Atomic Cloak

Atomic Cloak

Mixer-style privacy preserving cross-chain atomic swaps. Withdraw ETH and ERC-20 from L2 anonymously and instantly via a liquidity provider. Link:

The problem Atomic Cloak solves



  1. Slow or centralized withdrawals from optimistic L2;
  2. Everlasting desire for token anonymization tools.

Solution: Atomic swaps using Schnorr-locked time contracts.


ETH and ERC-20 token transfers between L2s and L1 have several limitations. For optimistic rollups, a user must choose among two evils: either to wait for long withdrawal period or rely on a centralized cross-chain service.

ZK rollups offer a much better deal in theory: tokens could be withdrawn as fast as a ZK proof is generated and verified and the technology can be used to provide a native privacy protection. However, in practice current ZK-rollups are still not instant (e.g. zkSync waits for 1 day to be on the safe side), and they face pressure from governments to avoid any anonymization functionality.


Our solution extends the idea of Hash Timelocked Contracts to Schnorr Timelocked Contracts, based on this paper. Main idea: the hash function is chosen so the opening commitments on two different contracts can not be linked by a third party. Ether and ERC-20 can be swapped using the contract.

The privacy-protection of Atomic Cloak is based on a mixer + account abstraction. From the outside, STLC counterparties cannot be identified and all requests created at the same time cannot be distinguished from other requests of the same value tier. Also it is impossible to determine the destination chain of tokens, so several cross-chain swaps with random wait times can obfuscate token sender very well.

The web application in this repo provides 3 modes out of the box using LPs:

  1. Fast bridge: send tokens to your address on another chain.
  2. Mixer: send tokens to another account on the same chain.
  3. Cross-chain privacy preserving atomic swap: send tokens to another account on another chain.

See deployments:

Challenges we ran into

We faced several challenges :

  1. Efficiently implementing cryptography for Schnorr Timelocked Contracts.
  2. Indexing all relevant on-chain events (opening and closing) to provide a comfortable UI.
  3. Closing an anonymized swap could still be tracked to the gas payer and thus to the closer.
  4. Gas-efficiently opening many STLCs for liquidity providers.
  5. Deploying AtomicCloak contract to different chains with the same address.

Solution to 1: Abuse


opcode to multiply an EC point with a scalar as explained here.

Solution to 2: use The Graph to listen to emitted events.

Solution to 3: account abstraction. Using [EIP-4337][] protocol, the SLT contract itself can pay swap closure fee for a small fraction of the swap amount. To close a swap, a user can create a UserOperation with the reveal data, and can withdraw tokens to a fresh empty account. Note that a user can also close with a transaction (e.g. to use on chains with no AA features), but this will provide risks for privacy.

Solution to 4: account abstraction. We use transaction batching feature of EIP-4337 to open many atomic swaps with a single transaction.

Solution to 5: deploy everything via factories that use