At a recent presentation at the Coinbase headquarters in San Francisco, Blockstream CTO and Bitcoin Core contributor Greg Maxwell discussed the challenges of implementing privacy enhancements in Bitcoin, specifically in terms of the Confidential Transactions (CT) proposal.
In short, CT is a privacy solution for Bitcoin that blinds the amounts involved in transactions. When combined with CoinJoin, which is an attempt to disconnect the sender from a receiver in a transaction, both the amounts and participants in a bitcoin transaction can be obscured, which leaves much less data for an outside observer to collect.
While Maxwell noted that it’s already possible to implement CT on sidechains, such as Blockstream’s own Liquid sidechain for exchanges, he claimed that bringing this sort of feature to Bitcoin’s main blockchain would involve some hurdles.
Efficiency Costs of Confidential Transactions
The first key hurdle to the adoption of CT on Bitcoin mentioned by Maxwell during his recent talk had to do with the fact that CT transactions are less efficient when compared to traditional Bitcoin transactions. For example, Maxwell stated that CT transactions increase the bandwidth costs associated with transaction fifteenfold.
Having said that, Maxwell also noted there are some “cool, hacky tricks” that could be used to move these costs around the system. Specifically, Maxwell described a setup where miners would take on the responsibility of making sure a proof in a CT transaction was valid. In a situation where a user tried to cheat the system, the miner could broadcast a proof of the cheat and confiscate the coins as a reward.
“There are some tradeoffs that can possibly be done to make it so not everyone needs to verify the CT stuff and make it cheaper,” said Maxwell.
The Politics of Better Privacy in Bitcoin
According to Maxwell, another potential issue with bringing CT or any other privacy improvement to Bitcoin is that it will also come with a political battle. “Some people do not want bitcoin to gain stronger privacy for various reasons,” he said.
However, Maxwell also noted that, in his view, the existence of various privacy enhancements, privacy-focused altcoins, and sidechains will alter these arguments. “I don’t think that, if CT is a really good thing that bitcoin should be using, people are going to stand by and not use it while competing systems do, at least not forever,” he said.
Maxwell also noted that the chances of a CT deployment on Bitcoin may improve as the technology improves. For example, it would be easier to gain consensus for such a change if the increased bandwidth costs associated with CT were not as severe.
Current Designs for Bringing Confidential Transactions to Bitcoin
According to Maxwell, there are already designs available for implementing CT on Bitcoin in a backwards-compatible manner via a soft fork. Bitcoin developer Felix Weis made such a proposal on the Bitcoin development mailing list in January 2016.
However, Maxwell himself is not exactly sold on these proposals quite yet.
“Right now, they have severe limitations,” Maxwell said of the proposals to implement CT in Bitcoin via a soft fork. “In particular, if the chain reorganizes when coins have been moved out of CT back into non-CT transactions, the transactions around that reorganization won’t survive. So imagine you move some coins out of CT, you basically have to have a protocol rule that you can’t spend those coins for like a hundred blocks after they’ve been moved out of CT.”
According to Maxwell, this same limitation is found with extension blocks, which is why he hasn’t been too excited about those sorts of past proposals either.
“If it’s the only way to do it, then maybe it’s a viable way, but I’d really like to find something better,” Maxwell continued. “I haven’t yet, but there have been many things in Bitcoin that I’ve looked at and said, ‘Don’t know how to do it,’ and later it turned out that there were ways of doing it.”