Confidential Transactions - Reading Assignment

Read YET ANOTHER Bitcointalk post by the legendary gmaxwell, this time on his description of the ‘Confidential Transactions’ as implemented in the experimental ‘Elements’ blockchain. Answer the questions and post your answers below:

https://bitcointalk.org/index.php?topic=1085273.0

  1. What piece of information to Confidential Transactions obscure?
  2. What is the ‘commutative property’ and how does it relate to Confidential Transactions?
  3. What is the ‘scanning key’ and what important function does it enable?
  4. What do ‘range proofs’ do and why are they necessary in Confidential Transactions?
  5. How does Confidential Transactions affect the size of a blockchain?
  1. It manages to keep the transactions amounts visible only to participants in the transaction. It does this thanks to ADC (additively homomorphic commitments), a cryptographic technique.
  2. In mathematics, a binary operation is commutative if changing the order of the operands does not change the result. It impacts on Confidential Transactions because they work basing on Pedersen commitment, which enables to keep pieces of data secret but committing to it so that it is not possible to change it later. Thanks to the commutative property, even after commitments are added to each other, the sum of a set of commitments is the same as a commitment to the sum of the data. This allows to mix them without changing the commitment of every party that committed to each unique commitment.
  3. The scanning key is used to establish the shared secret used by the rewindable range proof, so that users can share these keys with other parties to enable them to view transaction amounts without making the entire system invalid.
  4. A range proof is a form of commitment validation that enables everyone to verify the range of value for the commitment without giving the precise information about it. It is only used with multiple confidential value outputs and they have a order of magnitude which is smaller and thus faster to verify than other alternatives. They are necessary in Confidential Transactions because they enable to keep transaction amounts secret while proving the commitment.
  5. They make transactions larger because they have to store additional information, which could then impact on both the blockchain’s scalability and volume of performed transactions.
5 Likes
  1. CT is possible due to the cryptographic technique of additively homomorphic commitments. As a side-effect of its design, CT also enables the additional exchange of private “memo” data (such as invoice numbers or refund addresses) without any further increase in transaction size, by reclaiming most of the overhead of the CT cryptographic proofs.

2.A binary operation is commutative if changing the order of the operations does not change the result.
Confidential transactions make use of Pedersen Commitments in order to provide confidentiality. Pedersens commitments also allow addition operations and preserve commutative property on the commitments.

3.By sharing the scanning key used to establish the shared secret used by the rewindable range proofs, this approach is completely compatible with watching wallets; users can share these keys with auditors to enable them to view their transaction amounts.

  1. Ring confidential transactions is the utilization of range proofs . A range proof allows the Monero network to cryptographically prove that the amounts used in a transaction is greater than 0, and less than any given arbitrary number

  2. A Confidential Transaction is about 20 times bigger than a normal transaction , while it even increases computation thirtyfold.

1 Like
  1. The amounts of the transfer
  2. In mathematics, a binary operation is commutative if changing the order of the operands does not change the result (wikipedia). Applying the Pedersen Commitment, it is possible to add operations but at the same time preseve the commutative character of the operation.
  3. “By sharing the scanning key used to establish the shared secret used by the rewindable range proofs, this approach is completely compatible with watching wallets; users can share these keys with auditors to enable them to view their transaction amounts”.
  4. Basically, range proofs are a form of commitment validation that allow anyone to verify that a commitment represents an amount within a specified range , without revealing anything else about its value (known as the secret value (blockonomi.com).
  5. I haven’t found any statement in the post (probably I overlooked it) but I would assume that due to additional information and encryption the blocksize increases.
1 Like
1. What piece of information to Confidential Transactions obscure?

Transaction Amounts

  1. What is the ‘commutative property’ and how does it relate to Confidential Transactions?
    If you tell someone only the commitment then they cannot determine what data you are committing to (given certain assumptions about the properties of the hash), but you can later reveal both the data and the blinding factor and they can run the hash and verify that the data you committed to matches. The blinding factor is present because without one, someone could try guessing at the data; if your data is small and simple, it might be easy to just guess it and compare the guess to the commitment.

    1. What is the ‘scanning key’ and what important function does it enable?
      By sharing the scanning key used to establish the shared secret used by the rewindable range proofs, this approach is completely compatible with watching wallets; users can share these keys with auditors to enable them to view their transaction amounts.

    2. What do ‘range proofs’ do and why are they necessary in Confidential Transactions?
      In order to prevent this, when there are multiple outputs we must prove that each committed output is within a range which cannot overflow

    3. How does Confidential Transactions affect the size of a blockchain?
      It increases the size of the blockchain due to the size the individual block increasing

1 Like
  1. What piece of information to Confidential Transactions obscure?
    Transaction amounts.

  2. What is the ‘commutative property’ and how does it relate to Confidential Transactions?
    Allows you to change the order of factors in a sum; it is one of the properties of “Pedersen commitment”, the basic tool that CT are based on.

  3. What is the ‘scanning key’ and what important function does it enable?
    It is used to stablish the shared secret used by the rewindable range proofs, it enables the possibility of “watch only wallets”.

  4. What do ‘range proofs’ do and why are they necessary in Confidential Transactions?
    Control that in transactions with multiple outputs each committed output is within a range a cannot overflow.
    They are neccesarsy to avoid values “overflow” and behave like negative, creating new coins from nothing.

  5. How does Confidential Transactions affect the size of a blockchain?
    Increases, because we replace 8-byte integer amounts in Bitcoin transactions with 33-byte Pedersen commitments…but is compatible with pruning, that allows to reduce the size of the blockchain.

2 Likes
  • What piece of information to Confidential Transactions obscure?
    the amount of the Tx.

What is the ‘commutative property’ and how does it relate to Confidential Transactions?
Is a mathematical property that assert that switching the order of the operands the result doesn’t change. is also a property of Pedersen commitments, used to create CT.

  • What is the ‘scanning key’ and what important function does it enable?
    is used to establish the shared secret, can be communicated to auditors to let them look(only view) at the Tx.

  • What do ‘range proofs’ do and why are they necessary in Confidential Transactions?
    they proof that each individual Tx is included in a range that cant be surpassed, so to not to create overflow values that effectively would create non existent value.

  • How does Confidential Transactions affect the size of a blockchain?
    the blockchain size with CT grow because Pedersen’s are bigger byte weight than tx integers.

2 Likes
  1. Transaction amounts.
  2. Allows you to change the order of factors in a sum; it is one of the properties of Pedersen commitment, the basic tool that Confidential Transactions are based on.
  3. It is used to establish the shared secret used by the rewindable range proofs, it enables the possibility of “watch only wallets”.
  4. Control that in transactions with multiple outputs each committed output is within a range a cannot overflow.
    They are neccesarsy to avoid values “overflow” and behave like negative, creating new coins from nothing.
  5. It increases the size of the blockchain due to the size the individual block increasing
1 Like
  1. it obscures the amount of the transactions
    2.it is the property that says that changing the order of the operands does not change the result… CT use Pederson commitements to provide confidentiality. we can mix various commitments together and still get the same sum (commutative property) as the sum of each data entry, this allows to mix the order of the data entry, without changing the value of previous commitements.
    3.By sharing the scanning key used to establish the shared secret used by the rewindable range proofs, this approach is completely compatible with watching wallets; users can share these keys with auditors to enable them to view their transaction amounts.
    4 a range proof is a form of commitement validation that alows someone to verfiy that a commitment is within a certain range, without revealing anything about its value
    5.it increases the size of the size of the blockchain
1 Like
  1. The amounts transferred which are visible only to participants in the transaction (and those they designate).
  2. It allows to change the factors’ order in a sum. It is one of the properties of Pedersen commitment, the basic tool that commutative property is based on.
  3. The scanning key is used to establish the shared secret used by the rewindable range proof, so that users can share these keys with other parties to enable them to view transaction amounts without making the entire system invalid.
  4. A range proof is a form of commitement validation that allows someone to verify that a commitment is within a certain range, without revealing anything about its value.
  5. By increasing the blockchain’s size due to the size the individual block which are increasing, as they have to store more data.
1 Like
  1. What piece of information to Confidential Transactions obscure?
    The transaction amounts

  2. What is the ‘commutative property’ and how does it relate to Confidential Transactions?
    Allows you to change the order of factors in a sum; it is one of the properties of Pedersen commitment, the basic tool that Confidential Transactions are based on

  3. What is the ‘scanning key’ and what important function does it enable?
    Scanning key is used to establish the shared secret used by the rewindable range proofs; users can share these keys with auditors to enable them to view their transaction amounts.

  4. What do ‘range proofs’ do and why are they necessary in Confidential Transactions?
    Control that in transactions with multiple outputs each committed output is within a range a cannot overflow.
    They are neccesarsy to avoid values “overflow” and behave like negative, creating new coins from nothing.

  5. How does Confidential Transactions affect the size of a blockchain?
    Blockchain increase.

1 Like
  1. It hides the amounts transferred
  2. It means then the sum of a set of commitments is the same as a commitment to the sum of the data. It is used to verify the sum of commitment without knowing the blinding factor.
  3. Scanning key allows to see amounts of transactions, for example for auditors.
  4. Range proofs are needed in case of multiple confidential outputs. They are used to prove the commitment is within a range without disclosing details.
  5. Proof for a 32-bit value is 2564 bytes, but it can contain a 2kb message.

Actually this topic is very complicated, I would highly appreciate a detailed video on that.

1 Like

I have more videos about Confidential Transactions and Pedersen commitments in Unit 4, lots more detail there.

This is good too if you want to go deep: https://www.youtube.com/watch?v=UySc4jxbqi4&t=3304s

1 Like
  1. What piece of information to Confidential Transactions obscure?
    Confidential Transaction can obscure any data like transaction of amount.

  2. What is the ‘commutative property’ and how does it relate to Confidential Transactions?
    The sum of commitments is equal to the commitment of the sum of the data. This property allows the network to validate that in a transaction the sum of inputs equals the sum of outputs without knowing the individual amounts.

  3. What is the ‘scanning key’ and what important function does it enable?
    By sharing the scanning key used to establish the shared secret used by the rewindable range proofs, this approach is completely compatible with watching wallets; users can share these keys with auditors to enable them to view their transaction amounts.

  4. What do ‘range proofs’ do and why are they necessary in Confidential Transactions?
    A range proof validates that a commit output like the amount of transaction is within a range, e.g.
    [0, 2^64). The commitments add up to zero mod P, so it actually proves that the sum of inputs - outputs is zero mod P and not necessarily zero, so range proofs for transaction amounts are needed, so inputs and outputs balance.

  5. How does Confidential Transactions affect the size of a blockchain?
    Proof for a 32-bit value is 2564 bytes. 8 byte integer Bitcoin amounts are replaced by 33 byte Pedersen commitments. Overall, the transaction data becomes larger.

1 Like

Thank you @Grant_Hawkins,
That is a very good video. It motivated me to learn cryptography basics in order to understand anything. :+1:

2 Likes
  1. What piece of information to Confidential Transactions obscure?

    • The transferred amount
  2. What is the ‘commutative property’ and how does it relate to Confidential Transactions?

    • It allows to change the factors’ order in a sum. It is one of the properties of Pedersen commitment, the basic tool that commutative property is based on.
  3. What is the ‘scanning key’ and what important function does it enable?

    • By sharing the scanning key used to establish the shared secret used by the rewindable range proofs, this approach is completely compatible with watching wallets; users can share these keys with auditors to enable them to view their transaction amounts.
  4. What do ‘range proofs’ do and why are they necessary in Confidential Transactions?

    • They prove the commitment without disclosing the transaction amount.
  5. How does Confidential Transactions affect the size of a blockchain?

    • They inflate it as the transactions store additional information that obscures the transaction that it is really about.
1 Like
  1. Transaction amounts
  2. Binary operation is commutative,changing the order of operatives does not change the results.It is a property of Pedersen commitments,used to create CT.
  3. It is used to create a shared secret. This can be shared when needed for others to view the transaction amounts{read only}.
  4. Form of commitment validation and allows someone to verify that a commitment is within range without sharing transaction amounts.
  5. Increases the size of the blockchain due to the size of an individual block increases.
    .
1 Like

1- Confidential transactions keep the amounts transferred visible only to participants in the transaction and those they designate.

2- It allows to change the factors’ order in a sum. It is one of the properties of Pedersen commitment, the basic tool that commutative property is based on.

3- Scanning key allows auditors for example, to see amounts of transactions.

4- ‘Range proofs’ are forms of commitement validation that allow someone to verify that a commitment is within a certain range, without sharing details about its value.

5- Confidential transactions increase the size of the block and consequently the size of the blockchain.

1 Like

Cheers @roman glad to hear it!

  1. the value amounts
  2. ‘commutative property’ is: [A operator B] = [B operator A] , Arithmetic “Addition” using “operator= +” have “commutative” property, and a “Pedersen commitment” preserves both “addition” and “commutative” properties, so that
    C(A)+C(B) = C(A+B)
    C(B)+C(A) = C(A+B)
    C(A)+C(B) = C(B+A)
    C(B)+C(A) = C(B+A)
    C(A+B) = C(B+A)
    “You can verify just using the commutative property of addition that all the relationships given for an additively homomorphic commitment scheme hold.”
    and “The basic tool that CT is based on is a Pedersen commitment.”
  3. “the scanning key used to establish the shared secret used by the rewindable range proofs”
    Will enable “users can share these keys with auditors to enable them to view their transaction amounts”, example for accountants or tax auditors.
  4. ‘range proofs’ are required to check all the multiple outputs and fees are positive values and that no new coins are created using negative output, so output values can be proved as zero or positive
  5. Each Confidential Transaction would require an additional more than 2KB just to include the ‘range profs’: “The result is that a proof for a 32-bit value is 2564 bytes, and simultaneously may convey 2048 bytes of message.”
    and each 8 byte integer Bitcoin amounts replaced by 33 byte Pedersen commitments.
    So overall either blockchain would need to increase the size of the block or just process even less transactions per block. So the Bitcoin blockchain size could be the “same” just that the Transactions per block performance would be heavily reduced.
1 Like