2.2.1 Confidential Transactions - "A Black Box"

In 2016, Greg Maxwell introduced the concept of confidential transactions, which effectively replaces the transaction amount with a cryptographic commitment that can be verified by the recipient.

Broadly speaking, we can think of Confidential Transactions as a technology similar to Bitcoin transactions. But the difference is that the amount is confidential. This means that only the sender and receiver can know the actual amount. Another important aspect of the technology is that even if you don't know the amount of the transaction at all, you can verify if the transaction is correct with a third party. These validators can see who is sending to whom and can see how many inputs and outputs are in the transaction without the amount involved. This is in great demand in financial-level real-world applications. After all, when enterprises use blockchain, they do not want everyone to know the transaction amount as a commercial secret.

Encryption is usually based on a Pedersen promise, a way of expressing a statement about a value that can be verified while hiding the value itself. A verifiable signature and an unspent amount to achieve a secure transaction can be used for confidential transactions, but there is no way for the recipient to verify that the input amount is greater than the output amount. This is where zero-knowledge proofs come to play.

Zero-knowledge proofs extend confidential transactions by allowing receivers to challenge senders to prove something specific. This technique is very effective from a privacy standpoint, but greatly increases the size of transactions and often requires a trusted setup. This is also the problem we need to resolve.

If you consider the steps of verifying a transaction, the implementation of a confidential transaction can be summarized in three steps:

● The signature is correct: the transaction comes from a valid node,

● Unspent amount: no double spending problem (double-spend),

● The sum of inputs is greater than the sum of outputs: specifically, outputs = inputs - transaction fees.

So how does this process work? We consider a transaction problem in the context of a cryptocurrency: A wants to buy a mobile phone from B, B would get 1 BTC from A, but A wants to buy it at a price of 0.1 BTC. In this case, A will create a transaction with an input of 1 BTC, a payment output of 0.1 BTC, and output for change of 0.9 BTC.

When a node in the Bitcoin network validates a transaction, it ensures that the transaction is successful 1 = 0.1 + 0.9. Note that there are transaction fees in the real world, and this formula does not include transaction fees. We can ignore it in this example to simplify the concept.

The idea of ​​Confidential Transactions is based on the realization that for good privacy, validating nodes do not have to know the specific amount, but only need to know:

In fact, there is indeed a magic-like encryption technique that can hide information like “the amount” to verify such an equation:

In cryptography, this is called a cryptographic commitment.

But this introduces a new problem, namely C(1) = C(100) + C(-99). The verification above also passes, but this actually creates 100 BTC out of thin air. Therefore, we also need to limit the bounds, or range of values, of each promise.In cryptography, this is called a cryptographic commitment.

But this introduces a new problem, namely C(1) = C(100) + C(-99). The verification above also passes, but this actually creates 100 BTC out of thin air. Therefore, we also need to limit the bounds, or range of values, of each promise.