What are Confidential Transactions?
Last Updated: 30th October 2018
Conceived by former Bitcoin developer, Adam Back, a confidential transaction (CT) is a method of increasing the privacy of a transaction by homomorphically encrypting the inputs and outputs using a blinding factor. A blinding factor is simply a string of numbers that is used to encrypt the inputs and outputs of a Bitcoin transaction.
In essence, confidential transactions allow only the two parties partaking in a transaction to be privy to the amount being transacted, outside observers are prevented from knowing this information. However, the network must also be able to determine the validity of a confidential transaction. This is achieved by ensuring that the number of inputs in the beginning of a transaction is equal to the number of outputs at the end of the transaction.
To illustrate, consider Alice and Bob initiate a confidential transaction in which Alice decides to send Bob 1 bitcoin. This transaction could have the following inputs:
- Input 1 – 0.25 BTC
- Input 2 – 0.25 BTC
- Input 3 – 0.25 BTC
- Input 4 – 0.25 BTC
Remembering that inputs are simply a reference of previous Bitcoin transactions, and assuming that there is no transaction fee, the total outputs would equal 1 BTC:
- Output 1 – 0.25 BTC
- Output 2 – 0.25 BTC
- Output 3 – 0.25 BTC
- Output 4 – 0.25 BTC
The encryption of the input and output values is what makes this example transaction confidential. Once encrypted, nobody besides the participating parties will be privy to the amount being transacted.
The Benefits of Confidential Transactions
In its current form, the Bitcoin protocol suffers from two key problems:
- Lack of anonymity
- Lack of fungibility
Lack of anonymity – Initially, Bitcoin was labelled as a truly decentralized anonymous digital currency, however, this is not the case. Because each user on the Bitcoin network is represented by a public address, their transaction history can be traced using a block explorer. If a link between a public address and a real-life user were ever to be established, other users would be able to know exactly who it was they were transacting with. At best, the Bitcoin protocol can only be described as pseudonymous.
Lack of fungibility – Fungibility simply means the ability for one unit of a good or currency to be interchangeable for another unit, e.g. the US dollar is fungible because 1 dollar can be exchanged for another one without loss of value. Conversely, because Bitcoins can be tracked through an open and accessible blockchain, if those Bitcoins were ever used for, or gained by, illicit activity, they may be labelled as “tainted”. Merchants may refuse to accept these tainted Bitcoins, and thus, they may become less valuable when compared to other Bitcoins. Exchange without loss of value is no longer possible, i.e. these Bitcoins are said to be non-fungible.
Confidential transactions solve the issue of fungibility due to the encryption of input and output values. Because the history of outputs cannot be traced, it is impossible to determine their origin, therefore, making it difficult to differentiate tainted Bitcoins from untainted ones. For the same reason, it then becomes significantly harder to track the transaction history of a particular user, even if their public address is freely available. This provides an increased level of security for those conducting confidential transactions.
The Issue With Confidential Transactions
Originally, a single confidential transaction was roughly 16x the size of a regular Bitcoin transaction. This larger size makes confidential transactions difficult to implement into a Bitcoin protocol already experiencing scaling issues. However, in an update posted by Gregory Maxwell, the size of a confidential transaction has been reduced to roughly 3x the size of a regular Bitcoin transaction.
This saving in data increases the likelihood for this technology to be implemented. The trade-off between saving space, and increased privacy and fungibility lends a stronger argument for confidential transactions to be integrated into the Bitcoin protocol. Such an integration could take the form of a soft fork.
However, consensus must first be reached as to exactly how this technology would be implemented, something that is not necessarily straightforward to achieve on the Bitcoin protocol. Difficulty in meeting the minimum threshold required for consensus may slow down, or potentially harm further development of confidential transactions.
To conclude, by encrypting the input and output values of a Bitcoin transaction, an increased level of privacy is achieved wherein only the two parties transacting are aware of the amounts being transacted.
Such a system, solves the issue of privacy (to some an extent) and fungibility inherent to the Bitcoin protocol. However, consensus on how such a technology should be implemented may be difficult to achieve, therefore, hampering its development.
Gregory Maxwell’s original paper on confidential transactions can be found here.