What are confidential transactions in cryptocurrency?

When you send cryptocurrency using a public blockchain, it’s possible for anyone who’s interested to view that transaction. The wallet addresses of all parties involved, the type of cryptocurrency used, and the amount that was sent is all out in the open. It’s like publishing your bank statements so that others can see exactly who you’ve paid, and how much.

For most cryptocurrency users, this isn’t much of a concern, but there are others who would prefer to keep some of these details a secret. Using confidential transactions is one way to do that. In this AAG Academy guide, we’ll look at what confidential transactions are, how they work, and the benefits they bring.

What are confidential cryptocurrency transactions?

When a confidential cryptocurrency transaction takes place, the amount of cryptocurrency being sent and the type of asset is not publicly visible. Only the sender and receiver can see these pieces of information. That’s not typically the case with cryptocurrency transactions, most of which happen on public blockchains that allow anyone to see the details of any transaction.

Confidential transactions give those who are particularly sensitive about their privacy the ability to send and receive cryptocurrency without having to worry about it being seen. However, it is possible for wallet addresses to be seen, so confidential transactions cannot cover up the fact that two parties transacted — they can only hide the details of any transfer made.

The concept of confidential transactions was first proposed by Blockstream CEO and Hashcash co-founder Adam Back in 2013. It was later picked up and expanded upon by Bitcoin developer Gregory Maxwell, creator of CoinJoin, who recognized the need for cryptocurrency users to transact without revealing the quantity or type of asset being sent and received.

You might be interested in: Coin mixing and CoinJoins explained

How do confidential transactions work?

As we touched on above, most cryptocurrency transactions conducted on public blockchains are visible to whoever wants to see them. Under normal circumstances, it’s possible to see the sender’s wallet address, the receiver’s wallet address, and the quantity and type of asset sent. Confidential transactions use a variety of techniques to conceal some of these details.

The Confidential Transactions (CT) protocol for Bitcoin, which was first implemented in 2015, uses a combination of scriptPubKeys, the Pedersen commitment scheme, and a random Diffie-Hellman’s elliptic-curve (ECDH) code to encrypt transaction data. Here’s what role each of those things plays:

• scriptPubKey: Contains the CT address, which is a hash of a blinding key plus a regular Bitcoin address, plus a mathematical condition that ensures the output of the transaction can only be spent once its ownership is confirmed
• Pedersen commitment scheme: A hash of the output plus a blinding key
• ECDH code: A key that can be used to reveal the details of the private transaction

Now let’s look at an example of a CT to understand how all of these things come together:

1. Lucy wants to pay her friend Sarah 1 BTC using a CT, so she generates a blinding key then combines that with Sarah’s wallet address to create a hash — or a confidential address. This address is recorded in the public registry, but only Lucy (and eventually Sarah), knows that the confidential address is related to this transaction.
2. Lucy then creates a transaction to the confidential address. A Pedersen commitment is created using the same blinding key from step one and 1 BTC. This conceals the amount of BTC so that only those who hold the blinding key can see it.
3. A scriptPubKey is created using the CT address and the mathematical condition that Sarah must confirm ownership of this address with a signature.
4. The transaction is recorded in the public registry and the 1 BTC is debited from Lucy’s wallet and credited to Sarah’s.

One of the most important parts of this process is the Pedersen commitment scheme, which solves one of the biggest problems with confidential transactions. Without this, it is not possible for a blockchain network to determine whether a sender has the funds to facilitate a transaction because the network cannot see the quantity of cryptocurrency being sent.

There are other types of confidential transactions, including zero-knowledge (ZK) proofs and RingCT, and they all use similar technologies. RingCT, which is used for Monero transactions, is actually an extension of the CT protocol for Bitcoin.

What are the benefits of confidential transactions?

The biggest and most obvious benefit of confidential transactions is that they prevent key details of a transaction from appearing on a public blockchain. When a confidential transaction is carried out, although it is possible to see that two parties transacted, we cannot see the quantity or type of asset that was used. This further enhances the privacy of both parties.

How can I use confidential transactions?

Anyone can take advantage of confidential transactions by using a dedicated sidechain, such as Liquid Network, or RingCT for Monero. These make the process as simple as possible so that executing a CT is almost as easy as executing a regular cryptocurrency payment. It’s worth noting, however, that these services do charge a small transaction fee.

References:

• Confidential transactions
• An introduction to confidential transactions
• Confidential transactions how hiding transaction amounts increases bitcoin privacy
• Pedersen commitment with elliptic curves