Bitcoin Forum

I've read somewhere there are some developments about confidential transaction in bitcoin.
But how exactly it will be implemented? Like in monero (hidden sender, receiver and import) or in other ways?
Confidential transactions would be certainly a useful function, i think it's one of the few altcoin's features that are really useful, but there are also some dangers about it. For example, in case of bugs like that https://en.bitcoin.it/wiki/Value_overflow_incident, it would'nt be noticed, right?
In the case of bitcoin i'd see more useful something like "decentralized mixer" (i've read some altcoin use a similar system), it would allow decent anonimity without dangers like the one shown above.

You should check out Greg Maxwell's talk on Youtube about confidential transactions.

I don't believe that would create any such value overflow problems. As a softfork this is allow transactions to be confidential, but you could still use old software with the non-confidential transactions and confidential ones would still be valid, this is done by miners agreeing that even tho according to the old protocol anyone can spend coins locked in this way, they will not accept transaction that don't offer extra proof. The bitcoins locked in these confidential transaction chains would be limited by old nodes as well that wouldn't be able to account for the extra coins, as for them they still see the same coins existing, just locked in a way that anyone can spend them.

The vulnerability you mentioned is very very old (2010) and really has nothing to do with this concept, so it is unlikely that the problem will be possible in any way if confidential transactions are implemented.

Confidential transaction is one of the most powerful new features being explored in elements which keeps the amounts transferred visible only to participants in the transaction (and those they designate), while still guaranteeing that no more coins can be spent than are available in a cryptographic way.

It also peserves security while simultaneously obscuring transaction values. The payment flow when using the Confidential Transactions elements is nearly identical to Bitcoin Core on the surface.

The benefits of confidential transactions including no new cryptographic assumptions, high performance, or trusted setup required.
 
The implementation of Confidential Transactions as it appears in elements has some important limitation(s) to be aware of, for example, a transaction output larger than the maximum will reveal the order of magnitude of the amount to observers, and will reveal additional digits at the bottom of the amount.

For more information on confidential transaction checkout this link:

https://elementsproject.org/elements/confidential-transactions/
https://people.xiph.org/~greg/confidential_values.txt
https://news.bitcoin.com/confidential-transactions-add-anonymity-bitcoin-litecoin/

At it's core Confidential Transactions use an ability known as 'Additively Homomorphic'.

this means that given a 'Additively Homomorphic' hash function H.

H(x) + H(y) = H(x+y)

Since you know that the inputs to a txn must equal the outputs (minus the fee - this is handled slightly differently) you know that the sum of the hash of the inputs equals the sum of the hash of the outputs.

It gets a little more complicated when you think about negative numbers but #gmax has come up with a range proof that ensures the answer is not negative (or not so large as to cause an overflow)

So a miner can easily check that the sum of the hashed inputs equals the sum of the hashed outputs without having any idea what the values actually are.

Once you throw in ValueShuffle, the ultimate version of CoinShuffle, the trust-less version of CoinJoin.. bingo.

IMHO .. superior to monero and zcash.. (there's no bloat, no infinitely growing set of data you can't prune, easy maths, no trusted setup.. etc)

Can't wait..  :)

Nice to see it

I'd second that. Here's the link https://www.youtube.com/watch?v=LHPYNZ8i1cU