Monero Ring Confidential Transactions (RingCT)
Last Updated: 1st November 2018
Monero ring confidential transactions, also known as RingCT, is a privacy feature that was implemented into the Monero protocol. With ring confidential transactions, the transactional privacy of users are improved because the value of funds being transferred is obfuscated.
Prior to the implementation of ring confidential transactions, Monero required transaction amounts to be divided into denominations. For example, if Bob wanted to initiate a transaction of 12.5 monero on the blockchain, this output would be denominated into 3 separate rings of: 2, 0.5 and 10. The advantage of this technique is that it ensured that there was always an ample amount of ring members that could be found on the network, since a ring signature could only ring together outputs that were of the same value. However, the limitation of this technique is that, from the perspective of an outside party, they would be able to see the amounts that were being transacted. The implementation of the ring confidential transaction feature was specifically designed to tackle this issue.
An example transaction on the Monero blockchain:
Bob possesses 10 monero, and would liked to send 5 monero to Alice. Because an output on the Monero blockchain cannot be spent twice, Bob is required to spend the output in its entirety, and return the change to himself. Thus, Bob’s transaction would be the following: one input of 10 monero, and 2 outputs. One output that is 5 monero designated for Alice, and the other 5 monero that is sent back to Bob as change.
The objective of the ring confidential transaction privacy feature, in the transaction between Bob and Alice, is to allow only the participants of the transaction to see the amount of monero that is being transferred, and otherwise obfuscate this amount from outside parties. However, at the same time, it is also necessary that the network is able to confirm the validity of this transaction that has been initiated. In order to prove that the transaction between Bob and Alice is not fraudulent, the sum of the transaction’s input must equal the sum of its output. In this case, in the transaction between Bob and Alice, the input of 10 monero, must also equal the output of 10 monero.
Furthermore, as a result of the cryptographic properties of ring confidential transactions, Bob is required to commit to the amount of an output. Meaning that just enough information about the transaction is revealed, which allows the network to confirm the validity of the transaction. Another crucial element of ring confidential transactions is the utilization of range proofs. A range proof allows the Monero network to cryptographically prove that the amounts used in a transaction is greater than 0, and less than any given arbitrary number. Monero makes use of range proofs to prevent senders, for example Bob, from committing to transactions of a negative value, which allows the network to secure the supply of Monero in circulation.