Open in app

Sign in

Write

Sign in

TONNEL Network: #1 Zero-Knowledge Privacy Protocol on TON💎

Tonnel Network
6 min readJul 15, 2023

Do you believe Transparency is the opposite of Privacy? If so, Mr.Freeman will try to change your mind here.

Mr.Freeman!

Everyone can track your transactions on almost any blockchain(including TON Blockchain).

But, does it mean you don’t have privacy? Unfortunately, Yes:(
Does it mean you can’t have privacy? Fortunately, No:)

Zero Knowledge: A fancy word? or a useful technology?

Zero-Knowledge is something that everyone talks about in Web3 space now, it’s a mathematical technique where you can prove a claim without revealing any extra information.

Let’s say Alice wants to prove to Bob, that she can see colors. So Bob can pick one 🔵 and one 🔴 ball(Exactly the same balls, just different colors). Bob will put the 🔴 ball in his left hand and the 🔵 ball in his right hand. He will show his hand to Alice, and then he will hide his hands behind himself and either change his hands or doesn’t, and then he will ask her, did I change my hands? If Alice gave the correct answer, Alice could be 50% lying and just lucky, so Bob can try this challenge 10 times and by then if Alice answers each of the challenges correctly, Bob can be almost 99.9 % sure that Alice can see colors. If Bob does this 20 more times, it’s almost 99.9999999% sure that Alice is not lying!

Pretty interesting but can it be used in blockchain?? Yes!

Let’s say Alice wants to send 10 TON to Bob, without revealing her address(her transaction history and balance). Alice has to trust someone(e.g. a central exchange like OKex).

But with some ZK magic, you can design a protocol like TONNEL Network to achieve this. There are different techniques to use ZK in blockchain, SNARK and STARK are the most used ones.

TONNEL Network uses SNARK for the Zk part of the protocol. Many famous projects also use SNARK(ZKSync, Polygon Hermez, Tornado, Zcash).

TONNEL Network Design

Math(ZkSnark) + TON = TONNEL

In TONNEL, there are multiple pools with different sizes(50TON, 100TON, 500TON, 5000TON, 50000TON). Each pool is a smart contract( 5TON Pool on testnet).

Assume Alice wants to donate Bob 5TON, but no one else(not even Bob) can be able to know the origin of the donation.

  1. Alice will open TONNEL Network website and deposit 5TON in the contract

2. Alice has to save this secret key and hold it as safe as a private key. This is like a one-time private key, anyone with this keyphrase can access the 5TON deposited in the pool.

Secret = 256-bit random number

Nullifier = 256-bit random number

Commitment = Sha256_Hash(Secret + Nullifier)

3. Alice has to deposit two transactions with a payload that contains the commitment string.

Alice pays

  • 5 TON(Pool size)
  • 1.5 TON (blockchain fee)
  • 0.1 TON (TONNEL Protocol fee)

Alice receives

  • 100 $TONNEL Jetton(Pool size * 20)

4. Now Alice, can see her deposit in History section(Sample Deposit Transaction on Testnet). Every deposit to the same pool is stored in the contract and all the commitments are stored in a merkle tree.

5. Alice can wait for a few seconds/hours/days/years:) she can use her secret key that she saved before to receive her 5TON immediately to another wallet(For example Bob donation wallet).

  • The more deposit happens between Alice’s Deposit and Withdraw, the less likely someone could link the transactions

6. Alice enters her secret key and recipient wallet and she has two options now:

  • Full Safety Mode : To generate the ZK proof herself on her browser( it requires high internet speed and a strong PC). For example on MacBook Pro M1 with high internet speed it takes around 2 minutes. This option is 100% safe and recommended
  • To generate the ZK proof on TONNEL server, it will take around 1 minute and if the TONNEL server acts malicious it could steal your fund! This option is not100% safe and not recommended

After clicking on withdraw, front-end will check if the secret key is valid and the commitment is existing in the Merkle tree and then it will start to generate proof. The proof will look like this:

{
   pi_a: [
     '549644412534889332270456498579860242860203165286315536263602374830261858198872320245173465807213444445190045773135',
     '3993449294136924482858129017872530096558720997959196915349561181014560194061611477964696842126599405970473545935213',
     '1'
   ],
   pi_b: [
     [
       '3897252307090062736844408775746498619774393542992461584560771643896678313937582103581955169711255755931410384913478',
       '187993603476260846321344339568962015211826197556001631991787577171749882612578604389163010938268908454846949102818'
     ],
     [
       '1332072349387565494146676292116673924423324106871093544155680223177533344296999424387434905247047877432111561429423',
       '714391619767088293694641195576550524092275996170776555663393343949924102738567507845339390630101307517979306997346'
     ],
     [ '1', '0' ]
   ],
   pi_c: [
     '326024750320103504111431597296820323631560050145464616130939511582678386041398777964536303430226901115420422395134',
     '1463445872350679609191308179004912212777329478099956364597363881527307315401375535885047940332562698607277790046478',
     '1'
   ],
   protocol: 'groth16',
   curve: 'bls12381'
 }

This proof is like a one-time key that can unlock Alice’s fund, this proof includes relayer fee percentage and recipient address.

  • Can Alice send the proof herself? Yes, she can, but then she will lose her anonymity, because everyone will see a withdrawal transaction originated from Alice's Address and it’s sent to Bob’s Address, so everyone can link Alice and Bob. So Alice SHOULD not send the proof herself.

So here relayers are involved. It’s mathematically impossible that they could change the proof to earn more fee or to change the destination or any other malignant behavior.

Mr.Freeman will explain in detail how Relayers operate in TONNEL network but let’s assume some random third party will submit Alice’s Proof and earn the fee that Alice set in the proof.

Relayer will receive

  • 5% of Pool size (fee is set by Alice, default is 5%)
  • 10 $TONNEL Jetton(Pool size * 2)

Alice’s given recipient wallet

  • 95% of Pool size(fee is set by Alice)

Relayers: Where Telegram meets TONNEL

Relayers are a crucial part of the protocol. They are broadcasters of ZK Proofs to TONNEL Contract. They facilitate the withdrawal process by relaying the proof and the contract will check the proofs(the contract will check for double-spending so each secret key can be used only once).

The simple solution was to just make some relayer node, that some people(with tech knowledge) run on their server and they automatically get all the fees of the protocol. But is it fair and the best solution?

Mr.Freeman put on a vote on TONNEL Telegram channel and people agreed that there is a better option.

TONNEL uses a new method instead of relayer servers. It lets telegram users register as a relayer in TONNEL Relayer Bot, and they can easily register to be a relayer(By purchasing one of these NFTs).

Each Relayer can have multiple NFTs, and each NFT has a reputation score. So when a user tries to withdraw their fund from TONNEL, the proof that they generate is sent to relayers in the following way:

  • First, the TONNEL Indexer chose 1 random relayer among the relayers(The higher reputation, the higher chance of being chosen)
  • That Relayer will receive a message like this in the bot
  • The relayer has around 20 seconds to send this transaction using their TON wallet. If they succeed, they’d receive their fee and their $TONNEL token.
  • If the first relayer failed to finish their task, the message in the bot will be deleted, and another random relayer will be chosen.
  • This cycle will continue until one relayer makes the transaction.

What’s Next?

TONNEL Network is working on testnet and the relayers did their tasks very well, TONNEL has 30 relayers so far and the average withdrawal waiting time is less than 2 minutes. Here are the few things that Mr.Freeman will be working on until the mainnet launch(According to TF, the mainnet upgrade will happen in mid-August):

  • Fixing responsive bugs on smaller devices and improvement of UI of TONNEL.Network
  • Increasing the community knowledge about the project and its architecture, by releasing articles and translating them into other languages
  • Add staking option for TON and $TONNEL to increase the reputation score of relayers

Please follow us on our social channels to get the latest update on TONNEL Network

Twitter: https://twitter.com/tonnel_network

Telegram Channel: https://t.me/tonnel_en

Telegram Chat(English): https://t.me/tonnel_chat

Telegram Chat(Russian): https://t.me/tonnel_chat_ru

Website: https://tonnel.network

Email: freeman@tonnel.network

Zero Knowledge Proofs
Ton
Telegram
Privacy
Tornado

--

--

Tonnel Network

Written by Tonnel Network

17 Followers

Tonnel is the first Zero-Knowledge powered project built on the TON blockchain that aims to provide privacy features similar to those offered by 🌪 on EVM.

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams