This article is a primer to Confidential Transactions (CT) with the goal of providing a framework to understanding the technology. It is not intended to be an in-depth explanation. As such, it only highlights the key concepts involved. It also doesn’t include Ring Signatures or Bullet Proofs, which prevent accounting overflow. For a fully comprehensive study of CT, I recommend this summary by Adam Gibson.

What is CT?

A protocol that hides the amount of litecoin within a transaction as well as the receiver’s Litecoin address.

Why is it Important?

Even though Litecoin is pseudonymous, it doesn’t provide a whole lot of privacy. Due to the public nature of its blockchain, you can track Litecoin transactions and where it was previously spent through chain analysis. The pseudoanonymity of Litecoin addresses is especially weak for people who reuse them or post it on social media.

The lack of transactional privacy ultimately makes Litecoin not as fungible as it could be. For example, exchanges have been known to suddenly shut down a customer account. The reason is because the customer may have deposited litecoin with a transactional history tied to the dark market. By hiding transaction amounts, Confidential Transactions can help disrupt chain analysis and increase Litecoin’s fungibility.

How Does it Work?

Confidential Transactions work by introducing a new address and transaction format. The transaction format is composed of a scriptPubKey, Pedersen commitment, and ecdh nonce.

The scriptPubKey contains the following: The Confidential Transaction Address (CTA) and a mathematical condition that the Litecoin can be spent only if ownership of the address’ private key is proven with a signature.

The Confidential Transaction Address is the hash of a blinding key plus a regular Litecoin address.

A blinding key is used to hide the Litecoin address as well as the amount within a transaction. However, it can also be used to reveal that same information as well.

A pedersen commitment is a hash of the total Litecoin output plus the blinding key. In a regular Litecoin transaction, this is where the normal Litecoin output would go.

Finally, the ecdh nonce is the key to unlocking the whole Confidential Transaction. It is used to communicate encrypted data of the transaction to the receiver so that they can learn the transaction output amount and blinding factor.

An Example of a Confidential Transaction

Let’s pretend Alice has 2 LTC in her address wants to send Bob 1 LTC.

Alice takes Bob’s Litecoin address, creates a blinding key, and hashes the two together. This creates a Confidential Address. Although this gets recorded on the public ledger, no one knows that the CTA is tied to Bob’s LTC address except for Alice and Bob.

Here is an example of a Confidential Address: