Importance of being anonymous
Privacy, anonymity and fungibility are often cited among the problems that Bitcoin currently faces. While many laud this cryptocurrency as a decentralized form of payment in many ways more anonymous than traditional cash/electronic fiat, in reality there are certain limits to this anonymity.
It’s well known that Bitcoin’s blockchain is transparent and that transactions on it can be tracked and observed; this represents the biggest issue for people who want to stay anonymous and have their cryptocurrency remain fungible.
If you, potential Bitcoin user, want to take part in exchanging value on the blockchain, you’ll eventually have to share your address with someone (whether to send them BTC or to receive it yourself). The problem here is that the moment you do that, you are relinquishing your blockchain anonymity.
The person who you shared your address with can easily look into your blockchain history; even worse, they can share your address online and have it connected to your name publicly, further invading and eroding your privacy. This is why most describe Bitcoin protocol as pseudonymous rather than fully anonymous.
Economists cite fungibility as the property of a commodity whose individual units are essentially interchangeable, where each single unity of this commodity is equal to any other. In cryptocurrency, this simply translates into the following idea: no coin belonging to a single blockchain is different from other coins coming from that same blockchain.
In reality, not every Bitcoin is equal. Certain coins can be tracked to illegal activities and are thus rendered “tainted”. Just recently, American SEC connected two Bitcoin addresses to Iranian criminals who apparently ran a ransomware scheme which hurt over 200 people and stole millions of USD worth of BTC.
These addresses were “blacklisted” by the agency, promising legal action against anyone who is found transacting with them. Naturally, most merchants and individuals will refuse to transact with said addresses, or will require much bigger payments than they do from addresses which contain “clean”/untainted Bitcoin.
This case demonstrates how sometimes certain BTC can be less valuable (and non-fungible) when compared to other BTC. Lack of fungibility can hamper Bitcoin in its quest to become a widespread, censorship resistant medium of exchange. Bitcoin developer Greg Maxwell summed up the potential effects that insufficient financial privacy can have on the way we transact:
“Insufficient financial privacy can have serious security and privacy implications for both commercial and personal transactions. Without adequate protection, thieves and scammers can focus their efforts on known high-value targets, competitors can learn business details, and negotiating positions can be undermined. Since publishing often requires spending money, lack of privacy can chill free speech. Insufficient privacy can also result in a loss of fungibility–where some coins are treated as more acceptable than others–which would further undermine Bitcoin’s utility as money.”
Across the years, there have been many attempts to solve these issues. While everyone was aware that a solution was required, it wasn’t possible to find one that would be convenient and economical.
Anonymity/fungibility-enabling projects were around but suffered from issues with blockchain scalability; an anonymous transaction contains much more data than a traditional transparent one and the process of adding it to the blockchain is therefore much more resource-demanding.
And while many previous endeavors aiming to bring privacy to Bitcoin failed, it seems that people behind a piece of technology called confidential transactions might be onto something different.
About confidential transactions
Confidential transactions (CT) were developed from the minds of Bitcoin contributors Adam Back and Gregory Maxwell. In 2013, Back proposed that Bitcoin and related systems could use additive homomorphic commitments instead of explicit amounts in place of values in transactions for improved privacy.
Homomorphic encryption lets users hide the amounts of a transaction so that only the sender/receiver are aware of how much was actually sent. Thanks to this technology, outside observers are prevented from knowing this sensitive information.
Sender encrypts the number of Bitcoins he wants to send using what we call blinding factors or Pedersen commitments, elements that are made by combining the transacting parties’ private and public keys. The blinding factor is shared between the two parties that are transacting and no outsider has access to it.
Later on, this blinding factor can be leveraged to prove ownership of the values that were sent. The factor is ultimately used to encrypt the inputs/outputs of the transaction as well as the public/private keys of the transactors.
Using this piece of technology, full nodes can subtract the encrypted amounts on the sending side of transactions from the encrypted amounts on the receiving side of transactions. This allows said nodes/network verifiers to confirm that a homomorphically-encrypted transaction is real and no Bitcoin was created out of thin air.
This entire process is naturally much more technical; you can find a high level technical primer describing the technology behind confidential transactions in much more detail here.
You should also check out this summary made by a Medium user ecurrencyholder for more in-depth information about CT. Ultimately, if you are looking for a full-on investigation into the topic, check out this GitHub post made by Adam Gibson.
The problem/the solution
Confidential transactions initially came with some major drawbacks. Originally, a single confidential transaction ranged from 16x-60x the size of a regular Bitcoin transaction.
This is an issue, as larger transactions require the sender to pay more blockchain fees; they also force network nodes to waste more resources to store them. As such, Bitcoin blockchain simply wasn’t capable of utilizing this technology efficiently enough. Pedersen comitments are also seen as a potential vulnerability in the age of quantum computing; it is assumed that a quantum computer will be able to break through them, which would let the one who operates said quantum computer print new coins without restriction.
Significant technological advancements have been made ever since, both thanks to work that was done by Gregory Maxwell/Adam Back and to the creation of Bulletproofs. These improvements managed to make the commitment sizes smaller, shrinking CT transactions to roughly 3 times the size of a traditional transaction. As a direct result of the shrinkage, the strain that this technology puts on a blockchain has been significantly reduced.
This has led to many cryptocurrency projects starting to take notice and actively consider adding confidential transactions onto their blockchains. Litecoin’s Charlie Lee will be implementing CT in 2019 while an up-and-coming privacy-focused start-up Particl has already been running the technology on their mainnet for more than a year and a half.
Bitcoin developers seem to be a bit more cautious with the technology. The quantum computer issue is still a real problem that could come back to haunt them in the future if not addressed properly right now. Further integration with Bulletproofs as well as technologies like CoinJoin, CoinShuffle and ZeroLink is being explored as well.
Ultimately, if and when this piece of technology is implemented, the network will do so via a consensus-supported soft fork. The potential is definitely clear to see, as confidential transactions could one day grow to be a powerful privacy increasing tool on the public Bitcoin blockchain. If this happens, Bitcoin will make an important step towards fulfilling its original goal of becoming the true decentralized money of the future.