Tornado Cash

As the government tackles the Tornado Cash Mixer, it may also reap a whirlwind of consequences.

All this chaos over Tornado Cash that has been going on for the past couple of days makes us wonder what this thing is. Well, do not mistake Tornado Cash as a name of a company like coinbase or anything. However, it sure is bringing a high tide in the US government over cryptocurrencies.

A monk wrote a book about magic in the late 15th century in what is now Germany. It had nothing to do with magic. The Benedictine abbot Johannes Trithemius' three-volume "Steganographia" described the use of spirits to communicate secretly over long distances. Trithemius was suspected of practicing black magic, and the Catholic Church added "Steganographia" to its Index Librorum Prohibitorum, where it remained until 1900. However, the Church may not have blacklisted Trithemius' work out of fear of spiritual corruption, because the "Steganographia" was not what it appeared to be. Though it mentioned angels and spirits, its proper topic was far more dangerous: encryption.

"Steganographia," written in 1499, was one of the first major works on cryptography in the Western world, introducing, for example, the now-common idea of a simple cipher that could replace the letters of a message systematically. Among other things, the book employs the "Ave Maria" cipher, which replaces each letter of a message with a short Latin sentence about Jesus. It is now widely assumed that the book's blacklisting had little to do with religion and was instead an attempt to suppress cryptographic knowledge.

You can imagine how dangerous a looming explosion of hidden written messages would have been to the various warlords and strongmen who ruled Europe at the time. The theology of the divine right of kings upheld by Trithemius' church implied that most people had no right to privacy or much else.

A powerful governing force has trotted out another Index Librorum Prohibitorum half a millennium later. The US Office of Foreign Assets Control (OFAC) added Tornado Cash, a decentralized privacy service, to its list of Specially Designated Nationals on Monday. Interacting with the service is thus illegal for US nationals and entities. However, the impact and even intent appear to be much broader: Roman Semenov, a Tornado Cash developer, claimed on Tuesday that his Github code repository account had been suspended. Semenov has not been sanctioned by OFAC, and he has no direct involvement with the Tornado Cash service. Instead, he has orchestrated the development of code that can be run by others to form a decentralized network. Semenov nailed the key question raised by his reported suspension on Twitter

Tornado Cash is an Ethereum network "mixer." In broad strokes, it allows Ethereum users to send either ether (ETH) or ERC-20 tokens to the service, where they are "mixed" with the tokens of other users before being returned, obscuring who sent what to whom and when. While Ethereum has virtually no privacy controls by default, Tornado Cash appears to be quite effective - if it wasn't, OFAC might not have blacklisted it. Tornado Cash can be trusted to do what it says on the tin because the code is transparent, decentralized, and automated. OFAC has very good reason to wish Tornado Cash didn't exist. Tornado, according to the agency, was used by North Korea's Lazarus Group to launder hundreds of millions of dollars in proceeds from hacks of major crypto projects, including the Ronin bridge. It has been suggested that the proceeds from such hacks are used to fund North Korea's weapons programs, so halting this appears beneficial to the rest of the world.

However, OFAC's sanction is an indiscriminate dirty bomb of catastrophic proportions, poised to vaporize millions of people's fundamental human rights around the world while (possibly) halting the activities of one tiny and impoverished nation. There are numerous reasons why ordinary non-criminals would use a service like Tornado Cash, ranging from anonymous political donations to concealing the extent or location of their private wealth. Even Ethereum co-founder Vitalik Buterin chimed in, admitting to using Tornado Cash to obfuscate donations to the Ukraine war effort - not to protect himself, but to protect recipients in Ukraine.

This is a legal as well as an ethical issue. OFAC's sanction, and subsequent attempts to squelch the Tornado Cash code by the likes of Github, may point to significant internal contradictions in US law. It's not entirely fair to blame OFAC solely for this: a regulator's job is generally to focus on a single issue rather than consider the broader implications.