Bitcoin Core Closer On Confidential Transactions

11/14/2017 - 17:59 UTC
Bitcoin Core Closer On Confidential Transactions

Bitcoin Core's developer Greg Maxwell shared an update about the Confidential Transactions progress on the reference Bitcoin client, hinting that said transactions could be shrunk to ~3x of normal transaction size.

Confidential Transactions are a way to improve bitcoin transaction privacy. Instead of values in transactions, they use additive homomorphic commitments, as proposed by Adam Back in 2013. This approach makes private only the transaction amounts; only the sender and the receiver know the exact amount transacted. Combined with pseudonymous addresses, they represent an excellent privacy improvement. 

Read more: An Informal Overview Of How Confidential Transactions Would Work in Bitcoin

Note, however, that Monero (another altcoin) supports already fully confidential transactions. In Monero,  a pseudo-random method of generating several possible paths is used for each transaction without attached wallet, volume, receiver information. This essentially allows a wallet to contain coins and transact them to other parties without any tracking.

Now Bitcoin seems ready to introduce its version of Confidential Transactions. Maxwell had taken Adam Back's suggestion and invented some new optimizations, creating a high-performance implementation.  With these optimizations the transaction size was reduced to 128 bytes per two bits plus 32 bytes; about 40% of the prior size.  But that was not enough: "This is still a 20x increase in transaction size under typical usage", Maxwell wrote mentioning also that on a recent publication on confidential assets, they managed to reduce the size to "96*log3(2)*bits + 32, which still leaves us at ~16x size for typical usage".

The new update sent by Maxwell on the issue says that  Benedikt Bünz at Standford was able to optimize further the inner product "to achieve an aggregate range proof for CT with size 64 * (log2(bits *num_outputs)) + 288, which is ~736 bytes for the 64-bit 2-output case." Essentially, this limits the confidential transaction bloat to ~3x of current normal transactions. And Maxwell believes that by using multi-input multi-output CoinJoin transactions this bloat can be arbitrarily small.

The ever-twitter-present Litecoin's Charlie Lee tweeted that he is looking to adding this to Litecoin when it is ready

Disclaimer: This article should not be taken as, and is not intended to provide, investment advice on Bitcoin, Cryptocurrencies or finance in general.