On chain privacy- How bitcoin plans on adding privacy/fungibility

If you have not read my starter post on how bitcoin plan on finally adding privacy , please read it now. 

https://steemit.com/bitcoin/@sames/how-bitcoin-plans-on-adding-privacy-fungibility

I broke down the post in 3 main parts.  

On chain privacy, Offchain privacy using LN, bitcoin privacy using sidechains 

Now here is my post on onchain privacy on the bitcoin network aka what is being added to the bitcoin main net. 

But here the thing the "on chain" privacy tech I will be writing about is in the boardline of onchain/offchain.
I consider the tech more onchain bc it has to be introduced as another soft fork and does not use the LN.

Confidential Transactions:

 Confidential Transactions combine and utilize several cryptographic tricks, most notably Borromean ring signatures and Pedersen commitment schemes. 

In confidential transactions   only the sender and the receiver of a transaction are aware of the amount transacted.   All inputs of those transaction can be added up, all outputs can be added up, and the two sums can be compared to ensure they’re equal ‒ all while never revealing any of the masked amounts, nor the sums. As such, nodes can verify that no bitcoins were created out of thin air, without knowing how many bitcoins were actually sent.

Miner fees are still visible so that  miners can't award themselves too many fees. :)

Confidential Transactions would be more or less compatible with the current Bitcoin-protocol. The solution can be rolled out as a soft fork   

 If a Confidential Transaction is made from the anyone-can-spend address, both old nodes and new nodes see that transaction. 

New nodes would recognize the transaction as a Confidential Transaction, and, for example, check that there are no bitcoins created from thin air. New nodes would see new transactions, and know that some amount of bitcoin is probably moved from address to address – though they'd have no idea how many. :)

 Old nodes, meanwhile, would be tricked into thinking it's a zero-bitcoin transaction: they would believe no bitcoins left the anyone-can-spend address at all.This logic holds for each subsequent transaction. Old nodes see “zero-bitcoin transactions,” and believe all the bitcoins are still sitting in the anyone-can-spend address. (Old nodes might wonder why people are sending empty transactions to each other. But again, they wouldn't mind.) 

Bitcoins received through a Confidential Transaction can initially be spent only as a Confidential Transaction. They are “locked up” in the anyone-can-spend address for now, and cannot visibly move over the Bitcoin blockchain at all. 

 So you see now why it may be considered off chain and confidential transaction requires segwit. So no bitcoin cash would not/could use confidential transactions. 

 In order to be able to spend these bitcoins in a normal transaction again, they must first “pass through” the original anyone-can-spend address. 

The receiver of a Confidential Transaction would have to send them back to the anyone-can-spend address, and from there start moving the coins in clear sight on the blockchain again. New nodes would check that not too many coins are being moved, while old nodes would simply assume the coins are moving for the first time since they were “locked up.” 

A Con to confidential transactions is how heavy it is vs normal bitcoin transactions.

Confidential Transactions can be brought down to only three times the size of a normal Bitcoin transaction.  
Ouch....Bitcoin is having trouble already with current transactions now transaction 3x than now.   That is where bullet proof come in which is talked about later on in this post. 

Another Con to confidential transactions is that it only hides amount used. 

 If Alice sends an unknown amount of bitcoins to Bob, and Bob subsequently sends 5 bitcoins to Carol and 2 to himself as change, it obviously means Alice sent 7 bitcoins to Bob.  

This is where a version of coinjoin comes in. 

 With the amounts involved in Bitcoin transactions masked, the only lingering problem is breaking the link between a sender and a recipient in a trustless manner. This is what ValueShuffle, an improved version of CoinJoin, intends to achieve. 

As "CoinJoin" obfuscates which addresses sent bitcoins to which addresses, Confidential Transactions obfuscates the amounts, to break all links. With ValueShuffle, all this can be done without requiring a trusted party to merge the different transactions into one.

Basically Valueshuffle is just an better version of coinjoin that is compatible with confidential transactions and saves fees by batching the transactions ie: merge the different transactions into one.

Segwit and schoor signatures would make the batched transaction even cheaper(talked about in stater post) 

Sources: 

https://bitcoinmagazine.com/articles/confidential-transactions-how-hiding-transaction-amounts-increases-bitcoin-privacy-1464892525/

https://bitcoinmagazine.com/articles/valueshuffle-brings-together-the-best-of-both-worlds-for-privacy-1483557170/

https://coinjournal.net/path-towards-better-privacy-bitcoin-becomes-clearer-will-still-take-time/

Bullet proof 

This is a type of proof that would scale bitcoin transaction aka scale confidential transactions.

  “At the time of writing, Bitcoin has roughly 50 million UTXOs from 22 million transactions. Using a 52-bit representation of bitcoin that can cover all values from 1 satoshi up to 21 million bitcoins, this results in roughly 160GB of range proof data using the current systems. Using aggregated Bulletproofs, the range proofs for all UTXOs would take less than 17GB, about a factor 10 reduction in size.” 

According to redditors it would scale bitcoin to do 5 times amount of transactions.
 

So the plan is to make Value shuffle and confidential transactions to use bulletproof.  

Since Confidential transaction are 3x greater, Bulletproof-CT= +2x.  SO which would mean in real world use CT won't clog up the bitcoin network. And best of all regular transactions can use bulletproof to scale. 

  Sources:

 https://bitcoinmagazine.com/articles/how-bulletproofs-could-make-bitcoin-privacy-less-costly/

https://coinjournal.net/bulletproofs-rangeproofs-quest-confidential-transactions/

The last key problem with CT is that you read how the system has to act weird bc it a soft fork. So it would be recommended for CT to used after 2 releases of the bitcoin core ref client so that most nodes will be CT compatible nodes. It not that hard to fix. 

 I told you these posts will be long. Aren't you glad i broke them down? 

Day 1 and Day 2= checked off

 Day 3= The LN privacy post

Day 4= The sidechain privacy post  

Day 5= I'll combine everything in one big post.   

 See ya. :)