Blockchains allow transferring digital assets in a decentralized fashion — without intermediary central third parties while enabling public verifiability as well as the provenance of the digital transactions and data. However, the privacy issue of a Blockchain undermines user anonymity, confidentiality, and privacy in transactions. Although the usage of pseudonyms avoids linking transactions to the real identity, users are not totally anonymous in their movements. All usages behind these pseudonyms might be traceable and linkable.
Morphose breaks the on-chain link between source and destination addresses to enable transactional privacy on Binance Smart Chain. Her smart contracts use non-interactive zero-knowledge proofs, also known as zk-SNARKs that require no interaction between the prover and verifier. Once a BNB deposit is withdrawn by a new address, there is absolutely no way to link the withdrawal to the deposit, ensuring complete privacy.
Morphose works in 3 steps. “Deposit”, “Wait”, and “Withdraw”.
1 — Deposit
A user connects to Morphose app with his/her wallet and deposits BNB to Morphose smart contract to get a secret key (Note) in return.
Even though it's not necessary, it is better to wait some amount of time for other people to deposit to improve privacy.
User connects to Morphose app with a new wallet, submits the Note, and the smart contract transfers the funds to desired address by getting 0.75% commission.
Today, all privacy solutions in Ethereum and Binance Smart Chain are clones of Tornado.cash. Tornado.cash and its clones depend on third-party off-chain relayers to withdraw funds. Even though they solve the privacy problem while using IPFS and multiple relayer nodes to support decentralization; if a third-party off-chain node is between the depositor and withdrawer, then that node may risk de-anonymizing the user.
A relayer as a general term is a 3rd party that relays some information from one party to another. In Blockchain, the relayers are collecting off-chain orders people send them, and relaying them to parties that request these orders to possibly fill. In privacy protocols, relayers are used to pay the gas fees to withdraw to an empty wallet. In this way, a depositor can pay the gas fee for the withdrawer. However, relayer-based architectures have three main drawbacks: (1) They may be considered as centralized intermediaries with potential for censoring transactions (2) They are technically/economically inefficient due to the gas fee required for the relayer’s transaction and their business need to make a profit on top of the gas fees (3) The use of relayer-specific protocols forces applications to rely on off-chain infrastructure with uncertain availability guarantees.
Of course, relayers use encryption and they are secure but since they are servers and not smart contracts that can't be updated; data can be logged or manipulated by the third-party owners of the server. Choosing the right business entities and controlling them is the best practice. However, at the end of the day, relayers are off-chain third-party that bring centralization to the Blockchain. What they run is not an immutable on-chain smart contract that cannot be changed and that is public. They are the middleman in between the privacy of a person, taking commisisons from every transaction in a process that user's privacy is vital. This is why in order to achieve full privacy, the deposit-withdrawal process must not depend on any third party and it should stay on-chain.
Morphose is the first fully decentralized protocol for private transactions on Binance Smart Chain (and Ethereum). That means her smart contracts are immutable without admins or owners, her UI lies on IPFS and she doesn't depend on third-party off-chain relayers. Morphose also takes the lowest commission of 0.75%, has multiple denominations, and uses lower gas fees than any other competitor.
Funds still can be withdrawn into an address with no BNB balance, but the wallet that withdraws the funds has to pay the gas fees. While this may create a small usability problem when withdrawing to an empty wallet, it actually makes Morphose cheaper, more private, and fully decentralized. Morphose also solves this problem by her non-compulsory decentralized faucet. For every 1 BNB withdrawal, the user can get its gas fee from the Morphose faucet which is an internal part of Morphose UI that lies on IPFS. In this way, the user can withdraw to an empty wallet without depending on a third party, and rather than paying a high commission to a business entity, the user can reduce the already low 1% commission to 0.75%.
MembershipVerifier: 0xF90E93Bc6a27283947Dd06D6F60Ac7bC09c5012E (no owner or admin)
MorphoseAdmin: 0x0b712301a34F8Adb297F0b6808503c6278E3aa0B (owner renounced, no admin)
Morphose 0.1 BNB Denomination: 0x97AC13e4c54Aca77d3F5E234f3999199882c4850 (no owner or admin)
Morphose 1 BNB Denomination: 0x333fe38C163eCC897bD2AE2cA2615659b6576661 (no owner or admin)
Morphose 10 BNB Denomination: 0x15d8c1c08e20a911c37C2B3D6dD3de20Cf80eC21 (no owner or admin)
Morphose 100 BNB Denomination: 0x634cCA5d5593f029067A63E448beAbBE105B1aC7 (no owner or admin)
Morphose 1000 BNB Denomination: 0x98Fe8cb971F1e12237461Bc20F3CB5BE90E3953d (no owner or admin)
Note that Morphose has been uploaded to IPFS once and won't be changed. This is why the IPFS address may not be the latest version in terms of text content but functionality will remain the same.
Proposals to evolve Morphose can be created on her Snapshot page. Every proposal will be voted by the community using MORPH tokens. The current backend functionality of Morphose won't be changed since smart contracts are immutable. New UI features can be introduced and new Blockchains can be supported. Morphose will evolve to V2 protocol by ETH 2.0 or a layer 2 solution. Features for V2 are accepted. If you have ideas to make Morphose better, please create a proposal on Snapshot page. You can also pre-discuss your ideas on Discord development channel.
Morphose is audited by Etherscan listed professional audit company SMCAuditors. Until the v2 version, no more audits with current smart contracts are planned. In the v2 version, smart contracts will include combined staking, multiple token support, EIP additions, and MORPH as privacy token. Working with SMCAuditors and Peckshield is planned by the community.
Zero-knowledge proofs (zkSNARKs) enable Morphose to obfuscate deposited token history without revealing which exact deposit corresponds to the secret (note). In cryptography, a zero-knowledge proof or zero-knowledge protocol is a method by which one party (the prover) can prove to another party (the verifier) that they know a value X, without conveying any information apart from the fact that they know the value X. It's a technology similar to Zcash that you can read in great detail on their website.
Morphose uses Circom circuit programming language and Circom compiler to use zero-knowledge proofs. Once a circuit is created in Circom, it is generated and validated a zero-knowledge proof associated with that circuit with snarkjs library that produces artifacts required to generate and verify proofs associated with Circom circuits. For Merkle tree and signature verification, Morphose uses Circom’s poseidon hash function. Merkle tree depth is 20 that allows up to 1 million deposits for each denomination. EVM Istanbul fork is being used in compilation. Morphose uses code from Zcash, tornadocash, furrious and miximus Ethereum mixers as well as merkletree, Circom and snark libraries. We all thank the creators of these projects for their hard work.
Morphose works similar to what Vitalik Buterin said in one of his notes Minimal Mixer design but excludes the "relayer registry" contract he mentions. She uses the withdrawal function like a relayer to make the process even more minimal (we can actually say she doesn't use a relayer). This simplicity profoundly saves gas fees that Morphose (and similar zkSNARK solutions) can't save in the deposit function due to the necessity of high Merkle tree depth. As a result, Morphose still uses fewer gas fees (deposit+withdrawal) than Tornado.cash and its clones. It makes the protocol fully decentralized as well. However, it creates the need for the withdrawer to pay for gas fees.
While this need may cause a small usability problem in some cases, privacy-wise it forces the user to use a new wallet to interact with the contract when making a withdrawal. It also removes the risk of relating the depositor with the withdrawer. Morphose solves this problem by its decentralized faucet as well. For every 1 BNB withdrawal, the user can get its gas fee from Morphose faucet. In this way, the user can withdraw to an empty wallet and reduce protocol commission to 0.75%. Faucet is an internal module of Morphose UI that runs on IPFS. It's trustless, not a third party and it doesn't get involved in the process of deposit-withdrawal like a relayer. It works no different than the Binance Smart Chain Faucet, this time dripping gas fee for every deposit to the Morphose denomination contract by comparing hashes through BscScan API.
A better protocol design would be using account abstraction (EIP2938 proposal) that allows the Morphose contract to be the top-level account that pays fees and starts transaction execution. The account abstraction feature has been implemented to EVM but its improvement proposal is waiting for approval. Morphose will evolve to Morphose 2.0 protocol when EIP2938 gets approved. Deposit and withdrawal currently work roughly as below:
Validate the deposit amount and denomination.
Generate secret and nullifier.
Register deposit to one of the Merkle tree leaves.
Set the final numbers of units and anonymity sets.
Send Binance Smart Chain transaction to Morphose contract.
Provide the user secret (note) to withdraw funds.
Get the user secret.
Validate Merkle tree root.
Validate if note already spent.
Validate zk-SNARK proof.
Save nullifier as withdrawn.
Update unit numbers and anonymity sets.
Transfer 99% of the denomination to the wallet or destination address.
Transfer 1% of the denomination to the Fees Collected Fund of the treasury.
Send Binance Smart Chain transaction to Morphose contract.
Morphose is created to solve problems of other privacy solutions. Here is a brief list of other popular privacy solutions compared with Morphose.
Tornado, Haze, Swirl, Typhoon, Suterusu
Difference of Morphose
Tornado cash and clones(Haze, Swirl, Typhoon) depend on Relayers to pay gas fees. The off-chain relayer server can be manipulated by the relayer. Suterusu uses an off-chain relayer under the name of layer-2 and it can be manipulated by them. Morphose is on Blockchain and IPFS only and can't be manipulated.
Using Morphose, users can send 9 BNB in a single deposit transaction and gas cost, fully on Blockchain. All others need to transact 9 times and pay 9 times more gas cost. Suterusu sends funds off-chain and converts BNB to some other tokens to do this.
0.75% and lower commission or Free
1% or higher commission
Morphose takes %1 commission but pays back near 0.25% as a gas fee to withdraw funds. Morphose also pays back the rest 0.75% as MORPH to MORPH holders to make the protocol use fee. Swirl and Typhoon take at least 1%. Tornado takes 3% and Suterusu takes more than 3% by taking hidden commissions attached to gas fees.
Lower Gas Fees or Free
Higher Gas Fees
Morphose doesn't use a relayer that gets a commission to pay for withdrawal gas fees. She intentionally doesn't support saving notes on blockchain or off-chain that causes storage fees and risks privacy. She doesn't add fees to gas costs as well. All these make Morphose gas fees up to 50% cheaper when compared to any other solution. As stated, Morphose pays the withdrawal gas fee back for every 1 BNB.
Designed to support two-party use
Designed for single-party use
Like any other mixer, Morphose supports single-party use such as Alice withdrawing her own deposit with a new wallet. However, Morphose supports Alice to send Bob funds with no third party in between, such as a private peer-to-peer sales transaction. Alice can deposit to Morphose, text note to Bob just like any other text message and Bob can withdraw without involving any third-party relayer in between.
Send multiple parties with a single note
Need multiple notes to send multiple parties
Morphose supports withdrawal to multiple destinations at once. For example, Alice can deposit 3 BNB, and using the same note she can send Bob, Jason, and Sally 1 BNB each in consecutive withdrawals. Other solutions would need 3 deposits and 3 withdrawals.
Morphose has MORPH token only on Binance Smart Chain with a maximum supply of 100K with a circulating supply of 49500. There are 2 uses of MORPH token:
Voting: for governance proposals on Snapshot.
Rewards through combined staking: If a depositor is holding a deposit amount of MORPH tokens, the withdrawer gets protocol commission paid back as MORPH and reward MORPH for short-term holding funds in the protocol. For details please refer to earn section.
Discounts in other platforms: Morphose launches on a new Blockchain every month. In other Blockchains, 10M supply xMORPH token will be used for staking. This token won't be listed publicly (such as on Coingecko) and it will only be specific for that Blockchain, to be given as rewards. There will be presales to create liquidity for xMORPH. Presale buyers will be able to buy xMORPH for a %30 discount if they hold MORPH. Long-term MORPH holders will get up to a 50% discount. In addition to this, only MORPH holders will be earning 25% more xMORPH when using the protocol.
Since MORPH token supply is limited to 100K (compared to 5M-10M tornadocash clone supplies) there won't be any token burns. In v2 of Morphose, MORPH will be a privacy token through a layer-2 solution that will be integrated with Binance Smart Chain (similar to zkDai).
In order to create seed financing, there was a presale on the Bounce platform which ran until the 11th of April 2021 and ended on the 7th. 25% of the total supply (25K tokens) offered for 1/250 BNB (1 - 1.5$) for 2 weeks. Financing created after presale used as below:
80% financing provided to PancakeSwap liquidity pool (80BNB) with 21500 MORPH tokens to create initial pricing of 1.75$. All liquidity locked on Team finance for 12 months.
20% financing (20BNB) used for marketing the PancakeSwap offering and further marketing.
As in all Morphose contracts, MORPH token ownership is renounced. MORPH token contract is ownerless and its operator is obsolete. All 100K supply is minted to Morphose Deployer account and strategically locked on Team Finance to prevent any risk of removing liquidity or mass selling. The locking strategy is as below:
Presale Tokens: 25000 tokens sold as unlocked on Bounce.
LP Tokens: 21500 tokens used for initial liquidity and locked for 12 months on Team Finance to prevent any chance of abruptly removing liquidity. 3000 given to the initial developers.
"Treasury" is the community-owned Morphose. It consists of the following funds:
Fees Collected Fund
While each of these funds has a primary purpose, the community can vote to repurpose or redirect these funds. The purposes of the funds are as follows:
Presale Fund: Morphose collected 100 BNB in its presale. The Presale Fund is the fund where the presale funds are (were) collected. All funds used back for the project in a transparent way. 80 BNB used for Pancakeswap Liquidity pool, 15 BNB used for marketing the listing, 5 BNB used for supporting the initial developers. Community Fund: The goal of the Community Fund is to finance advertising, reward users, and sponsor engagement within the community. This can include things like:
Financing paid ads.
Financing paid articles.
Financing social media influencers.
Rewarding repeating protocol users.
Rewarding community members.
Rewarding long-term token holders.
Rewarding content creators.
Rewarding volunteer moderators.
From monthly token unlocks 40% will be allocated here. Reward tokens will be distributed mainly from here. The community owns the community fund and its fund allocation can be voted on Snapshot.
Developers Fund: The goal of the Developer's Fund is to finance developers so they keep on making Morphose better. From monthly token unlocks 40% will be allocated here. Reward tokens will be distributed from Developers fund when there is demand. The use of LP funds is subject to discussion within the community on Snapshot.
LP Fund: The Liquidity Provider Fund provides tokens liquidity to liquidity providers, second layer liquidity mining partners, listing partners, and exchanges so MORPH Token has a strong liquid market. Bought back MORPH tokens and BNB liquidity necessary from Fees Collected Fund is collected here. From monthly token unlocks 20% will be allocated here. The use of LP funds is subject to discussion within the community on Snapshot.
Fees Collected Fund: Morphose protocol collects a 1% fee from each withdrawal transaction. They are collected in Fees Collected Fund. This fund will be used for creating a healthy ecosystem for the Morphose protocol. Fees collected here will be used mainly for supporting LP Fund as explained above sections. The fund can be used for other purposes. These purposes may be supporting marketing or supporting the developers. The use of the fees collected fund can be discussed as a community proposal on Snapshot.
Morphose solves the on-chain privacy problem. There is also the off-chain (network) part of the privacy that needs to be considered. Unless the user gives the Note to someone else and uses a new wallet address to withdraw, there is no way to fully link deposit and withdrawal through "public" wallet addresses (on-chain). However, IP address can also be considered public information because it is known by the ISP (off-chain). So even though withdrawal to a new wallet address is enough to break the link and make the transaction private, using a new IP while making a withdrawal will solve the off-chain privacy problem to create full privacy (on-chain and off-chain). Here are the tips to solve network-level privacy while using Morphose.
Use VPN to get a new IP while making a withdrawal. Preferably use Free Proton VPN or Free Open VPN through Tunnelblick. The best is to use Tor with VPN even though it may not be practical for everyday use. If you are going to pay for a VPN better not pay with your credit card but pay with cryptocurrency (preferably bought thorugh OTC ).
If you are using a public RPC to connect Metamask it might know that your addresses are linked. If you are withdrawing with a wallet use a different browser than the browser you used for the deposit.
Morphose has an "Earn" program to give half of the monthly unlocked MORPH tokens as rewards to increase protocol use. These are the details about the program:
For 0.3 BNB to 10 BNB deposits, if the depositor has the deposit amount worth of MORPH tokens in the deposit wallet:
Protocol use will be for free through paying back MORPH. 1% commission for 0.3 to 1 BNB, 0.78% commission for 1 BNB will be paid back as MORPH (rest as BNB for withdrawal gas fee).
In addition to Free Protocol usage, up to 200% APR can be earned for a short time frame and can be repeated.
The depositor will be eligible to earn MORPH tokens as long as BNB stays in Morphose and MORPH stays in the depositor wallet.
If MORPH moved (or moved and returned back) from the wallet while BNB is in Morphose user won't be eligible.
Once the BNB amount is deposited, deposit BNB worth of MORPH in the wallet is treated by Morphose as "locked", and the user won't be eligible to use it in other deposits.
For privacy reasons, MORPH tokens are sent only to the withdrawer wallet address with the funds withdrawn.
Token distribution is being done from the faucet. The Faucet works detached from the deposit-withdraw frontend logic and backend smart contracts so there is no risk of relating the depositor-withdrawer (unless withdrawn tokens sent back by the withdrawer to the depositor wallet address).
APR Percentages that users can earn are as below. Numbers are deliberately targeted to create short-term use in the protocol to increase the anonymity set.
For holding funds 0 to 8 hours withdrawer earns 200% APR in MORPH.
For holding funds 8 to 16 hours withdrawer earns 150% APR in MORPH.
For holding funds 16 to 24 hours withdrawer earns 100% APR in MORPH.
For holding funds 1 to 3 days withdrawer earns 50% APR in MORPH.
For holding funds 3 to 7 days withdrawer earns 25% APR in MORPH. Holding funds for more than 1 week will give the same return as 1 week. For example, holding 3 weeks will return the same amount that would yield if funds were held 1 week.
For example; if 1 BNB is 400$ and 1 MORPH is 10$, When 1 BNB deposited and 40 MORPH held in the depositor wallet, in 8 hours user earns 0.109 MORPH as rewards and 0.312 MORPH as commission paid back using the below formulas:
Reward Calculation:yearInSeconds = (365 * 24 * 3600)earnAprFor8Hours = 2001BNBWorthMorph = 408HoursTimeInSeconds = 28800secondlyEarned = (1BNBWorthMorph * (1 + (earnAprFor8Hours/100))) / yearInSeconds8HoursTimeInSeconds * secondlyEarned = 0.109Commission Calculation:1BNBWorthMorph = 40percentToPayBack = 0.781BNBWorthMorph * (percentToPayBack/100) = 0.312
Morphose does not collect any user data, blockchain data, server data, or browser data. These are the measures Morphose takes:
Backend (smart contracts) are verified and open on Binance Smart Chain.
Frontend (UI) is hosted in a decentralized way on IPFS and can be accessed using the link morphose.eth.link.
Secret key (note) after deposit only shown/saved on the client-side to be known/owned by the user.
Morphose is not being run by any person, entity, organization, or community. All Morphose smart contracts are ownerless and her UI runs on public IPFS. This is why
Morphose doesn't, and can't provide any data to authorities because she is an ownerless protocol that runs by herself on public and decentralized Binance Smart Chain and IPFS.
Morphose is non-custodial. This means that only the user has control over the funds and it's the user's responsibility to use the protocol for any purpose.
The vision of Morphose is to make private transactions on Blockchain accessible to everyday users. This is important. Morphose doesn't directly target technical users such as hackers, developers, or anonymous project owners. Morphose targets non-technical and less experienced users to offer them a choice of privacy. To make this vision reality Morphose community will work on educating the users and making the protocol trusted, easy to use, cheap and accessible in popular Blockchains.
Morphose runs on Moonbase Alpha Testnet so she's Polkadot ready. She also runs on Ethereum Mainnet and uses less gas fees/commissions than Tornado.cash (10% more in deposit, 25-35% less in withdrawal). The initial developers of Morphose had a deep belief in Binance Smart Chain and Polkadot so they targeted Morphose to serve in BSC first and then Polkadot parachains. This won’t change. So, Morphose community's roadmap is first; be the first choice for private transactions on Binance Smart Chain. Second; fully support and dominate Polkadot parachains as they launch. Third; make Morphose the first alternative for Tornado.cash on Ethereum.
In parallel to all these Morphose will evolve to Morphose 2.0 protocol when the account abstraction feature of EVM (EIP2938) gets approved (with ETH 2.0 or soon with a fork) and MORPH will be a privacy token similar to zkDai (with ETH 2.0 or soon with layer-2 solution). New Blockchain developments such as Polygon, Fantom, Solana, and Cardano are also closely followed and according to user demand, Morphose will run on these Blockchains as well.
The timeline for the roadmap will shape according to the development of EVM technology Morphose is based upon and popularity of new Blockchains. The plan is to launch on a new EVM-based blockchain every month (Polygon and Fantom first) while developing non-EVM solutions with 3 months deadlines in parallell (Solana using Rust and Cardano using Haskell). EIP2938 and appropriate layer-2 to make MORPH privacy token development will start once the technology necessary is available.