Blockstream recently announced the alpha release of their Sidechain Elements project, and one of the more interesting experiments in the release is Confidential Transactions. This is a proposal to improve privacy in bitcoin, which is not as anonymous as some users would like to think. In an introductory presentation to Sidechain Elements, Blockstream Co-Founder and Bitcoin Core Developer Greg Maxwell mentioned how he wouldn’t want to live in a bitcoin world if privacy were not improved.
The problem with bitcoin privacy right now
Bitcoin (BTC) transactions are quite public. Although no one can gain much information about a transaction by simply looking at it on the blockchain, a lot of data can be revealed by simply figuring out one of the parties involved in the transfer of bitcoins. This means that you may not be buying bitcoin completely anonymously. As Maxwell explained in his presentation of Sidechain Elements:
”Once you pay someone, they know who you are because you transacted with them. They can look at your transaction history to make a good guess at what your financial history is. You can leak this information to everyone, and they just have to attach your name to one address [to] get all of the other details. When we ask institutions about using bitcoin, even the most boring institutions look at this and say, ‘We don’t want to use all of our transactions in public.’”
In many instances, the financial privacy of the legacy banking system is preferred over bitcoin. When dealing with a centralized financial institution, one’s transaction history is at least kept private (in theory) from everyone other than the bank and the customer, as opposed to when dealing with a bitcoin exchange.
Maxwell also discussed bitcoin’s privacy issues in the context of the digital commodity’s usefulness as a money:
“And a loss of privacy loses fungibility, and that’s an inherent property of money. If each bitcoin has a history and people know how it’s used, then maybe some people won’t want some bitcoin.”
Past bitcoin privacy proposals
The privacy issues with bitcoin are well known, which is why there have been so many new privacy-enhancing proposals in the past. Some of these proposals are compatible with bitcoin as it stands today (CoinJoin, CoinSwap, offchain servers), while other, cryptographic solutions would require more serious changes to the underlying protocol (ZeroCoin, traceable ring signatures, zerocash).
Maxwell noted that the second group of possible solutions have the “greatest functionality,” but they also have the problem of breaking pruning – which is essential for scaling bitcoin. At this point, a perfect solution for bringing more privacy to bitcoin does not exist.
Many developers are focused on finding a privacy solution for bitcoin trading to make-up for the mistakes made during the development of other widely-used Internet protocols. According to Maxwell, there is a sense of regret within long-time developers who wish they put more focus into making the protocols of the Internet more secure and private. He explained:
“When I work in the IETF with other long-time developers of the protocols of the internet, there is almost a ubiquitous regret that we built an internet where encryption wasn’t a default and always on. And there was always a reason for this: it’s complex, it’s slow, it’s incompatible with stuff already deployed. This is all true. But when we look at this history, these reasons were insignificant and we should have taken the cost 10 years ago to make encryption the default. As time goes on, it becomes harder and harder to deploy pervasive encryption. And it is universally recognized as a regretful scenario. I don’t want to make the same mistake with money. I think that if bitcoin were going to displace other forms of money, we need to improve privacy.”
The Confidential Transactions element
Confidential Transactions are based on ideas expressed by Adam Back on the bitcointalk forum almost two years ago. The idea is that the transaction amounts will be private, while still allowing the public network to confirm that everything adds up correctly.
When explaining the thinking behind Confidential Transactions, Maxwell compared cryptographic privacy work in bitcoin with traditional cryptographic privacy found on the Internet:
“Most of the prior work on cryptographic privacy in bitcoin has focused on protecting the transaction graph – the flow of coins from one party to another. You can liken this to metadata to phone records or Internet traffic. And so it’s a little funny because for cryptographic privacy on the Internet we often don’t do anything about metadata. Now, metadata is important to make private, but it’s usually almost impossible to make private. So what if in bitcoin instead of protecting the metadata we protected the content.”
Maxwell also explained how avoiding address re-use can help protect even more financial data:
“What’s the content? A transaction’s content is its destination and its amounts. If you use the pseudonymous accounts and don’t reuse them, then your destinations are already private.”
In addition to making transaction amounts private, Confidential Transactions also enables the ability to add an encrypted memo to any transaction. This is often valuable for adding invoice numbers or short descriptions to transactions.
Bitcoin Core Developer Peter Wuille has also described how Confidential Transactions become even more interesting when combined with CoinJoin on Reddit:
Although there are a few other cryptographic solutions to bitcoin privacy in the works, this is one of the more practical options that doesn’t involve any “moon math.” As Blockstream’s Adam Back explained on Reddit:
“What’s new here is that this math is making no new novel crypto assumptions (assumes only the same crypto building blocks as bitcoin), and is provably secure.”
You can follow @kyletorpey on Twitter.