Confidential Assets.

Bitcoin is an online distributed ledger in which coins are distributed according to the unspent transaction output (UTXO) set, and transactions describe changes to this set. Every UTXO has associated to it an amount and signature verification key, representing the quantity that can be spent and the entity authorized to do so, respectively. Because the ledger is distributed and publicly verifiable, every UTXO (and the history of all changes) is publicly available and may be used for analysis of all users’ payment history. Although this history is not directly linked to users in any way, it exposes enough structure that even small amounts of personally identifiable information may completely break users’ privacy. Further, the ability to trace coin history creates a market for “clean” coins, harming the fungibility of the underlying asset. In this paper we describe a scheme, confidential transactions , which blinds the amounts of all UTXOs, while preserving public verifiability that no transaction creates or destroys coins. This removes a significant amount of information from the transaction graph, improving privacy and fungibility without a trusted setup or exotic cryptographic assumptions. We further extend this to confidential assets , a scheme in which a single blockchain-based ledger may track multiple asset types. We extend confidential transactions to blind not only output amounts, but also their asset type, improving the privacy and fungibility of all assets.