[bitcoin-dev] Create a BIP to implement Confidential Transactions in Bitcoin Core

SomberNight somber.night at protonmail.com
Fri Dec 28 21:41:51 UTC 2018

Hi Kenshiro,

That is not how the BIP process works. Instead of requesting the creation
of a BIP, you just create one. :)

Re CT in Bitcoin, I have my doubts whether you can get consensus for that.
>From section 4.6 of the Bulletproofs paper [0]:

"Bulletproofs ... are computationally binding. An adversary that could
break the discrete logarithm assumption could generate acceptable range
proofs for a value outside the correct range. ... An adversary that can
break the binding property of the commitment scheme or the soundness of
the proof system can generate coins out of thin air and thus create
uncontrolled but undetectable inflation rendering the currency useless"

I don't have the domain knowledge to debate whether quantum computers will
ever exist but AFAICT their emergence would easily kill a currency that
uses these kind of range proofs for confidential transactions.

[0]: https://eprint.iacr.org/2017/1066.pdf

> From: "Kenshiro []" tensiam at hotmail.com
> Hi,
> I think Confidential Transactions (CT) are a great idea to provide enough privacy for normal users (hidden amounts) and fungibility.
> I would like to request the creation of a BIP to implement CT in Bitcoin Core. I read that CT are already implemented in Grin and Monero so it looks that CT are enough mature to be implemented in Bitcoin.
> If the CT transaction size is 3x the size of a normal transaction the block size could be increased by 3x too, or just keep the current block size and make CT transactions optional.
> Thank you!

More information about the bitcoin-dev mailing list