Anonymity set size is the only objective measure of privacy. A pool with 10 users offers trivial privacy; a pool with 10,000 users provides meaningful cover. Most private AMMs like Penumbra or zkSwap focus on cryptographic proofs but neglect the network effect required for real anonymity.
the-cypherpunk-ethos-in-modern-crypto
Blog
Why Anonymity Sets Are the Critical Metric for Private Pools
Forget TVL. The statistical privacy of a shielded pool is defined by its anonymity set size, making it the only security parameter that matters for users. This is the cypherpunk ethos, quantified.
introduction
THE BLIND SPOT
Introduction
The privacy of a private pool is defined by its anonymity set, a metric most protocols and users dangerously ignore.
Liquidity fragmentation destroys privacy. A protocol with 100 isolated pools of 10 users each is less private than a single pool of 1000. This is the critical flaw in early designs versus the aggregated liquidity model of public DEXs like Uniswap V3.
Evidence: Analysis of early shielded pools shows deanonymization attacks succeed with >90% accuracy when the anonymity set is below 50 participants. Privacy without a crowd is just security theater.
thesis-statement
THE METRIC
Thesis Statement
Anonymity set size is the definitive measure of a private pool's security, not its cryptographic primitives.
Anonymity set size determines security. The probability of deanonymization is inversely proportional to the number of participants in the pool. A zk-SNARK proves transaction validity but cannot hide whether you are the only user.
Liquidity is a secondary effect. Pools like Tornado Cash or Aztec attract users because of strong anonymity guarantees, which then bootstrap liquidity. The reverse—liquidity-first design—creates a surveillance honeypot.
Compare Railgun vs. Tornado Cash. Railgun's zk-proofs are more advanced, but Tornado's larger, established anonymity set provides stronger practical privacy for Ethereum users today.
Evidence: A 2023 Chainalysis report noted the near-impossibility of tracing funds through Tornado Cash's 10,000+ active deposit address set, while smaller pools were routinely analyzed.
market-context
THE METRIC THAT MATTERS
Market Context: The Privacy Arms Race
Privacy in DeFi is not a binary state but a function of the anonymity set size, which is now the primary battleground for protocols like Tornado Cash and Aztec.
Anonymity set size determines privacy strength. A pool of 10 users provides trivial privacy; a pool of 10,000 makes chain analysis statistically impractical. This metric directly measures the cost of deanonymization for any attacker.
Tornado Cash's failure was a structural collapse of its anonymity set. Post-sanctions, the active user base evaporated, rendering remaining deposits transparent and vulnerable. A private pool with low participation is a public ledger.
Aztec and zk.money use zero-knowledge proofs for stronger cryptographic privacy, but their small, niche user bases create a critical weakness. Their technical superiority is undermined by a shallow anonymity pool that simplifies heuristic analysis.
The arms race is for liquidity, not just technology. Protocols must bootstrap network effects to achieve critical mass. Without a large, continuous flow of funds, even perfect cryptography fails against traffic analysis and timing attacks.
key-trends
PRIVATE POOL METRICS
Key Trends: The Anonymity Set Frontier
For private pools, liquidity is secondary; the size of the anonymity set is the primary determinant of user protection and MEV resistance.
01
The Problem: Isolated Pools = Weak Privacy
A private pool with low user count is a honeypot. Your trade is the only signal, making it trivial for block builders to infer and front-run your intent.
- Privacy is Relative: Anonymity only exists within a crowd.
- Small Sets Leak: A pool of 10 users offers negligible protection against chain analysis.
<100
Weak Set
High
Leakage Risk
02
The Solution: Shared Sequencer Networks
Protocols like Espresso Systems and Astria create a shared sequencing layer where transactions from many applications are batched. This merges anonymity sets across dApps.
- Cross-App Obfuscation: Your swap in a private pool is hidden among NFT mints and DeFi actions.
- Critical Mass: Achieves thousands of transactions per block, creating a robust statistical cover.
1000+
Txs/Block
Cross-App
Cover
03
The Benchmark: Tornado Cash's Legacy
Tornado Cash demonstrated that a large, sustained deposit/withdrawal volume is the only viable anonymity model. Its pools worked because they were constantly used.
- Liquidity ≠Privacy: A $100M pool with 5 users is not private.
- The Metric That Mattered: Daily active depositors was the true KPI, not TVL.
$7B+
Historical TVL
Active Users
Key KPI
04
The Architecture: Encrypted Mempools & Threshold Decryption
Shutter Network and FHE-based systems encrypt intent before submission. Decryption only occurs after block inclusion, preventing MEV extraction.
- Blinds the Builder: Sequencers and builders see only ciphertext.
- Requires Critical Mass: Encryption is pointless if you're the only one using it; the set size validates the crypto.
Pre-Execution
Encryption
0
Viewable MEV
05
The Incentive: Aligning Privacy with Profit
Protocols must incentivize users to always route through the private system. This is the core challenge solved by UniswapX and intents-based architectures.
- Negative Cost: Better prices/fee savings must outweigh privacy overhead.
- Default Path: Privacy must be the economically rational choice, not a premium feature.
Better Price
Requirement
0-Cost
Target Fee
06
The Future: Cross-Chain Anonymity Sets
The ultimate frontier is aggregating user actions across Ethereum, Solana, and rollups into a single anonymity set. This is the goal for privacy-focused interoperability layers.
- Exponential Growth: Combining L2 users with L1 and other L1s.
- Final Barrier: Breaking the chain-bound nature of current privacy solutions.
Multi-Chain
Coverage
10x+
Set Size
PRIVATE POOL INFRASTRUCTURE
Protocol Comparison: Anonymity Set vs. Vanity Metrics
Comparing the core privacy guarantees and operational trade-offs of leading private transaction protocols. Anonymity set size is the primary metric for measuring resistance to chain analysis.
| Privacy & Security Metric | Tornado Cash (Classic) | Railgun | Aztec (zk.money) |
|---|---|---|---|
Effective Anonymity Set Size |
| Per pool, typically < 1k | Per note, typically < 100 |
Underlying Privacy Tech | ZK-SNARKs (fixed circuit) | ZK-SNARKs (private smart contracts) | ZK-SNARKs (UTXO model) |
On-Chain Privacy Leak | Deposit/Withdrawal link visible | Shield/Unshield link visible | Note commitment/nullifier visible |
Native Multi-Asset Support | |||
Gas Cost per Private Tx (ETH) | ~800k gas | ~1.2M gas | ~450k gas |
Required Trust Setup | Trusted ceremony (Powers of Tau) | Trusted ceremony (Powers of Tau) | Trusted ceremony (Powers of Tau) |
Primary Attack Vector | Deposit/Withdrawal correlation | Pool depletion & statistical analysis | Note linkage via usage patterns |
deep-dive
THE METRIC
Deep Dive: The Math of Anonymity
Anonymity set size is the definitive measure of a private pool's security, not its total value locked.
Anonymity set size determines privacy. A user's transaction is only as private as the number of other transactions it can be plausibly confused with. A pool with $1B TVL and 10 users provides less anonymity than a pool with $10M TVL and 10,000 users.
TVL is a vanity metric for privacy. Protocols like Tornado Cash Classic emphasized this, where a large, active pool of small deposits created robust anonymity. Modern intent-based private systems like Railgun and Aztec architect their cryptography to maximize this user count, not just capital.
The math is adversarial. An attacker with on-chain data and timing analysis needs a sufficiently large set of candidate transactions to make deanonymization computationally infeasible. A small set makes statistical attacks trivial.
Evidence: Research on Tornado Cash pools showed that anonymity sets below 100 were vulnerable to simple clustering heuristics, while sets in the thousands provided robust protection even against sophisticated chain analysis firms like Chainalysis.
counter-argument
THE ANONYMITY GAP
Counter-Argument: "But My ZK-SNARKs Are Bulletproof!"
Cryptographic privacy is necessary but insufficient without a large anonymity set to hide user transactions.
ZK-SNARKs guarantee correctness, not anonymity. The proof only verifies a computation was performed correctly, like a valid transfer. It does not conceal the fact that you submitted the transaction to the mempool, creating a unique on-chain fingerprint for chain analysis.
A small pool is a deanonymization vector. Protocols like Tornado Cash failed because their anonymity sets shrank after sanctions, making remaining users conspicuous. Your private pool's ZK math is irrelevant if only ten people use it; statistical analysis reveals your activity.
Compare Aztec versus Penumbra. Aztec's zk.money required a large, shared rollup for anonymity. Penumbra's shielded pool uses DEX aggregation to blend swaps into a single, large transaction. The critical metric is the size of the mixing set, not the zero-knowledge proof system.
Evidence: Research from Chainalysis and Elliptic shows clustering algorithms break privacy in pools with under 100 active users. Your bulletproof cryptography operates in a statistically transparent environment where metadata is fatal.
risk-analysis
THE FRAGILE SHIELD
Risk Analysis: What Breaks Anonymity Sets?
Anonymity sets are probabilistic, not absolute; their size is the primary determinant of privacy, and several common mechanisms can catastrophically reduce it.
01
The On-Chain Linkability Problem
Even with zero-knowledge proofs, auxiliary on-chain data creates correlation vectors. A single deposit from a known address into a private pool's public liquidity source is a deanonymization event.
- Key Risk: Deposit/withdrawal patterns linked via deposit addresses or LP token flows.
- Mitigation: Protocols like Tornado Cash and Aztec require breaking this link via relayers or note decoupling.
1 Tx
Can Break Set
>90%
Reduction Risk
02
The Metadata Leak: MEV & Timing Attacks
Blockchain is a public ledger of timing. Sequential transactions in the same block from the same pool create a strong probabilistic link, exploited by MEV searchers.
- Key Risk: Temporal correlation and gas price matching across transactions.
- Mitigation: Uniform batching (like Railgun) and commit-reveal schemes are necessary to obscure timing.
~12s
Attack Window
High
MEV Incentive
03
The Sybil Attack & Set Contamination
A malicious actor can flood a pool with their own transactions, artificially inflating the apparent anonymity set while actually controlling a majority of it. This is a fundamental game theory flaw.
- Key Risk: Low-cost fake users controlled by one entity poison the set.
- Mitigation: Requires costly signaling (proof-of-stake, deposits) or trusted setup assumptions, as seen in Semaphore.
51%
Control Threshold
$0
Sybil Cost
04
The Interface & Frontend Trap
Privacy is broken at the weakest link. Centralized frontends, RPC providers, and wallet interfaces log IPs, wallet connections, and transaction metadata before encryption.
- Key Risk: IP logging, wallet fingerprinting, and tracking scripts on hosting providers.
- Mitigation: Must use decentralized frontends (IPFS), Tor, and local transaction construction.
100%
Of Users Exposed
Central Point
Of Failure
05
The Regulatory Pressure Point: Withdrawal Censorship
Compliant fiat on-ramps/off-ramps (CEXs) can refuse withdrawals from privacy pool addresses, forcing users to reveal ownership by withdrawing to a known address. This shrinks the effective set to only those not using regulated exits.
- Key Risk: Chainalysis tagging and exchange blacklists render privacy non-functional for cash-out.
- Mitigation: Purely peer-to-peer ecosystems or privacy-preserving stablecoins (DAI, LUSD).
All Major CEXs
Comply
Total Break
If Cashing Out
06
The Protocol-Level Bug: Logic Flaws
Implementation errors in the cryptographic circuit or smart contract can create unintended correlations or complete breaks. The Tornado Cash Nova vulnerability is a canonical example where a flaw allowed fund linkage.
- Key Risk: Circuit bugs, nullifier collisions, and governance overrides.
- Mitigation: Formal verification, extensive audits, and minimal, battle-tested code (e.g., zk-SNARKs from Ethereum's KZG ceremony).
1 Bug
Zeroes Privacy
Critical
Trust Assumption
future-outlook
THE ANONYMITY SET
Future Outlook: The Path to Meaningful Privacy
The future of private transactions depends on scaling anonymity sets, not just cryptographic primitives.
Anonymity sets are the metric. Privacy is a network effect, not a feature. A private transaction's security scales with the number of indistinguishable participants in its pool. A Tornado Cash pool with 10 users is a statistical failure; one with 10,000 users provides meaningful cover.
Current designs are insufficient. Most privacy tools, including many ZK-rollup L2s, create isolated privacy silos. A zk.money or Aztec transaction is only private among its own small user base. This creates a target-rich environment for chain analysis firms like Chainalysis.
The solution is shared liquidity. The next generation will aggregate privacy across chains and applications. Protocols like Railgun and concepts like cross-chain privacy layers aim to create a single, massive anonymity set. This mirrors the liquidity aggregation thesis of UniswapX and CowSwap.
Evidence: The Tornado Cash precedent. Before sanctions, large Tornado Cash pools (ETH, DAI) achieved anonymity sets in the thousands. This forced analysis to rely on probabilistic heuristics, not deterministic tracing. Future systems must engineer for this scale by default.
takeaways
PRIVACY IS A FUNCTION OF THE CROWD
Takeaways
For private pools, anonymity set size is the only metric that matters for practical, on-chain privacy.
01
The Problem: Solvency Proofs Leak Everything
Private pools using zk-proofs for solvency (e.g., Tornado Cash Nova) reveal the exact pool composition and user activity. This creates a linkable on-chain footprint, defeating the purpose of privacy.
- Revealed Data: Total deposits, withdrawals, and pool balances are public.
- Attack Vector: Chain analysis can deanonymize users by correlating pool inflows/outflows.
- False Security: Users mistake cryptographic soundness for transactional privacy.
100%
Balance Exposed
1
Effective Anon Set
02
The Solution: Obfuscation via Anonymity Sets
True privacy emerges from hiding in a crowd. A large, active anonymity set makes individual transactions statistically indistinguishable, similar to the privacy model of zkSNARKs in Zcash or coin mixing.
- Key Metric: Target 10,000+ concurrent users for strong privacy.
- Network Effect: Privacy improves quadratically with more users and volume.
- Practical Goal: Achieve anonymity sets comparable to major DEX pools ($100M+ TVL).
10,000+
Target Users
~0%
Linkability
03
The Benchmark: Why Tornado Cash Classic Worked
Tornado Cash's original fixed-denomination pools (1, 10, 100 ETH) created clean, large anonymity sets by batching identical transactions. This is the gold standard that flexible private pools must architecturally replicate.
- Homogeneity: Identical deposit amounts are cryptographically fungible.
- Scale: At its peak, the 1 ETH pool had an anonymity set in the tens of thousands.
- Lesson: Privacy requires constraining flexibility to maximize indistinguishability.
10,000+
Peak Anon Set
Fixed
Denomination
04
The Architecture: Intent-Based Batching & Settlement
To scale anonymity sets, private pools must adopt an intent-based architecture similar to UniswapX or CowSwap. Users submit signed intents, which are matched and settled in large, uniform batches off-chain before a single on-chain proof.
- Throughput: Batch 1,000+ intents into one settlement transaction.
- Cost Efficiency: Amortizes fixed proving cost across all users.
- Privacy Floor: Every user in the batch shares the same anonymity set size.
1000x
Efficiency Gain
-99%
Cost Per User
05
The Incentive: Aligning Privacy with Liquidity
A private pool is a two-sided marketplace. You must incentivize both depositors (liquidity providers) and withdrawers (users seeking privacy) to converge on the same pool/asset. This is a liquidity bootstrapping problem akin to launching a new AMM pool.
- Flywheel: More liquidity attracts more users, which improves privacy, attracting more liquidity.
- Mechanism: Use LP fees and airdrops to seed initial $10M+ TVL.
- Critical Mass: Privacy is unusable until the anonymity set reaches a minimum viable threshold (~1,000 users).
$10M+
Target TVL
2-Sided
Market
06
The Reality: On-Chain Privacy is a Public Good
Unlike scalable rollups or DEXs, private pools cannot fully capture the value they create. This creates a free-rider problem and underinvestment in the anonymity set infrastructure. The solution may require a protocol-owned liquidity model or a public goods funding mechanism.
- Economic Challenge: Privacy benefits all users, but revenue accrues only to LPs.
- Sustainability: Requires a fee switch or DAO treasury to fund ongoing development and incentives.
- Precedent: Models exist in Ethereum's PBS and Cosmos' liquid staking.
Public
Good
DAO
Funding Model
ENQUIRY
Get In Touch
today.
Our experts will offer a free quote and a 30min call to discuss your project.
NDA Protected
Confidentiality24h Response
Time to ValueDirectly to Engineering Team
No Sales Fluff10+
Protocols Shipped
$20M+
TVL Overall