Stand with Ukraine and Donate here

Confidential Transactions


One of the main distinguishing features of any blockchain network is transparency. And this means that each node can store a copy of absolutely all transactions in the network. And other users can, if necessary, check this list and check for authenticity - this is called a “block explorer”. Both of these processes are responsible for the high stability of the entire network to errors and the deliberate introduction of various inconsistent changes.

However, from the point of view of the confidentiality of information - this is a big minus. The fact is that in most blockchain networks, you can trace the history of the movement of each individual token. That means, coins are non-interchangeable. And if any of them fell into the so-called "black list" - a list of illegal transactions - the network may refuse to use it. Simply put, if you have paid with coins that once appeared on this list, there is a high chance that you will not be able to use them in the future.

And this is not the only weakness of the blockchain privacy system. So, for example, you can track not only individual coins, but also users. And all because the system of aliases (public addresses) is far from ideal. There are ways to get clusters of such aliases that are much easier to bind to a specific network object.

However, there is a way to make transfers truly private - confidential transactions.

What is it?

For the first time, this new principle of transferring was discussed in 2013, when Adam Beck, Blockstream CEO, spoke for the first time about the need to improve the current level of privacy of the blockchain network somehow. His idea was picked up by Bitcoin developer Gregory Maxwell. The main goal was to solve the problems associated with interchangeability and pseudonymity. The solution was an algorithm that hides the amount of transfers from all network participants, except for those who directly carry out this transaction.

At the same time, however, remained the opportunity to verify the accuracy of the transfers made. True, in a somewhat simplified form - the received amount should not exceed the sent amount.

Specific example. If the user of the Bitcoin network Sam needs, for example, to send 0.3 Bitcoin to his mate Nick, then he proceeds as follows. He takes his 1 BTC, transfers it to some intermediate wallet, and then breaks it into 2 parts. One - 0.3 bitcoin for Nick, the second - 0.69 is returned to your own account (the transaction price is also taken into account). Third-party users can see that the amount of funds deposited is equal to the amount of funds withdrawn, but that's all that is available to them.

Encryption Methods Used

The main problem of most modern encryption methods is the inability to directly work with encrypted information. Like it was placed in a safe, and the door was closed. The safe can be moved, transferred. But change or use is impossible. Therefore, the task of programmers was to create a “digital safe”, the contents of which would remain hidden, but accessible for verification by various methods.

The solution was to use a homomorphic encryption called the Pedersen Obligation. Let's consider his work on a specific example.

Let's pretend you decided to hold a contest among your subscribers - whoever guesses your favourite cryptocurrency exchange - will receive 0.1 BTC. However, what prevents you from listening to the proposed options, and then - voicing the one that was not offered? Technically, nothing. Therefore, in order to dispel the quiz participants' doubts about their honesty, you publish an answer passed through a hash function. For example, SHA-256. And you’ll receive the following combination:


They won’t be able to decrypt the received hash back, but to check if the answer of the quiz passed through the same hash function coincides with the right one - pretty sure.

However, no one is stopping strongly interested parties from compiling a list of most known exchanges and passing them through a hashing algorithm. So by simple brute force, you can get the correct answer - EXBASE.IO.

But if you enter a more complex text, such as “my favourite cryptoexchange - EXBASE.IO”, then the hash cannot be cracked by selecting a hash.

Actually, Pedersen’s obligation is to add additional information to the user's specific address. And during the transaction, two additional obligations are created - for the recipient address and for the return address.

And automatic algorithms can determine if the input data matches the output data without understanding the essence of the encoded information.

Potential benefit

Using confidential transactions, you can achieve both high transparency and high privacy. Anyone can verify the veracity of the data, but only those who have the ability to decrypt can familiarize themselves with their contents.

The problem is that this additional encoding seriously increases the file size. And since Bitcoin already does not cope with the problem of scaling, the introduction of a protocol of confidential transactions will load the system even more. So this scenario is extremely doubtful.

Which does not interfere with other blockchains that are more suitable for transferring large amounts of information, actively implement confidential transactions. For example, the Monero blockchain uses them to achieve high anonymity and interchangeability, as well as the so-called “ring signatures”. The sidechains (blockchain add-on for a large network) Liquid and MimbleWimble do roughly the same thing.


Confidential transactions are not the only way to increase the security and anonymity of blockchain networks. But one of the simplest and most effective in practice. So those networks that have successfully solved or are solving scalability problems for themselves either actively use it or plan to implement it. Because the high confidentiality of information is the main advantage of cryptocurrencies in compare with traditional finances.