The one paragraph nobody reads, but everyone should

Every zkSNARK-based mixer in production today — Tornado, Aztec, Zcash, Privacy Cash, Voidify — is built on top of a one-time event called a trusted setup ceremony. During that ceremony, a set of contributors collectively generate the public proving and verifying keys. As a byproduct, each contributor temporarily holds a piece of secret randomness called toxic waste. If, after the ceremony ends, all of that toxic waste is recoverable — because contributors saved it, leaked it, or colluded — an attacker can forge cryptographically valid withdraw proofs out of thin air. In a mixer, that means silently draining every user’s deposit, with the on-chain proofs looking mathematically identical to legitimate withdraws.

The security of the entire system therefore depends on a single property: at least one contributor honestly destroyed their toxic waste, and the others can’t get to it.

That’s the bar. Now let’s look at how two Solana mixers actually clear it.

Privacy Cash: four people who all know each other

Privacy Cash’s own trusted setup document lists exactly four contributors:

1. Zhe — from Privacy Cash itself.
2. Stan — a frontend contractor working for Privacy Cash.
3. Ilja — from Tensor / Vector.
4. Richard — also from Tensor / Vector.

Take a step back from the names and look at the trust domains:

• Contributor #1 is the project itself.
• Contributor #2 is hired by the project. There is a paying employer-contractor relationship.
• Contributors #3 and #4 are coworkers at the same external company. They almost certainly share an office, share a network, may share a laptop image, and certainly share a payroll.

Nominally four contributors. Functionally two trust domains — and arguably one and a half, because employer/contractor relationships are not adversarial.

The document’s security claim is, verbatim:

“As long as one of those 4 people deleted one of the intermediate zkey files used to generate the final zkey file, the ZK setup is safe.”

That’s the standard 1-of-N honest-contributor assumption used everywhere in zkSNARK ceremonies. The math is fine. The problem is the N, and the independence of those N.

There is also no public evidence accompanying the document of:

• the entropy source each contributor used,
• whether contributions ran on air-gapped machines,
• any third-party witnessing of the toxic-waste destruction,
• any video, attestation, or hardware-level proof,
• any reason to believe the four parties cannot be reached, subpoenaed, or coerced together.

The document is, in effect, a verbal promise from four people who all know each other.

How small is “four”? An industry baseline

Privacy Cash sits below Zcash Sprout. And Sprout’s six contributors were, at minimum, geographically and organisationally separated. Privacy Cash’s four are not.

It’s worth pausing on Sprout for a moment, because it’s not just an academic punchline. In 2018, the cryptographer Ariel Gabizon — now Chief Scientist at Aztec — found a devastating soundness bug inherited from a foundational research paper that the Sprout ceremony was built on. The vulnerability would have allowed an attacker to counterfeit unlimited Zcash without any way for the network to detect it. Zcash patched it before any public exploitation, but the lesson stands: small, closed ceremonies are the layer of zkSNARK systems where catastrophic failures actually happen, not just where they’re theorised. Sprout had six independent contributors and a published, peer-reviewed protocol. Privacy Cash has four interconnected contributors and a one-page README.

snarkjs phase2contribute — the exact tool Privacy Cash used — explicitly supports public, asynchronous, browser-based contribution. The technical cost of opening up a ceremony to the public is approximately zero. Privacy Cash chose not to.

Voidify: an open, public, reproducible ceremony

Voidify is another Solana privacy mixer in the same product category. Every claim below can be independently verified — from the open-source ceremony frontend, from the live coordinator’s observable behavior, or from the cryptographic artifacts the coordinator serves.

Anyone can contribute

The Voidify Phase 2 ceremony runs at ceremony.voidifycto.eth.limo — a single-page application served from IPFS. The frontend that every contributor's browser executes is fully open-source at github.com/VoidifyCommunity/voidify-ceremony-frontend. At the time of writing, more than 50 independent contributors have already taken part, and the queue is still open.

What contributors can verify before participating, just by reading the frontend repo and probing the live coordinator:

• The contribution flow accepts any human with a GitHub or Twitter account and a Solana wallet.
• Each identity is single-use — duplicates are rejected by wallet address and by (social_type, social_handle). No Sybil padding.
• A short contribution lock with a heartbeat keeps any one participant from squatting on the queue.

The set of contributors is not the project team and their friends. It is whoever shows up.

Every contribution is publicly verifiable

The coordinator serves both genesis.zkey and the latest current.zkey. Every accepted contribution is appended to a public contribution log. The integrity of the ceremony does not depend on trusting the coordinator's internals — anyone can download the chain and re-run the verification locally against the canonical R1CS using a single snarkjs command. If it exits cleanly, the production zkey is provably a valid Phase 2 chain extension of the genesis zkey. The coordinator can lie about almost anything except this, because the math doesn't care who's hosting it.

The genesis is reproducible from source

The genesis zkey itself can be rebuilt by anyone, locally, from the withdraw.circom source and the public Hermez Phase 1 transcript. If your locally-built genesis byte-matches the one the coordinator serves, the ceremony was bootstrapped from a circuit that anyone can compile from source — not a sealed binary handed down from the team.

Privacy Cash provides no such reproduction path.

Phase 1 capacity

Voidify uses powersOfTau28_hez_final_20.ptau — the Hermez Phase 1 transcript with capacity for 2²⁰ = ~1.05 million constraints.

Privacy Cash uses powersOfTau28_hez_final_18.ptau — capacity for 2¹⁸ = ~262,000 constraints, a fourth of Voidify's headroom. That's a circuit-design choice, not a security claim, but it tells you something about the engineering posture: Privacy Cash optimised for a smaller, more fragile envelope.

Beacon finalization

When the ceremony closes, Voidify finalises the zkey with a public beacon — a publicly auditable, after-the-fact source of randomness, typically a hash committed in a public place like a Bitcoin block — that no contributor could have predicted in advance. This forecloses the possibility that the last contributor secretly biased the output.

Privacy Cash’s document does not mention any beacon.

Side by side

What attacks look like under each model

Suppose a sophisticated attacker — a state actor, a coordinated insider group, or simply a sufficiently-resourced thief — wants to forge withdraws against the protocol.

Against Privacy Cash, they need to compromise the toxic waste of all four contributors. Two of them are coworkers in the same building. One is the project team. One is a contractor paid by the project team. A single compromised office network, a single coordinated lawful order, a single private agreement reached over a single lunch is all that stands between the attacker and the entire deposit pool. There is no on-chain signal an outside observer could use to detect the forgery either before or after it happens.

Against Voidify, they need to compromise every one of the 50+ participants who have already contributed — and every future participant who joins before the ceremony closes. Every additional honest participant — an anonymous browser session from someone in another country, a researcher in a university lab, a competitor who participated out of professional curiosity — adds another piece of toxic waste that must also be obtained. The attack surface grows, not shrinks, over time. And because the ceremony is public, an attacker who did somehow control all participants could not hide that they were the only contributors.

The first model relies on four people staying honest. The second relies on the entire population of contributors having no honest member at all. These are not the same threat surface.

What users should be asking, of any mixer they trust with their money

1. How many people contributed to the trusted setup, and are they independent? “Independent” means no shared employer, no shared network, no shared physical space, no shared payroll. Four coworkers is one trust domain.
2. Can I rebuild the genesis zkey from source code on my own machine? If not, you are trusting a binary the team handed you.
3. Can I verify, locally, that the production zkey is a valid Phase 2 chain extension of that genesis? snarkjs zkey verify is one command. There is no excuse for a project not to publish the inputs.
4. Was the ceremony open? Could anyone have participated? Closed ceremonies put a hard ceiling on the trust domain count. Open ceremonies let it grow.
5. Was the final zkey finalised with a public beacon? Without one, the last contributor’s randomness has disproportionate influence.
6. Is there an append-only public log of contributions? “We had a ceremony” without a log is a press release, not a ceremony.
7. What evidence — not promises — exists that toxic waste was destroyed? Air-gapped hardware, witnessed destruction, recorded attestations. Verbal promises are worth what verbal promises are worth.

If a project cannot answer those seven questions cleanly, the foundational layer of its privacy guarantees is being held together with social trust, not cryptography. In a mixer, where the toxic-waste compromise scenario is silent fund extraction indistinguishable from legitimate use, social trust is not enough.

Closing

Trusted setup ceremonies are the part of zkSNARK systems that almost no end user reads, but every end user is exposed to. They are the line where mathematics gives way to people — and where the integrity of the whole system depends on whether those people are independent, accountable, and observable.

Privacy Cash chose four friends and a verbal promise. Voidify chose an open ceremony — already 50+ contributors deep, with the frontend fully open-source on GitHub, a reproducible genesis, a public log, and a beacon-finalised zkey. Both projects ship the same kind of product. They do not ship the same kind of trust.

If you are a user of either: read the ceremony documents. Run the verification commands. Compare what you find. The whole point of zero-knowledge cryptography is that you should not have to take anyone’s word for it.

Voidify is a privacy infrastructure protocol on Solana. The Phase 2 trusted setup ceremony is live at ceremony.voidifycto.eth.limo and has accepted contributions from 50+ independent participants and counting. Ceremony frontend source: github.com/VoidifyCommunity/voidify-ceremony-frontend.