Confidential Assets

  • Andrew PoelstraEmail author
  • Adam Back
  • Mark Friedenbach
  • Gregory Maxwell
  • Pieter Wuille
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 10958)


Bitcoin is an online distributed ledger in which coins are distributed according to the unspent transaction output (UTXO) set, and transactions describe changes to this set. Every UTXO has associated to it an amount and signature verification key, representing the quantity that can be spent and the entity authorized to do so, respectively.

Because the ledger is distributed and publicly verifiable, every UTXO (and the history of all changes) is publicly available and may be used for analysis of all users’ payment history. Although this history is not directly linked to users in any way, it exposes enough structure that even small amounts of personally identifiable information may completely break users’ privacy. Further, the ability to trace coin history creates a market for “clean” coins, harming the fungibility of the underlying asset.

In this paper we describe a scheme, confidential transactions, which blinds the amounts of all UTXOs, while preserving public verifiability that no transaction creates or destroys coins. This removes a significant amount of information from the transaction graph, improving privacy and fungibility without a trusted setup or exotic cryptographic assumptions.

We further extend this to confidential assets, a scheme in which a single blockchain-based ledger may track multiple asset types. We extend confidential transactions to blind not only output amounts, but also their asset type, improving the privacy and fungibility of all assets.



We thank Ben Gorlick for his input on the practical requirements of a confidential assets-based system, and his technical review, and feedback on the systems design.


  1. 1.
    Abe, M., Ohkubo, M., Suzuki, K.: 1-out-of-n signatures from a variety of keys. In: Zheng, Y. (ed.) ASIACRYPT 2002. LNCS, vol. 2501, pp. 415–432. Springer, Heidelberg (2002). Scholar
  2. 2.
    Back, A.: Announcing sidechain elements: open source code and developer sidechains for advancing bitcoin. Blockstream blog post (2015).
  3. 3.
    Ben-Sasson, E., Chiesa, A., Genkin, D., Tromer, E., Virza, M.: SNARKs for C: verifying program executions succinctly and in zero knowledge. Cryptology ePrint Archive, Report 2013/507 (2013).
  4. 4.
    Cabarcas, D., Demirel, D., Göpfert, F., Lancrenon, J., Wunderer, T.: An unconditionally hiding and long-term binding post-quantum commitment scheme. Cryptology ePrint Archive, Report 2015/628 (2015).
  5. 5.
    Camenisch, J., Chaabouni, R., Shelat, A.: Efficient protocols for set membership and range proofs. In: Pieprzyk, J. (ed.) ASIACRYPT 2008. LNCS, vol. 5350, pp. 234–252. Springer, Heidelberg (2008). Scholar
  6. 6.
    Chaabouni, R., Lipmaa, H., Zhang, B.: A non-interactive range proof with constant communication. In: Keromytis, A.D. (ed.) FC 2012. LNCS, vol. 7397, pp. 179–199. Springer, Heidelberg (2012). Scholar
  7. 7.
    Fouque, P.-A., Tibouchi, M.: Indifferentiable hashing to Barreto–Naehrig curves. In: Hevia, A., Neven, G. (eds.) LATINCRYPT 2012. LNCS, vol. 7533, pp. 1–17. Springer, Heidelberg (2012). Scholar
  8. 8.
    Friedenbach, M., Timón, J.: Freimarkets: extending bitcoin protocol with user-specified bearer instruments, peer-to-peer exchange, off-chain accounting, auctions, derivatives and transitive transactions (2013).
  9. 9.
    Grigg, I.: The ricardian contract. In: First IEEE International Workshop on Electronic Contracting. IEEE (2004)Google Scholar
  10. 10.
    Hearn, M.: Merge avoidance: privacy enhancing techniques in the bitcoin protocol (2013).
  11. 11.
  12. 12.
    jl2012: OP\(\_\)CHECKCOLORVERIFY: soft-fork for native color coin support. BitcoinTalk post (2013).
  13. 13.
    Maxwell, G.: CoinJoin: bitcoin privacy for the real world. BitcoinTalk post (2013).
  14. 14.
    Maxwell, G.: Confidential transactions. Plain text (2015).
  15. 15.
    Maxwell, G., Poelstra, A.: Borromean Ring Signatures (2015).
  16. 16.
    Nakamoto, S.: Bitcoin: a peer-to-peer electronic cash system (2009).
  17. 17.
    Pedersen, T.P.: Non-interactive and information-theoretic secure verifiable secret sharing. In: Feigenbaum, J. (ed.) CRYPTO 1991. LNCS, vol. 576, pp. 129–140. Springer, Heidelberg (1992). Scholar
  18. 18.
    Project Ethereum: Create your own crypto-currency with Ethereum (2016). Accessed 31 Oct 2016
  19. 19.
    Schoenmakers, B.: Interval proofs revisited. In: Slides Presented at International Workshop on Frontiers in Electronic Elections (2005)Google Scholar
  20. 20.
    Southurst, J.: Blockchain’s sharedcoin users can be identified, says security expert (2014).
  21. 21.
    Wilcox-O’Hearn, Z.: Zcash begins. ZCash Blog Post (2016). Accessed 31 Oct 2016
  22. 22.
    Wood, G.: Ethereum: a secure decentralised generalised transaction ledger (2014).

Copyright information

© International Financial Cryptography Association 2019

Authors and Affiliations

  • Andrew Poelstra
    • 1
    Email author
  • Adam Back
    • 1
  • Mark Friedenbach
    • 1
  • Gregory Maxwell
    • 1
  • Pieter Wuille
    • 1
  1. 1.BlockstreamMountain ViewUSA

Personalised recommendations