< Back to all blog posts
Feb 27, 2020
Confidential Transactions keep the amount and type of assets transferred visible only to participants in the transaction (and those they choose to reveal the blinding key to), while still cryptographically guaranteeing that no more coins can be spent than are available.
This goes a step beyond the usual privacy offered by Bitcoin’s blockchain, which relies purely on pseudonymous (but public) identities. This matters, because insufficient financial privacy can have serious security and privacy implications for both commercial and personal transactions. Without adequate protection, thieves can focus their efforts on high-value targets, competitors can learn business details, and negotiating positions can be undermined.
Confidential Transactions (CTs, the general idea of which was proposed by Adam Back on BitcoinTalk in 2013) aims to make the content of a transaction private — as Greg Maxwell explains in a 2017 talk, the amounts transacted are often more valuable to spies: if you wanted to spend 500 sats on a coffee but broke up a 1 BTC UTXO to do so, the barista would now know that you owned at least 0.999995 BTC (which could be problematic for your security if coins hit new highs in dollar value).
With CTs, both the receiver’s address and the amount transferred are hidden from any observers, in such a way that only parties to the transaction (and those they share it with) are aware of the value sent/received. For this to work, a cryptographic technique known as a Pedersen commitment is used.
I’m not a cryptographer, and it would be a waste of everyone’s time for me to try to explain how they work. I’d recommend this outstanding primer by ecurrencyhodler, or Maxwell’s initial investigation. Suffice it to say, a Pedersen commitment functions similarly to a regular commitment scheme, but allows for some mathematical manipulation that enables the verification of data without it being divulged.
Why is this important? Remember that, in order to work, the Bitcoin ledger needs to be balanced (inputs need to match outputs). That’s straightforward enough when every transaction is made public and nodes can verify it. Given that the purpose of Confidential Transactions is to redact amounts from the blockchain, however, a more creative approach is needed (the Pedersen commitments, paired with a few other tools) to ensure no one’s playing central bank and secretly printing off more money.