RFP: Tornado Desktop

Summary

This post outlines a potential request-for-proposal for a Tornado Cash desktop client, which can generate, store, and manage notes safely offline.

Motivation

The motivation for this Request for Proposal is twofold:

  1. I’m one-of-five multisig holders and I’ve been seriously reflecting on what could be funded of significance to really boost the ecosystem. I’ve made some comments on the forum mentioning useful initiatives that I imagine would qualify for funding. However, even these have felt underwhelming.
  2. Reflecting on the project more deeply as of late, I’ve realized that managing an industrious Tornado operation (or really, engaging in anything more than just casual usage) for the average user is a pain in the ass. And storing notes in your everyday browser’s local storage is risky. To say the least.

Benefit

A desktop client would provide an additional layer of security to Tornado Cash end users

Notes could be generated offline. Transactions could be signed offline. Then the device could be brought online to broadcast the transactions. In the process, you could then airgap your private notes from being stored in a persistently online environment, such as your browser.

Furthermore, it could be possible to also include Ethereum wallet generation in this desktop client - similar to MyCrypto Desktop (we could even clone the MyCrypto codebase for this). Allowing for new wallet generation locally would easily allow users to create independent wallets to mix funds safely between without relying on MetaMask (which is now in the lovely hands of JP Morgan, Mastercard, UBS - we all know how much they love empowering humanity)

Long term, this desktop client could begin to include basic analytics to provide the user with insight into how much entropy they may accidentally be revealing as they mix their funds through Tornado. For example:

  • if you claim all your AP at once immediately after mixing, you may give yourself away
  • if you mix too often from one address to another, you may give yourself away
  • if you mix a large, specific number of deposits in from one address and then withdraw them all to another address, you may give yourself away

Each of these transaction types could be analyzed offline prior to tx execution to inform the user if their attempt at creating personal security for themselves will be foiled by their own folly or accidental misstep

Poll

If there is interest, we can potentially create a Gitcoin Bounty for anyone interested in taking on the project.

Is there demand for a desktop version of Tornado Cash that would let you generate, store, and manage notes easily offline?
  • Yes
  • No

0 voters

Any and all feedback is appreciated and welcomed

6 Likes

Thanks for this post @ethdev. As discussed before, I do think that this could be really useful for the community. I would personally prefer to use this solution instead of a website.

2 Likes

It could also force the use of Tor and relayers could run hidden service so IP address are not leaked. I agree that the current solution for managing notes is not the most secure and I limited my amount of long term deposit in part because of this.

4 Likes

This is a great idea. I recommend to use Tauri, an electron competitor written in Rust:

2 Likes

We could write a proposal for this but it depends on the amount assigned to this bounty. What amount are you thinking @ethdev?

I like this, I currently run the Web UI on localhost, but this would be cleaner …

A few requirements:

  1. Proxies through Tor by default
  2. Open source
  3. UI hints to warn user if user is trying to do something stupid (e.g., withdraw mining rewards from 1 deposit to withdrawal wallet)
  4. Runs on Windows/Mac/Linux

I’m curious how you are doing this! Would you be willing to explain?

Thanks for the comments! Do you mean the address that’s used to withdraw my fund should not be used to also claim my mining rewards? could you help me understands how that is problematic?

see here:

alternatively you can use the CLI:

The size of the reward that you receive can be used to determine for how long exactly you had deposited your ETH. With this information you can find the deposit transaction that matches your withdrawal transaction.

1 Like

I forgot to say thanks for this comment. We are using this in the fifth heuristic:

Web UI on localhost with these features as toggleable is the right way to do this; a full desktop app is redundant.

The one problem for tornado.cash as it sits today is the generation of the note file as plaintext. On a connected system, this is frankly an unnecessary vulnerability. No one can be sure their system isn’t compromised in some way.

One potential fix to this would be to generate the note the same way an Ethereum keystore file is generated; one raw file that requires a password. The tornado.cash note could (optionally) require you to input a password that’s used to hash the note you’ll receive. This means the note you download is useless without the password, and the file would be hashed before it was decrypted over SSL, so there’s no point in which a single attack method could get the keys. A keylogger can only get the password, theft of your encrypted tornado note would be useless.

The best part? This is super easy to implement on top of the current system, requiring no modification to the current system. It’s a bolt-on improvement.