Confidential Transactions

Originally proposed by Dr. Adam Back in 2013, in a Bitcointalk post title “bitcoins with homomorphic value.” Later implemented into a cryptographic library by Dr. Greg Maxwell (who expanded the concept) and Dr. Pieter Wuille from Blockstream.

Confidential Transactions hide amounts, substituting them for a cryptographic commitment in the form of a cryptographic hash. A commitment lets one keep a piece of data secret (the value in this case), but commit to it so that it cannot change it later. This commitment is a Pedersen Commitment, which allow to commit multiple values while preserving the addition property between them (called the homomorphic property). 

This way the network can still verify that inputs and outputs add up –and thus no coins were created– without knowing the original values. It does this without adding any new basic cryptographic assumptions to the cryptocurrency system, with a manageable level of overhead, and without breaking the "pruning" property (discarding old values from the chain).

In a 2015 Bitcoin Knowledge Podcast interview, Dr. Adam Back gave the following illustration: “[with Confidential Transactions one can be] spending a tenth of a bitcoin to the coffee shop, and all the coffee shop learns is they receive a tenth of a bitcoin, but they don't know that the input was 100BTC and they don't know that the change is 99.9BTC, but they do know the encrypted 100BTC + encrypted 99.9BTC + 0.1BTC they received balances, so that they add up, together with the miners’ small fee.”

As a side-effect of its design, Confidential Transactions also enables the additional exchange of private "memo" data (such as invoice numbers or refund addresses) without any further increase in transaction size, by reclaiming most of the overhead of the CT cryptographic proofs.

High-res logo