Home Explore Help
Sign In
bat9go
/
tutela-app
mirror of https://github.com/TutelaLabs/tutela-app
Watch 1
Star 0
Fork 0
Files Issues 0 Wiki
Branch: live-updates-4
Branches Tags
tutela-app
/
whitepaper
/
3_overview.tex

3_overview.tex 4.5 KB
Permalink History Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647 
  1. \section{Tutela Overview}
    2. 

  2. \label{sec:tutela}
    3. 

  3. 

  4. Tutela\footnote{At the time of publication, Tutela is hosted at \url{https://www.tutela.xyz}.}, latin for protection, is a web application that has three functions, it inform users which of their Ethereum addresses are affiliated, how they are linked and audits the anonymity sets of Tornado Cash Pools. More on each of these below.
    5. 

  5. 

  6. \subsection {Ethereum Address Clustering}
    7. 

  7. 

  8. Users can search an ethereum address (e.g. 0x...) or ENS (e.g. tutela.eth), and receive a summary of its anonymity. 
    9. 

  9. 

  10. \begin{figure}[h!]
    11. 

  11. \includegraphics[width=\linewidth]{figures/demo.pdf}
    12. 

  12. \caption{Tutela address page when searching an Ethereum address. This address is also a TC user.}
    13. 

  13. \end{figure}
    14. 

  14. 

  15. We summarize the main functionalities shown in Figure~\ref{fig:demo}. The response page is separated into three sections. The top left section summarizes the anonymity of the searched address. It contains an ``anonymity score'' out of 100, where a lower number represents less anonymity. In this example, the searched address has an anonymity score of 0, representing a large amount of leaked identity information. Other information, such as balance in ETH or ENS names, are shown when relevant.
    16. 

  16. 

  17. The top right section is only populated if the searched address is a Tornado Cash user. In this example, the searched address has deposited 97 times to a Tornado Cash pool and withdrawn 88 times. Interestingly, we find that through heuristics, we are able to tie 87 of those withdraw transactions to deposit transactions, thereby meaningfully reducing the useful size of the Tornado Cash pool. See Section~\ref{sec:tornado} for more details.
    18. 

  18. 

  19. The bottom section labeled ``Linked Addresses'' shows a list of addresses clustered with the searched one. Each item in this list is denoted as either an externally owned address (EOA), a deposit address, or an exchange address. Each item also contains a confidence score denoting the strength of association with the searched address, and the heuristic that bound it to the searched address.
    20. 

  20. This example shows a thousand clustered addresses representing an entity with a large wallet portfolio (e.g., bot) -- hence why the anonymity score is zero.
    21. 

  21. 

  22. \subsection{Ethereum Address Reveals}
    23. 

  23. 

  24. \begin{figure}[h!]
    25. 

  25. \includegraphics[width=\linewidth]{figures/demo3.pdf}
    26. 

  26. \caption{Tutela transaction page when searching an Ethereum address. This address is also a TC user.}
    27. 

  27. \label{fig:demo3}
    28. 

  28. \end{figure}
    29. 

  29. 

  30. To see a history of when an Ethereum user potentially committed reveals, users can select the transactions tab on the landing page and input an Ethereum address or ENS. The right hand side of Figure~\ref{fig:demo3} shows a graph of when these revealing transactions occurred where the x-axis denotes the weeks prior to the current date. Each bar in the graph corresponds to an individual week and upon clicking on each bar, Tutela will show the details of the potentially revealing transactions underneath. On the left hand side, users can see statistics on their potential reveals as well as a comparison to the average Tornado Cash user. 
    31. 

  31. 

  32. 

  33. \subsection{Tornado Cash Anonymity Set Auditor}
    34. 

  34. 

  35. The Tornado Cash Anonymity Set Auditor, computes the five heuristics described in Section~\ref{sec:tornado} for each Tornado Cash pool to determine how many potentially compromised deposits are in each pool.
    36. 

  36. 

  37. \begin{figure}[h!]
    38. 

  38. \includegraphics[width=\linewidth]{figures/demo2.pdf}
    39. 

  39. \caption{Tutela interface when searching a Tornado Cash pool.}
    40. 

  40. \label{fig:demo2}
    41. 

  41. \end{figure}
    42. 

  42. 

  43. If a user selects a Tornado Cash Pool from the dropdown list on the landing page, the top right of the results page will show the headline number of equal user deposits in a Tornado Cash pool, otherwise known as its anonymity set. Below that, we compute the ``true'' anonymity set size for the pool, subtracting out all equal user deposits that may have been compromised through our heuristics. This gives the number of “uncompromised deposits”. At the time of publication, the Tornado Cash website reports only the full anonymity set size, not taking into account potential compromises. 
    44. 

  44. 

  45. At the bottom of Figure~\ref{fig:demo2}, users can supply an address to check, \textit{in a private way}, if it has made any compromising transactions, inspired by the popular website ``Have I been pwned?''\footnote{See \url{https://haveibeenpwned.com}.}.
    46. 

  46. 

  47. A concrete use case of Tutela is to adjust anonymity set to protect the privacy of Tornado Cash users more faithfully. As described in Section~\ref{sec:preliminaries}, if a pool has many compromised deposits, it provides less privacy than a user believes.
    48.