When Blockstream assembled the open source Elements blockchain platform, Confidential Transactions quickly stole the show. Confidential Transactions is a way to encrypt the amount in a Bitcoin transaction while still making it publicly verifiable that the transaction balances; the total output amounts sum to the total input amounts.
When it was first proposed, the expectation was that it would prove popular with Bitcoin users, but what was surprising at that time was the amount of interest from Wall Street. Adam Back, CEO of Blockstream, says when the team first started out it wasn't clear that banks and financial institutions would be interested in blockchains at all.
He said: "It was actually a positive surprise to us maybe a year in, that banks were starting to invest a lot in R&D labs, trials and pilots. So it's been the blockchain world progressing faster than the internet time really.
"And also Confidential Transactions (CT) technology is something that other technology companies in the ecosystem have adopted – I think we started a trend."
There are two forms in which CT can be used: one where it's integrated with blockchain, and the other is as a library that implements it. "It's actually possible for people to use a Confidential Transactions library and integrate it into a database, even a conventional accounting system," said Back. "There are lots of possible uses for it. At base it's a technology for having an encrypted ledger that you can check the consistency of without necessarily being able see all the transactions' values."
Members of the Blockstream team were speaking at Consensus 2017, where much headline-grabbing news was about another privacy technology currently in vogue: Zcash.
Blockstream Chief Strategy Officer, Samson Mow, a man not known for mincing his words, said: "Zcash is an inferior technology compared to CT. It's based on a trusted set-up; so you have to trust that when they did the set-up, everyone was acting honestly and no one was compromised. Also, due to the time it takes to sign a shielded transaction, very few transactions are really private."
Adam Back said the limitation Zcash has had is that it's very expensive computationally and takes a lot of CPU time to do on the actual network. "I think 90% of the transactions are not using the shielded transactions feature, they are just exposed and normal transactions because in practice it was too expensive," he said.
Taking a step back here, it's worth noting that all these guys are brilliant cryptographers and that integrating this technology into blockchain networks, whether based on zero-knowledge proofs or homomorphic encryption, is exploratory. A point being made by Back and company is that CT is based on cryptographic assumptions and methods, such as elliptic curve cryptography, that have been around for decades and can therefore be relied upon.
Back said: "I think the SNARK concept is very interesting academically and I'm pleased that they are doing it. However, the cryptographic assumptions they are using are very new and not well tested yet. Normally with cryptography, something will be invented and it won't see use for maybe a decade, sometimes 20 years. The things we are doing with CT are all based on the same very old assumptions about discrete log and elliptic curve cryptography, which are all 30 years old or more. We are not making any new assumptions; we are just combining them in clever and efficient ways."
Blockstream points out that putting things into production on public, open blockchains is different from doing things behind a firewall, where security assurances are not the same. "I think that's the distinction between public blockchains and private blockchains," said Back. "One way to look at it is that on a private blockchain they don't feel the technology is robust enough to connect to the internet.
"Unfortunately by doing it behind a firewall you don't get some of the value, which is for the end users and the asset owners to be able to get the assurances and verify the transactions.
"There is some value because you can collaborate between a couple of companies and you can look at each other's accounts with some privacy, so that's a form of innovation. But I think it's a stronger value if the public can also look at it, and not just your own auditor"
Blockstream has also extended CT to create Confidential Assets, which allows users to put multiple assets on the same blockchain, hiding not only the amount of each of them but also what kind of asset it is. The technology supports an indefinite number of assets. A demonstration showed how users can hold the private keys for assets on a hardware wallet device.
Regarding the creation of Confidential Assets, Blockstream mathematician Andrew Poelstra said: "This turned out to be technically a simple change to CT. Again, there are no new cryptographic assumptions; it's a little bit slower to verify (CTs are around a millisecond to produce and verify) because there is an extra proof, but it's still the same order of magnitude.
"It amplifies the privacy benefits that the CT had and it also enables these new use cases you can have like tokenised fiat moving around alongside like pegged bitcoin or some native asset or issued assets."