Enshroud FAQ

Enshroud is a privacy protocol that wraps value in encrypted NFT metadata -- "eNFTs" -- allowing private transactions on public EVM chains without the gas overhead of zero-knowledge proof.

Enshroud is not ZK-based. It utilizes ordinary symmetric AES256 encryption with ephemeral random 256-bit keys, unique for each eNFT.

No, Enshroud is not a mixer. Metadata tracking the senders and recipients is always available to anyone who can use Etherscan to view the event logs from smart contract transactions.

The benefit of Enshroud is not to obscure the parties to a transaction, but to obscure the substance of that transaction. It's a user-actuated anti-surveillance tool, something like email encryption for blockchain value transfers.

Just because something is encrypted doesn't mean it's true. To prevent users from lying (such as by sending a payment where outputs exceed inputs), user operations are "attested" (cryptographically signed) by multiple MVOs (Layer2 validator nodes), who sign off on what the user is doing. These MVOs are randomly selected from the validator set and do of course see details of the transactions they were selected to process.

This is analogous to what occurs with privacy systems based on CoinJoins, Ring Signatures, Mimblewimble, or other mechanisms in which one or more "master node" validators can see the individual spends and combine them into a joint transaction obscuring the separate components.

Enshroud makes this safe for users' privacy by using the same mechanisms as in various other privacy protocols such as Monero or Dash:

Random validator node selection from a validator set large enough to ensure no one validator sees a useful percentage of a given user's transactions;
A staking requirement for validator nodes, exposing them to slicing if any improper disclosures did occur;
A diverse set of MVO owner/operators who are mostly anonymous to one another and have no common interests beyond the general success of the protocol;
MVO nodes run published source only, which can be seen not to save or record any sensitive data. (And unlike with e.g. Monero nodes running merged mining apps composed by who-knows-who, MVOs do not run customized software, only official releases.)

We don't perceive this issue as more than a theoretical concern. Nevertheless we must acknowledge that zealous "the only acceptable number of trusted parties is zero!" dogmatists will insist it's disqualifying, and that's fine.

Know what kind of tool you are holding. Enshroud is verification-based, not proof-based. This is a conscious deployability tradeoff.

Yes, in fact every L1 or L2 network is "semi-centralized" simply because the validator set is finite. Ethereum Mainnet has nearly a million active validators, and yet people still raise this complaint due to concerns about overlapping ownership. Ditto for Bitcoin mining pools re 51% attacks.

What we can say here is that at Launch there were 21 distinct MVO nodes, with no more than a max of 3 operated by any single owner. At a theoretical full build-out, there could be 200. We can also say that at no time will a majority of MVOs be owned by founders, team members, or other "insiders," either individually or collectively. As new MVOs get established by parties who purchase their staking tokens from the Crowdsale, this will become unavoidable.

Note too that MVO nodes never touch user funds. They merely serve as encryption engines which users enlist to encrypt their transactions with attestation so that other users can rely on them.

The TL;DR version: because non-anonymous teams doing crypto privacy projects have a uniquely disturbing tendency to get prosecuted.

It seems that in order to discourage the development and use of privacy technology, TPTB have resorted to holding the authors of code responsible for the actions of its users, even when the system is strictly non-custodial and P2P. So of course the team is anon! Furthermore the system is strictly non-custodial, and not $1 of VC funding was used to build Enshroud (hence no compliance backdoors were required or implemented to "protect investors").

For those who think anonymous teams imply intent to commit future rugpulls, we dealt with this by avoiding any mechanism by which admin keys could remove vaulted value or generate transactions (other than as ordinary users). Hard to have a rugpull if there's no rug.

Look ma, no cookies!

Because there's no corp.

Because modern websites with ad cookies and tracking pixels and CDNs all over the internet are appalling from a privacy perspective and it would be hypocritical in the extreme for a privacy project to deploy one.

Because it's purely an informational site that doesn't even need Javascript to function, let alone cookies. And we like it that way.

Because visitors with the attention spans of goldfish who need snappy 30 second videos to get the gist of a site or a project aren't going to read the details or use the tool anyway.

Anonymous team means no social media. (A private support forum exists; see page footer.) Yes, the team has past projects. But we cannot disclose them without forfeiting our anonymity.

The roadmap is essentially complete with the MVP deployment. Further actions (if any) will depend upon market feedback.

No VC involvement + 100% in-house development implies no partnerships.

Influencer endorsements require ~~bribes~~ donatives, which again are incompatible with an anonymous project. Ditto search engine placements.

Consequently there is no budget for marketing, and we have no intention of raising one. Does this mean we're on a dead-end path because without advertising or organized promotion on podcasts, at crypto conferences, etc., few will ever hear about Enshroud and it will never be widely used? Possibly, but we're okay with that. Nothing wrong with a kind of internet-based small business that caters to a select clientele of the cognoscenti. The work is its own reward, and it's a tool we wanted to have available. Fame is unwanted, while fortune is nice but optional.

Again, not compatible with an anonymous team. Our own website is sufficient, and more authoritative anyway. Nor is the project under active collaborative development at this time.

Most importantly (from our perspective), Github = Microsoft = PRISM = dark side, as Ed Snowden warned us more than a decade ago. And after the way Github dealt with Tornado Cash and its devs, surely nobody should post any privacy-related code on their platform.

No, it's quite different. At one point we composed a document to compare/contrast the visions of Enshroud and TC. It's available here.

In addition, note:

Enshroud is not a mixer.
The team is anonymous.
We took no VC money.
No one is going to drop ad spam into Telegram channels frequented by carders and ransomware processors saying "here, use our great new money laundering tool!" -- something which was done by both TC and Samurai wallet projects (and is likely the single largest reason they were convicted, truth be told).

A number of steps have been taken to make Enshroud harder to censor, attack, or otherwise suppress. Some of these are technical (design features) and some are purely procedural; both aspects are important.

The team, founders, etc. are all anonymous. We never mention it publicly, take no credit for our own work, and will not be promoting it in any way.
Not $1 of venture capital (VC) money was utilized. A VC must squeeze out regulatory risk to protect investors, which virtually guarantees any VC-funded project will be "compromised" from its inception. (As with essentially every ZK-proof related project, all of which can perform "involuntary selective de-anonymization" on their users.)
There is no corporate instantiation of the EnshroudDAO; it will exist on-chain only. So a non-incorporated DAO is deemed a general partnership? Very well, now good luck documenting who the general partners are.
No "rugpull" mechanism exists. This also deters legal seizures and $5 wrench attacks (were parties ever compromised).
There are no other corporate entities, filings, accounts, licenses, or anything else labeled "Enshroud." Near-zero global footprint.
All token Timelocks (for team tokens etc.) were distributed evenly across many addresses (i.e. no "whales").
In accordance with best practices, all Treasury wallets are Safe{Wallet} smart contracts.
The L2 servers communicate only via a VPN. In fact there are parallel VPNs with automatic failover, so that the VPN itself doesn't become a single point of failure. No L2 node exposes its services on a public IP.
L2 nodes encrypt their inter-node VPN traffic with a further layer of encryption and signature validation based on RSA-4096 keypairs. This prevents one node from impersonating another, and blocks eavesdropping by peers and relays within the VPNs.
All user interactions are encrypted end-to-end using ECIES, which does not require HTTPS certificates (which are vulnerable to MITM attacks facilitated via captive CAs).
In addition, all user-to-L2 comms go through HTTP proxy channels secured by ssh connections over the VPN, so that user IP addresses are never exposed to L2 nodes.
The dApp is hosted on IPFS, with many backup pinning hosts. Even if this website were taken down, the service would remain accessible.
Receipts are permanently deletable by the parties to any transaction, along with the AES keys which decrypt them.
AES keys decrypting circulating eNFTs can be accessed only via requests signed by the owning wallet account, and after eNFTs are burned their keys are destroyed permanently. This makes forensic analysis of transactions involving historical eNFTs effectively impossible, even if legal process could be served.
L2 hosts are distributed across four continents and multiple hosting companies providing anonymous service.
Owning users can download local copies of their eNFTs (plus their AES keys) at any time for backup purposes. ("Not your keys, not your coins.")
Our positioning as a user-actuated anti-surveillance tool (much like email encryption for payments on EVMs) renders any suppression of Enshroud a form of censorship, and creates extremely poor optics for state-facing attackers.

For additional pro-privacy design features, please see our white paper.

Is all this perfect? Probably not. (It's conceivable the smart contract could get sanctioned, for example -- as TC's was for a while.) But we do think it's better than what's being built in the ZK world, where (make no mistake) there always exists a single legal entity with a physical office that has total access to all user transaction data and history.

Perhaps, but no more toxic than money in the bank or cash in your wallet. To make the "toxic by default" argument is a false binary choice fallacy, as no truly "non-toxic" option exists. What happens in a Privacy Pool when somebody who proved up "clean" when they entered gets designated as tainted later on? Guilt by association is arguably more pernicious when an association can be proven. Whereas if a customer of a bank is convicted of a financial crime, does every account holder in that bank become suspect? Does the bank? If millions of dollars in cash are seized in a record drug bust, does that make the bills in everyone's wallet tainted? Of course not. And yet advocates for Privacy Pools seem to believe that this "toxic" standard should be adopted for cryptocurrencies. Result: we need to prove we don't actually require privacy before we're allowed to have any. The even more fundamental problem is that this approach violates fungibility, a key characteristic of money itself.

To prevent gaming. We do not for example consider it legitimate to score points for an address by repetitively depositing worthless Erc20 tokens. Likewise making dust deposits from a large number of addresses. Similarly, specifying clear sampling periods will lead to gaming behavior. Suffice it to say that when the time comes, actual users will be rewarded according to reasonable, published and verifiable criteria.

Currently, Ethereum Mainnet and Ethereum Testnet (Sepolia). The Layer2 can support any number of EVM-compatible chains, but there is no pending deployment of the smart contracts onto other chains at this time. (That will depend upon market demand.)

Very possibly. :-)

But then probably 90% of crypto users don't care about privacy to begin with and never worry about it. It's a niche market to begin with. Protocol-level privacy (if it ever arrives) depends on "LeanEVM" concepts and/or pie-in-the-sky EIPs. We are what exists today.

The higher the fewer.

Honestly? Two main groups:

AI agents
Human Web3 power users

Use by the general public is impractical. And before long, we expect group 1 will outweigh group 2.

Enshroud FAQ

What is Enshroud's encryption tech? Is it ZK-based?

Is Enshroud a mixer?

Are MVOs trusted parties, and can they leak details?

Isn't the L2 network semi-centralized?

Why is the team anonymous?

Why isn't this website glitzy and "corporate"?

Why is there no social media community, roadmaps, partnerships, influencer endorsements, or marketing?

Why isn't the project source code on Github?

Isn't this just Tornado Cash 2.0, and sure to get taken down?

What steps have been taken to mitigate against attack?

Without compliance mechanisms, doesn't the anonymity set become toxic by default?

Why are the user token airdrops so vague?

What blockchains are supported?

Isn't this a bit too complex?

Who is the intended target market for Enshroud?