As developers continue to improve Bitcoin security and scalability, one area that isn’t receiving as much love is privacy. Cryptocurrency regulations have been an issue the space has been struggling with for a long time now, especially due to privacy coins like Monero, which anonymizes transactions to an observer.
The Litecoin Foundation had published a proposal to use ‘Extension Blocks’ (EB) on MimbleWimble, which is a variant of the cryptographic protocol known as ‘Confidential Transactions’ (CT), to provide opt-in privacy features. But, the real question is, could Bitcoin benefit from such a system?
According to Bitcoin expert and Blockstream Co-founder, Pieter Wuille, “it’s not that simple.”
Commenting on a thread recently posted on Reddit, Wuille explained how hiding transactions would make CoinJoin a lot more powerful, adding that Confidential Transactions fundamentally change how transactions work.
“I would personally very much like to see Confidential Transactions in Bitcoin. [However], cleartext amounts are currently expected in transactions. Without [a] hard fork, this cannot be changed.”
Additionally, he said that even if, for some reason, they were permitted, existing wallets cannot be forced to adopt them, something which could lead to the invalidation of transactions that are yet to be broadcast on the network.
“Such a change being successful probably implies Bitcoin lost some of its most valuable properties to begin with. Thus: CT (or any form of amount hiding) has to be opt-in.”
Wuille also said that opt-in doesn’t need to mean on a per-transaction basis, which EBs effectively allow for. Further, he said that using Confidential Transactions in an EB is far more efficient than trying to hack it into the existing transaction structure, adding that it’s the only practical way of introducing CT to Bitcoin.
“By having two clearly delineated sides and a need for explicit, possibly slow/expensive, operations to transfer between them, you create a world where CT is the default, and possibly even cheaper than the other side. Sure, people still have the option to use the legacy side, and for a long time they probably will due to compatibility reasons, but in the long term it probably means much better privacy than any solution with per-transaction choice for CT or not.”
That being said, Wuille also spoke about the many caveats such as how CT transactions are far more computationally expensive and larger than current transactions. Subsequently, he mentioned that CT introduces a much stronger assumption on cryptography, than what is currently available.
He also stated that CT inherently must make either allow for “privacy conditions on cryptographic assumptions” or “soundness,” due to the fundamental result in zero-knowledge proof techniques that cannot allow for both unconditional privacy and unconditional soundness. Further, Wuille said that MimbleWimble has a more invasive impact on basic data structures and is fundamentally different from the current Bitcoin blockchain.
The Blockstream Co-founder added that while both options are possible, CT with unconditional privacy and computational soundness is the most common choice.
According to Wuille, an Extension Block-based CT design could have either or both, without actually directly affecting the value of the legacy chain. However, unexpected inflation would prevent some of the coins transferred explicitly to the CT side from moving back to the legacy side. He also went on to say that this could lead to different exchange rates for coins on both sides if the public’s trust in the security for one of them were to be seriously affected.