On a typical blockchain, all participants check all transactions. This level of transparency can offer much security, as public verification ensures no single participant can cheat any of the others. But it is not great for privacy.
For bitcoin (the currency), a potential solution to improve privacy is “Confidential Transactions.” Confidential Transactions hide the amounts of bitcoin that are transacted; they are currently used in test environments and in academia.
Today, Blockstream — the well-known tech company founded by several Bitcoin Core developers — unveiled “Confidential Assets.” Where Confidential Transactions is specifically designed for bitcoin, Confidential Assets brings a similar level of privacy to any type of blockchain asset, like ownership papers, stock or fiat currency IOUs.
“With Confidential Assets, we can generate multi-asset transactions where both the amount and the asset type itself are encrypted,” Blockstream Infrastructure Tech Engineer Gregory Sanders told Bitcoin Magazine.
Confidential Assets — in itself not an entirely new concept — increases privacy in two ways.
The first part of the puzzle is indeed based on Confidential Transactions, which was first proposed by hashcash inventor and current Blockstream CEO Dr. Adam Back. This was further developed by Bitcoin Core and Blockstream developers Gregory Maxwell and Dr. Pieter Wuille, and Blockstream mathematician Andrew Poelstra, and then deployed on Blockstream’s Alpha sidechain.
With Confidential Transactions, only the sender and the receiver of a transaction know the amount that is involved in a specific transaction. A public verifier — that’s the rest of the world — knows that a transaction was made between the sender and receiver, but cannot tell how much was transacted: the amount is masked.
What’s clever about Confidential Transactions is that the amounts are masked in such a way that public verifiers can still perform certain types of math on them. More specifically, anyone can add up the amounts on the sending end of a transaction, and add up all of the amounts on the receiving end, and see if they cancel out. If they do cancel out, it means no value was created out of thin air. While public verifiers will never know how much was transacted, they do know the system wasn’t cheated; and that’s all they really care about.
The second part of the puzzle, which is new, extends a similar type of masking to the assets themselves. Instead of just bitcoins, Confidential Assets can be used for any digital, blockchain-based asset.
“While the sender and receiver would know that, say, a gold certificate was transacted, a public verifier would only know that ‘some asset’ was transacted — in ‘some amount,’” Sanders explained.
“And if multiple assets are transacted at once, the public verifier would see that multiple types of ‘some assets’ changed hands, and he can verify that no ‘some assets’ were created out of thin air. But he would still not know what was transacted exactly, or how much of each ‘some asset.’”
Confidential Assets may be deployed on two different projects relatively quickly.
For one, it can be combined with Blockstream’s existing sidechain, Liquid. This is a federated blockchain pegged to Bitcoin, where instead of miners, Bitcoin exchanges and other service providers confirm blocks. Compared to proof of work mining, this allows for instant transactions at low cost, without burdening Bitcoin’s main blockchain. Exchanges, in particular, can use this to let customers move bitcoins between accounts at different exchanges without having them wait for blockchain confirmations.
With Confidential Assets, this functionality can be extended to the fiat side of the equation, too. Rather than just bitcoins, exchanges and service providers could swap fiat currency instantly and privately, allowing their users to move U.S. dollars, euros or other currencies between accounts as well.
And second, Blockstream established a collaboration with Japanese IT company Digital Garage.
“Digital Garage is working on a loyalty points blockchain,” Sanders explained. “This means that all types of companies can issue their loyalty points, and customers can use them or trade them atomically for other assets using market makers. […] Privacy is huge here because you do not want to be showing the whole world how many points are outstanding on your books.”
Moreover, a Confidential Assets sidechain could realize a trustless, instant and private decentralized exchange.
As a simplified example, if Alice has a bitcoin but prefers a gold certificate, while Bob has a gold certificate but prefers a bitcoin, they can create a single CoinJoin transaction to realize the trade. Alice sends a bitcoin to Bob, while Bob sends a gold certificate to Alice; both only sign their end of the transaction if they agree.
This basic setup can be extended to intermediaries that act, themselves, as sort of liquidity providers or peer-to-peer exchanges.
“For the Digital Garage demo we have implemented a trustless, blinded swap of multiple assets through peers already. If we can deploy fiat currency on the blockchain, we can make similar arrangements between bitcoin and U.S. dollar, euro or yen,” Sanders said.