Confidential Transactions - Reading Assignment

It allows to check transactions with multiple outputs, without revealing the value of the transaction

1. What piece of information to Confidential Transactions obscure?

• The transaction amount.

2. What is the ‘commutative property’ and how does it relate to Confidential Transactions?

• C(BF1, data1) + C(BF2, data2) - C(BF3, data3) == 0, where:

C - commitment = SHA256 (blinding_factor || data),
BF - blinding factor.

3. What is the ‘scanning key’ and what important function does it enable?

• Also called the View key, it allows to see the balance of a wallet, but not spend.

4. What do ‘range proofs’ do and why are they necessary in Confidential Transactions?

• If I got this correctly, the problem is that if I choose a large number as blinding factor, it would behave like a negative number. This, then, would create coins out of nothing. So, we need to prove that the commitment is within some range without revealing specific figures.

5. How does Confidential Transactions affect the size of a blockchain?

• The amounts are expressed by digital floating point where digits are multiplied by a base 10 exponent. This means that a 32-bit proof can cover a range of 42.94967296 BTC with 1e-8 precision, or 429.4967296 BTC with 1e-7 precision, and so on.
• A proof for a 32-bit value is 2564 bytes, and simultaneously may convey 2048 bytes of message. So, if my message is under 2048 bytes, it won’t take any more space?

Commutative property means you can switch the order of commitments:
C1 + C2 = C2 + C1

To be honest I’m not entirely sure. But proofs increase linearly in size and one proof has a fixed length, so as long as you have a message under a certain size, the proof will have a fixed size.

Regarding the size, I read this article today:
Triptych: A New Algorithm Protecting Monero Users
"With Triptych, the size of the ring signature size grows logarithmically instead of linearly. Logarithmic growth is very slow, the best known growth pattern without having to resort to trusting someone to use then destroy randomness during set up (as was done for Zcash).
[:]
Roughly, using 63 decoys with Triptych runs 10% faster than using 10 decoys with CLSAG. "(Concise Linkable Spontaneous Anonymous Group)

As I understand, though, it is yet to be tested.

Yes, but the confidential transactions in the blog post describe a linear size increase. The blog post you shared is a new algorithm, also bulletproofs also increase logarithmically in size.

1. Keeps the amounts transferred visible only to participants in the transaction (and those they designate).
2. Commitments can be added, and the sum of a set of commitments is the same as a commitment to the sum of the data (with a blinding key set as the sum of the blinding keys):
3. By sharing the Scanning key used to establish the shared secret used by the rewindable range proofs, this approach is completely compatible with watching wallets; users can share these keys with auditors to enable them to view their transaction amounts.
4. A form of commitment validation that allows someone to verify a commitment within a range and without sharing the transaction amount
5. Increases the size of the blockchain

Confidential transactions are able to obscure the amounts of the Tx except to the sender and receiver and any other parties which may be given the shared secret used in the formula which helps to obfuscate this data. The pederson commitmments rely on the commutative property of ECC in that one change change the placement of input values in the functions of addition or multiplication within the formula without the end value changiong. This cannot be said for subtraction or division. the commutative mproperty of addition used by the formula allows for the input values to be switched around without actually changing the end result of the formula. The use of a scanning key is important because it allows for those who know it to reverse engineer the shared secret, thus allowing auditors, validators and the like to verify the data without actually knowing the transaction values. This is a key component in the ability to verify a TX without knowing its exact value. Because the exact value will fall within a specified range which is defined in the formula, if the tx amout figts in that range, the validators can use that proof as a means to verify the TX. The range proofs are essential in the fact that with these proofs, the TX can be verified without revealing the obfuscated data. One important note is that confidential transactions may bloat the blockchain due to the increased byte sizes necessary to include the secret, the proofs, and the pedersen committment. This process shrinks the number of data able to processed within a block because blocks are of a limited specific size.

1. Confidential transactions obscure the transaction amount
   2 . Commutative property allows you to change the order of factors in a sum; it is one of the properties of Pedersen commitment, the basic tool that Confidential Transactions are based on.
2. Scanning key is used to establish the shared secret used by the rewindable range proofs, it enables the possibility of “watch only wallets”.
3. 1. A range proof is a form of commitment validation that enables everyone to verify the range of value for the commitment without giving the precise information about it. It is only used with multiple confidential value outputs and they have a order of magnitude which is smaller and thus faster to verify than other alternatives. They are necessary in Confidential Transactions because they enable to keep transaction amounts secret while proving the commitment.
      5 CT affects block size by making transactions larger because they have to store additional information, which could then impact on both the blockchain’s scalability and volume of performed transactions.

1. The amount of the transaction.

2. A binary operation is commutative if changing the order of the operations does not change the result.
   Confidential transactions make use of Pedersen Commitments in order to provide confidentiality. Pedersens commitments also allow addition operations and preserve commutative property on the commitments.

3. By sharing the scanning key used to establish the shared secret used by the rewindable range proofs, this approach is completely compatible with watching wallets; users can share these keys with auditors to enable them to view their transaction amounts.

4. Ring confidential transactions is the utilization of range proofs. A range proo allows the Monero network to cryptographically prove that the amounts used in a transaction is greater than 0, and less than any given arbitrary number.

5. It increases the size of the blockchain due to the size the individual block increasing

1. What piece of information to Confidential Transactions obscure?
   The amounts transferred of the transactions, which are only visible to the ones participating in each transactions or the ones that are designated by the ones involved in the transaction.
2. What is the ‘commutative property’ and how does it relate to Confidential Transactions?
   it’s the property we have seen in school where a + b = b + a or ab =ba , but it seems that when one is talking about ECC and commitments and SHA256 functions and || operators (whatever that is), that property is actually translated to C(BF1, data1) + C(BF2, data2) == C(BF1 + BF2, data1 + data2) C(BF1, data1) - C(BF1, data1) == 0 … which actually doesn’t make any sense to me, most of all, when later on the same article one can read: C(BF1, data1) + C(BF2, data2) - C(BF3, data3) == 0 … it seems that the conmutative property in the case of commitments, hash functions and ECC means that whatever commitment you add up (or in that case subtract), is zero … the most weird property I have ever seen
3. What is the ‘scanning key’ and what important function does it enable?
   By sharing the scanning key used to establish the shared secret used by the rewindable range proofs, this approach is completely compatible with watching wallets; users can share these keys with auditors to enable them to view their transaction amounts.
4. What do ‘range proofs’ do and why are they necessary in Confidential Transactions?
   I did not understood what are range proofs… I read the article over and over and did not understood
5. How does Confidential Transactions affect the size of a blockchain?
   “Most importantly, this scheme is compatible with pruning and does not make the verification state for Bitcoin grow forever” … I guess that this means that it wouldn’t affect the size of the blockchain so much

Range proof is a form of commitment validation that allow anyone to verify that a commitment represents an amount within a specified range, without revealing anything else about its value

1.feature keeps the amounts transferred visible only to participants in the transaction (and those they designate).

2.binary operation is commutative if changing the order of the operations does not change the result.
Confidential transactions make use of Pedersen Commitments in order to provide confidentiality. adding an d mutiplying using ECC doesnt change the output though adding blinding factors.
3.scanning key enables the outsider establish sharing secret.they can be shared to be able to view according txs without compromising whole system.
4. range prrof is form of validation to verify the range of the value without revealing the exact value… so between 0 and some arbitrary number. range proofs are only required in cases where there are multiple confidential value outputs (including fees)

5. enlarge size of each CTx as storing additional value of each Tx.

1.)
The amount of Transactions

2.)
The commutative property is a rule from mathematics. If it holds,
the arguments of an operation can be swapped without changing the result.

In a Pedersen commitment, commitments can be added and the sum of a set of commitments
is the same as a commitment to the sum of the data

The commitment preserves addition and the commutative property applies.

3.)
Users can share these keys with auditors to enable them to view their transaction amounts.

4.)
Ensure ledger integrity, while preserving privacy of all transaktions whitin in a fashion.
“Range proof” permit to prove, in a zero-knowledge way, that a secret lies in a given and public interval.
Without this method, new coins could be created out of thin air by negative values in a transaction.

5.)
It would increases the size of blocks

1. CT is possible due to the cryptographic technique of additively homomorphic commitments. As a side-effect of its design, CT also enables the additional exchange of private “memo” data (such as invoice numbers or refund addresses) without any further increase in transaction size, by reclaiming most of the overhead of the CT cryptographic proofs.

2. A binary operation is commutative if changing the order of the operations does not change the result. Confidential transactions make use of Pedersen Commitments in order to provide confidentiality. Pedersens commitments also allow addition operations and preserve commutative property on the commitments.

3. “By sharing the scanning key used to establish the shared secret used by the rewindable range proofs, this approach is completely compatible with watching wallets; users can share these keys with auditors to enable them to view their transaction amounts”.

4. a range proof is a form of commitment validation that allows someone to verify that a commitment is within a certain range, without revealing anything about its value

5. increases the size of the blockchain

1. What piece of information to Confidential Transactions obscure?
   amount sent

2. What is the ‘commutative property’ and how does it relate to Confidential Transactions?
   change order of factors without changing result, it is important because ct is based on pedersen commitments which are added to the values in order to hide them

3. What is the ‘scanning key’ and what important function does it enable?
   By sharing the scanning key used to establish the shared secret used by the rewindable range proofs

4. What do ‘range proofs’ do and why are they necessary in Confidential Transactions?
   allow to verify that a commitment is within a certain range without reveal its value

5. How does Confidential Transactions affect the size of a blockchain?
   it increases it

1. Confidential Transactions obscure the amount

2. The commutative property means changing the order of operands does not change the result. Pedersen Commitment preserves addition and the commutative property, and is the basic tool that Confidential Transactions are based on

3. The scanning key is used to establish the shared secret used by the rewindable range proofs. Watching wallets can use these keys to view transaction amounts

4. Range proofs mean the proof required to prove each committed output is within a range which cannot overflow. This is important for Confidential Transactions as overflow values create coins from nothing

5. The blockchain increases in size

1.) What piece of information to Confidential Transactions obscure?
The amount of the transaction.

2.) What is the ‘commutative property’ and how does it relate to Confidential Transactions?
The commutative property states that the numbers on which we operate can be moved or swapped from their position without making any difference to the answer.

3.) What is the ‘scanning key’ and what important function does it enable?
By sharing the scanning key used to establish the shared secret used by the rewindable range proofs, this approach is completely compatible with watching wallets; users can share these keys with auditors to enable them to view their transaction amounts.

4.) What do ‘range proofs’ do and why are they necessary in Confidential Transactions?
A range proof is a form of commitment validation that allows someone to verify that a commitment is within a certain range, without revealing anything about its value.

5.) How does Confidential Transactions affect the size of a blockchain?
The size of the blockchain would increase.

1 The value of the transaction, only visible to the participants.
2 In basic arithmetic there are two commutative laws, a+b=b+a and ab=ba as we learn in the first years in elementary school 3+6=6+3 and 49=94. In CT there is also the distributive property in play a(x+y)=ax+ay or with numbers 5(3+4)=53+54. The “one-way-door” used in ECC is often described with “clock-arithmetic”. The inputs are multiplied and added just as we usually do, but then a significant part is removed by substituting a number with the residue value.
3 The scanning key enables the participants to review the transactions and by sharing the key auditors may also review the transactions.
4 Because of the “clock-arithmetic” values can be too large and overflow and such large numbers can also be misinterpreted as negative numbers. (the pMod(n) is an amazing function) Assume the range is [0…11] then any output =5 may originate from 5 or 17 or even -7. If there is a single TX it can not be negative, but the sum of two or more TXs may have negative entries (not allowed) and the Pedersen commitment is still valid, we must prevent this. We do this by proving no negatives was included.
5 CT will require more data for each proof (transaction), the increase is linear with respect to resolution.(i.e number of decimal places or the number of mantissa bits)

I am so lost on this. Is there another resource that explains it better?

None than I’m aware of unfortunately. I agree privacy is a difficult topic and is easily the most difficult course in the academy. Can you explain what particularly you are having troubles with and I’ll try to help.