Comparison between Suterusu, Tornado.cash and Aztec protocol

One of the closest projects to Suterusu is perhaps Tornado.cash, which is an anonymous payment layer solution for the Ethereum ecosystem. The main advantage of our solution compared to theirs is as follows:

1. Tornado’s solution does not provide transactional amount confidentiality. The general idea of Tornado is using a zero-knowledge Merkle-tree based membership proof to prove the ownership of tokens. The zero-knowledge membership proof does provide anonymity for the involved parties in the Tornado transaction, however transactional amount confidentiality is not guaranteed since the token payment is sent in plaintext.

In contrast, the statement of Suterusu’s zero-knowledge proof scheme hides the transactional amount in the homomorphic public-key encryption scheme while providing membership proof to anonymize the identities of both the sender and receiver of a transaction. In other words, Suterusu’s anonymous payment scheme for the smart contract platform provides anonymity for the involved parties and also transactional confidentiality.

2. Tornado’s implementation is based on ZK-SNARK, which is the underlying technology for Zcash. The ZK-SNARK scheme has the inherent defect of requiring a trusted setup step. The trusted setup is a hidden bomb waiting to explode as once the trapdoor information of the trusted setup step is stolen by the adversary, the adversary can use it to launch a double-spending attack without the possibility of being detected.

In contrast, our ZK-ConSNARK scheme does not require a trusted setup and hence is fundamentally more secure and transparent.

3. Product-wise, Tornado.cash only allows the deposit and withdrawal of fixed amounts, such as 0.1, 1, etc while Suter Shield allows the deposit and withdrawal of arbitrary token amounts. Suppose you wish to privately transfer an amount of 8.9, you have to perform 8 times of transfer of 1 token and 9 times of transfer of 0.1 token, which is 17 times in total while you can perform one private transfer using Suter Shield. It saves tremendous efforts for privacy-conscious users, and it also saves lots of gas fee for the users on average.

4. Furthermore, when a user deposits a token in Tornado.cash, it will return a secret note, which can be used by anyone to withdraw the deposit token. Therefore, to send this token to another user requires the notes to be sent to the receiver securely since otherwise your money will be intercepted by the adversary. In contrast, Suterusu Shield allows a user to arbitrarily select the target receiver of a confidential transaction without the need of sharing any secret with the receiver beforehand. Since sharing a secret requires the establishment of a secure communication channel between the sender and receiver, it is not user-friendly especially for the rookies who are not familiar with Crypto toolkits.

5. In addition, the Suter VM not only provides anonymous payment functionality for smart contract platforms but also anonymous BTC cross-chain functionality that will bring more liquidity to the Suter ecosystem. Since the major blockchain projects can be divided into two categories: either supporting smart contracts such as Ethereum or not supporting such as Bitcoin.

Our anonymous payment scheme covers both cases, and the plug-in-and-play nature of these technical modules will enable much more sophisticated privacy-preserving DeFi functionalities compared to the monotonous (single user) anonymous payment functionality provided by the Tornado module. To further demonstrate the effectiveness of our privacy-preserving DeFi functionality, we have already established partnerships with various DeFi projects to add privacy-preserving functionality to these projects. The interested readers are referred to this link (https://medium.com/suterusu/how-to-build-privacy-preserving-defi-based-on-suterusu-protocol-ebbd6bd140fe) for the details of how to build privacy-preserving DeFi protocol based on Suterusu protocol.

6. Regarding the economic model, Suterusu provides a similar liquidity mining mechanism to incentivize users to enlarge the anonymous set. In addition, any Suter holder will get a share of fees collected from the service provided by the Suter ecosystem. Therefore, it provides additional incentive for the users to join the Suterusu community.

Another closely related project is the Aztec protocol. Here is the comparison between these two projects:

1. Aztec’s scheme is based on zk-snark, which requires a trusted setup while Suterusu’s core technology zk-consnark does require a trusted setup, which guarantees a high level of security and transparency.
2. The current Aztec solution only supports confidential transfer, and cannot guarantee user anonymity and transaction untraceability. More specifically, their contract maps the Metamask address to the Aztec note, which means it could trace these notes to the corresponding Metamask address while Suter lets the users select its own private key and generate the zero-knowledge proof independently, and thus not only guarantees the transaction amount confidentiality but also the user anonymity and transactional untraceability.
3. The main reason why Aztec’s rollup technology can reduce users’ gas fees is that the rollup solution batches a sufficient amount of transactions before they can be verified by the blockchain network. However, this means sometimes the users have to wait for a long period of time before there are even enough transactions to be batched. This is especially true at the beginning of the system when there are few users. This has actually been proven by our experience when our VP of engineering run their rollup and wait for two full days and still didn’t get his transaction verified by the network.
4. For the batch proof solution to work, one has to assume the batched proof delivered to the blockchain network contains valid proofs in the first place. Suppose the blockchain network spots an invalid batched proof, one has to decide which proof is invalid, which means there gotta be an entity responsible for verifying the proofs one by one. One possible solution to this issue is to let the rollup provider check the validity of the proofs before uploading them to the blockchain network. However, one has to assume the rollup provider performs the verification job properly. In this case, the rollup provider tends to present as a single point of failure. For instance, since one could generate an invalid proof almost instantaneously, but it takes relatively much longer to verify the proof. Therefore, it would be trivial to launch a DoS attack against the rollup provider.
5. The proof batch work is done by a rollup provider. Currently, there is only one single rollup provider in the Aztec system. The rollup provider is not an essential part of the underlying blockchain architecture and is not necessarily supported by blockchain networks other than Ethereum. It might be challenging to deploy Aztec on other blockchain networks due to the extra infrastructure requirements. In contrast, Suterusu is a universal layer 2 private payment infrastructure that is compatible with almost any smart contract platform. Therefore, we have great advantages in terms of composability and interoperability. This is exactly why we can quickly deploy our product on multiple blockchain networks including Ethereum, Binance Smart Chain, smartBCH, etc. Aztec’s product is still in its infancy despite it being launched more than 3 years ago and there are not many users on its network, while Suterusu currently has accumulated 15000+ users, and the transaction volume has exceeded 200 million US dollars.