Using AP amounts to reveal deposit/withdraw pairs?

It seems that AP awards a fixed # of $AP per block between deposit and withdraw; I’m wondering how privacy is still preserved. It’s withdrawn to an anon account via relayer so the address can’t be linked, but it seems the amount of AP is still revealed. It seems there are order ~50 tornado.cash deposits per day (vs 5K eth blocks/day), meaning that just knowing the # of AP withdrawn can let you construct a candidate set of deposit/withdraw pairs for roughly 1/100th of all withdraws, since the deposit also has to align perfectly with that timestamp. If a substantial number of people end up claiming their AP, you could even use the data to uniquely map out sets of withdraws and deposits that would allow those quantities to be satisfied. Is the team worried about such tracing?

1 Like

Hi there,

As you say, this can be done. Tornado Cash users can see if they have committed this and other reveals on Tutela. Currently we have only identified 385 connections from the TORN mining reveal. My suggestions to reduce the risk of being identified are to:

  1. Do not withdraw all of your AP at once
  2. Withdraw it to multiple addresses
  3. Withdraw it to different addresses than your deposit/withdrawal addresses
  4. Make multiple deposits into TC that claim AP (too late now!) - it is easier to trace 1 deposit to 1 withdrawal links through this reveal.

See more on other reveals you can make using Tornado Cash here. Thanks to great work on this by @unbalancedparen, LambdaClass and @Istvan_Andras_Seres.

2 Likes