So a few days ago I came across this post where someone made Confidential Transactions on ethereum, looking at the code and post comments I had no clue what the hell was going on.

This is basically how I understood CT and what /u/ANDREWTHEPLEB has done, I’m not an expert in this so I would like for someone to correct me if I got something wrong.

What are CT?

There are a type of transaction where the amount being sent is hidden from everyone but the person you are sending to and of course yourself. So to clarify everyone can see I sent someone money but they can’t figure out how much.

What kind of magic is that?

So my first though was this is impossible without a change to ethereum because there is an explicit value field with each transaction. But looking through the code it seems Andrew has created a token (Token without an ICO crazy stuff) which has this CT properties.

So you as user would send some ether to the Token contract (people would see how much) and the token is pegged to Ether 1 on 1, so you can withdraw it back. The token contract has special transactions where when you send your CT tokens to somebody people can’t figure out how much did you send. So other users can see your deposits/withdrawals to the contract but communication inside the contract with the tokens is private (the amount is private).

How is this possible?

What I couldn’t figure out is how the balance could be kept private a standard token implementation ERC20 has something like this: mapping (address => uint) balances;

Where if you have that token it would be YourAddress :100000, now the trick here is that we don’t store the number of tokens ex. 1000 in a number format we sore it as a Pederson Commitment (NOT RELATED TO this)

Without going in to deep you can think of the Pederson Commitment (let’s call it PC) as a way to encrypt the amount you are storing but even though it’s encrypted it preserves addition and the commutative property. What that means in a human readable form is that you can add PC and subtract and find out if we’re trying to give more tokens that we own (that’s bad M’okay) but we can’t figure out what value the PC is hiding (unless we are the owners).

So in the CT Token instead of the balances mapping addreses to values, we map addresses to Pederson Commitments.

This shit get’s even more complicated as we can have overflows in our PC, so we need to introduce Ring Signatures which helps out prove that the CT is in a given range.

The contract Andrew wrote also includes ECC (Eliptic Curve Cryptography) as that is needed to construct the PC.

I’m far from a crypto expert so this is how I summed it up in my head a really good and a more detailed explanation on CT can be found here also Monero explanation