Contents
Entrance
What are Confidential Transactions?
An overview of the cryptography used
What can Confidential Transactions achieve?
Latest Ideas
Entrance
It is considered critical for the system to be transparent in the operation of a blockchain. This means that each node on the network can keep a copy and verify that no rules have been broken. In most distributed ledgers, anyone can install an online block browser that allows them to search through blocks, transactions, and addresses.
From a privacy perspective, this approach is not ideal. In a system like Bitcoin, each transaction is linked to the one before it. The coins are technically non-fungible, meaning that each coin can be associated with certain transactions. No one can stop you from sending bitcoins, but if these coins have already passed through a blacklisted address, transactions from you may not be accepted.
In the worst-case scenario, non-identity can profoundly affect the system from its very foundations. Clean coins gain a premium, while other older ones may become less valuable due to their transaction history.
Bitcoin's level of privacy is often exaggerated. Just as coins can be tracked, users can also be tracked. Users' identities are not known (their full addresses are seen instead of their names), but there are flaws in this too. Sophisticated analysis techniques can combine addresses to reveal the identity of network entities with increasing accuracy.
One of the proposed upgrades to make transactions truly private is Private Transactions.
What are Confidential Transactions?
Confidential Transactions (CT) was first introduced by Blockstream CEO Adam Back in 2013 and later expanded by Bitcoin developer Gregory Maxwell. Maxwell listed the problems we mentioned in the first chapter (non-identity and weak identity privacy) and proposed a solution for them. The solution involves hiding the transferred amounts from the rest of the network, making them known only to the parties involved in the transaction.
Under normal circumstances (when transactions are publicly visible) it is fairly easy for a node to verify that the amount received does not exceed the amount sent. If Alice wants to send 0.3 BTC to Bob, she first takes an unspent output (say 1 BTC) and splits it into two parts: 0.3 BTC to send to Bob and 0.69 BTC to be sent back to herself (the remainder as a mining fee). used).
This creates simple arithmetic for the other nodes: 1 is greater than 0.3 + 0.69, the signatures are all correct, and Alice's input has not already been spent elsewhere, so the transaction must be valid. When the amounts are hidden, things are not that easy. How can one evaluate whether an unknown amount exceeds the sum of two other unknown amounts?
An overview of the cryptography used
Encryption is required to hide data. But traditional methods are like putting documents in a safe: once put in, they become unusable until they are taken out. What is needed for Private Transactions to work is a digital vault that will make the contents invisible but allow the properties of those contents to be verified by an outsider.
The answer lies in homomorphic encryption, specifically a scheme called the Pedersen commitment. This type of encryption allows an outside party to perform operations on encrypted data (they cannot see this data) for various purposes.
A standard hash application can be used for the data that is to be made visible later. Let's say you will announce a contest on social media and those who can guess your favorite exchange will win 0.01 BTC. In such a case, participants may be suspicious of you choosing an exchange that did not come as a recommendation by looking at the answers after the competition is completed.
What you can do here is provide your followers with a hash, a string that appears to be random numbers and characters but points to a specific entry. You pass your exchange through a function to get a specific output. For example, the SHA256 algorithm looks like this:
f1624fcc63b615ac0e95daf9ab78434ec2e8ffe402144dc631b055f711225191You can't guess what the input is by looking at this. Also, you cannot access the input by returning the function. However, if you know the entry is “Binance” you can easily verify that its hash is the same as the one shown above. This way, your followers can know that you will not change your answer after the contest ends, because changing the answer will create a completely different outcome.
But realistically, this approach would not be very safe. While your followers can't reverse engineer the algorithm, they can create a list of possible exchanges and hash each of them until they get a match. To reduce the chance of this happening, random data called a blinding factor can be added to the data to be hashed.
If our input is “Binance is my favorite exchange and I like it more than any other exchange 2#43Wr” it becomes much harder for someone to guess this (and for 0.01 BTC it is almost certain that no one will try this).
A Pedersen commit allows us to add input behind commits. Maxwell shows this as follows:
C(BF1 + D1) + C(BF2 + D2) = C(BF1 + BF2, D1 + D2)BF is the blanking factor and D is the data
From this point there are a few more steps involving elliptic curve cryptography and range proofs, but the basic idea is that the user has a Pedersen commitment for his address. When sending funds, two additional commitments are created (one is the address to which the change will be sent back to the user, and the other is the destination address to which the funds will be sent).
No one can know the amount sent, but one can check whether the sum of change and destination commitments (left side of Maxwell's equation) equals the sending address (right side of the equation). If equivalence is achieved, the user's transaction is valid because it can be proven that the inputs are equal to the outputs.
What can Confidential Transactions achieve?
If Private Transactions were added to Bitcoin, a much more private system could be achieved. Both inputs and outputs can be hidden from the wider network, and entries on the ledger can be hidden, but nodes can still verify those entries. With this massive increase in privacy, bitcoins may begin to be considered as equivalent because chain analysis can no longer reveal the history of a particular unit.
It is currently not possible to integrate Confidential Transactions into the protocol. With this added function, transactions become much larger compared to standard ones, which, given the limited block space, can only lead to a drop in demand. It also requires a majority of participants to approve the change of code, which has proven to be a difficult process through past examples.
Latest Ideas
Adaptations of Private Transactions are implemented in other cryptocurrencies and Bitcoin sidechains. For example, Monero uses secret transactions together with structures called public signatures to achieve anonymity and fungibility. The Liquid sidechain implements these for greater privacy, and MimbleWimble increases the scope of confidential transactions to achieve the same goals.
Confidential Transactions create a larger footprint in return for the benefits they offer. Cryptocurrencies often face scalability and efficiency issues at the base layer, and larger transaction sizes may not be appealing to everyone. However, privacy advocates believe it is crucial that transaction amounts are hidden and that cryptocurrencies can serve as truly equivalent currencies.