about the origin of the
transaction.
Doesn't that sort of open up a vulnerability, though, where by sharing it with one user, you
effectively open the possibility for this information to be made fully public?
Because once you've shared it with one user, that this other party, that other
party can effectively share that information with the world and thus making transaction anonymity
and tornadoes cash obsolete. How does one protect themselves against attack on their privacy?
I mean, is it, am I even correct in assuming that this is the case?
This is correct. So the best way would be to only share your private information to other people
you trust that they don't leak it. Most people will probably use this, you know, in the case of
like exchanges requesting some sort of origin of funds for KYC or for tax purposes or things like that.
So it assumes that you have to sort of trust that these third parties are either not going to get hacked or won't disclose the information.
Yeah, correct.
I'm curious, are you familiar with the upcoming MECA regulatory proposal in Europe and the provisions in there for sort of privacy coins and anonymous transactions?
Nope.
In Europe, there's a regulatory proposal called markets and crypto assets that in its current drafting aims to make privacy coins forbidden.
If that would be the case, then regulated exchanges could be forced, you know, and this is just like my interpretation of it, but, you know, regulated exchanges could be forced to like either refuse deposits from addresses that have interacted with these protocols or even stop trading privacy coins like C-cash, etc.
Do you feel that perhaps protocols like Tornayva Cash in the future could end up in the sites of national or supernational regulators that want to make these kinds of transactions or these kinds of anonymous crypto protocols forbidden?
I don't think so because it's very easy for exchange to ask about original funds and for user to prove where those funds come from.
When users showed the compliance report to an exchange, the funds are no longer private for this exchange.
Like they can see where they come from.
So I don't see any problems here.
Okay.
So let's talk about the larger ecosystem for a little bit.
So basically, if you look at tornado cash and other privacy preserving solutions,
I mean, you've got solutions that have their own blockchains like Zcash and Monero.
And then you have things that kind of go on top of Ethereum, such as ZK Money.
So basically, Tornado, if you look at it, it's a well-designed mixer, but at its core, it's a mixer.
So basically, if you look at ZK Money, which has this ZK-K-S-K-like shield, clearly the use cases for that are much broader and encompass many more things than Tornado does.
So my question here is, what does your roadmap look like?
And how do you plan to position yourself in the new presence of things like ZK money?
I think most solutions move in the similar direction and try to be similar to Zcash,
which was like one of the first researchers in this area.
So I guess most solutions will look like this.
And the original Ternada Cash implementation was the fast way to do privacy.
But in the future, it should also be pretty similar, like allow transactions and stuff.
And as for separate blockchains, currently Ethereum privacy has lower transaction count,
mostly because Ethereum is much more expensive than Manera, for example.
But with new releases of layer two technology in this year, this can change.
Like, the separate blockchains, the only thing they can do is to transfer money privately.
But on Ethereum, transfer money privately would be only one of many features in the ecosystem.
So I think privacy coins as a separate blockchain is less convenient for most users.
So you'll also move in the direction of shields and layer twos, and this is the general direction for tornado.
Yeah.
So before we wrap up here, what is on the roadmap here and also where can users learn more about Ternatic cache and perhaps getting involved?
Tornado cache development is in big part is decided by governance and the community.
governance holds more than half of all torn tokens
and people can get involved by going into forum and participating in discussions
and steering turn allocation direction that they think is the best.
Thank you so much for joining us, Roman.
This was very elucidating.
I think privacy is something that gets talked about increasingly more,
but I think it's very necessary that we become more.
sensitive to these issues?
I think
usually what happens is
people don't much care about
privacy until something bad happens
and some big service leaks
some private data
and then suddenly people realize
that they actually want the privacy.
Or maybe events similar
of what happened with Snowden.
When someone comes along and
actually shows people
how important it is,
people suddenly start caring about it.
I think that's very true.
And I think those are great closing words.
Thank you so much for coming on.
Thanks for having me.
Thank you, Rahman.
Thank you for joining us on this week's episode.
We release new episodes every week.
You can find and subscribe to the show on iTunes, Spotify, YouTube, SoundCloud,
or wherever you listen to podcasts.
And if you have a Google Home or Alexa device,
you can tell it to listen to the latest episode of the Epicenter podcast.
Go to epicenter.tv slash subscribe for a full list of places where you can watch and listen.
And while you're there, be sure to sign up for the newsletter, so you get new episodes in your inbox as they're released.
If you want to interact with us, guests, or other podcast listeners, you can follow us on Twitter.
And please leave us a review on iTunes.
It helps people find the show, and we're always happy to read them.
So thanks so much, and we look forward to being back next week.