Privacy for Ethereum: Aztec vs. Tornado vs. Chameleon

There are a few existing solutions designed to introduce privacy properties to public cryptocurrencies, especially those issued on the Ethereum blockchain. In this article, we analyze three approaches to deliver privacy on Ethereum: AZTEC, Tornado Cash, and Chameleon.

Tornado Cash

Tornado’s approach is to break the link between the sender and receiver using a mixing technique. Transactions with the same amount are sent to a proxy, a smart contract. The receiver will withdraw the money from the proxy by providing a secret. Pairing-based zk-SNARK technology allows this to happen without revealing which exact deposit corresponds to this secret. In order to save gas, Tornado uses MiMC hash instead of SHA3. This is a trade-off between transaction fees and security.

Achievement:

Breaking the link between sender and receiver

Limitations:

  • Not able to hide the amount of a transaction, or the balance of an address.
  • Transaction delay. More than 24h expected to guarantee security.
  • Pairing-based zk-SNARK requires a trusted setup.

Aztec

Aztec also uses the Ethereum smart contracts to provide privacy properties. Aztec implements JoinSplit protocol, detailed in ZCash version 0.1, which can hide transaction amounts, but not the sender or receiver. To reduce the computational costs of verifying transactions, Aztec uses pairing-based zk-SNARK with trusted setup.

Achievement:

Hiding the amount of a transaction

Limitations:

  • Unable to hide sender and receiver addresses
  • Trusted setup
  • High transaction fees (estimated at 900,000 gas/tx)

Both Tornado Cash and Aztec implement privacy on top of the Ethereum blockchain. They thus inherit its advantages, but gas fees and speed are drawbacks for these approaches. To overcome this, they have to use a lighter computation approach which sacrifices security: pairing-based zk-SNARK with a trusted setup.

Chameleon

Chameleon takes a different approach. The Chameleon-Ethereum bridge is designed for fully decentralized cross-chain interoperability. Implementations will enable cross-chain communication between the two blockchains and provide the option of a “privacy mode” for transfers of crypto assets (ETH and ERC20 tokens). Using this bridge, anyone can activate privacy for their tokens and shield their balances and activity.

The Chameleon bridge will facilitate the transfer of crypto assets (e.g., tokens) between two blockchains by implementing locking, minting, and burning mechanisms on each blockchain. In the future, when tokens are sent to a locking contract on Ethereum, Chameleon will verify that the “locking” transaction was indeed confirmed on Ethereum. Upon the submission of the token lock transaction on Ethereum, Chameleon will proceed to mint a corresponding amount of privacy tokens (e.g., privacy Ether or privacy ERC20 tokens). Similarly, when these privacy tokens are burned, the locking contract on Ethereum will verify the validity and unlock the original tokens upon submission of proof. This process will effectively maintain a 1:1 ratio between the privacy token on Chameleon and the original token on Ethereum.

Chameleon will use RingCT and Bulletproof techniques to provide full privacy—shielding the transaction amount, sender, and receiver. Chameleon’s sharding technique will improve transaction throughput to 100 tps, compared to Ethereum’s 15 tps, and transaction fees will be extremely low.

Summary

Feature Aztec Tornado Cash Chameleon
Untraceable No Yes Yes
Shield tx amount Yes No Yes
Shield sender and receiver No Yes Yes
Non-trusted setup No No Yes
Transaction fee High High Low
The security of cryptography is proportional to the cost of computation. High gas fees present considerable challenges for approaches implemented on Ethereum, often requiring sacrifices in terms of security.

Chameleon’s unique approach will utilize advanced cryptographic techniques, sharding, and bridging to achieve more robust, lower-cost privacy.

3 Likes