Confidential Doesn’t Mean What I Thought It Meant

Alright, I’ll say it straight: I was wrong. Or at least, I was wrong until recently.

If you’ve been reading this blog for a while, you probably remember my enthusiastic posts about assets on the Liquid network. L-BTC, USDT on Liquid - I praised them more than once. I wrote that transactions there are confidential, that this protects you from ever-watchful AML analysts and from CEXes that may freeze your satoshis just because, at some point in the past, they “kept bad company.”

I genuinely believed that.

When you send a Liquid transaction from most wallets, you usually get two links to a block explorer: one showing the confidential transaction, and another showing the “unblinded” version. The second link is only available to the sender, while the first can be viewed by anyone browsing the explorer. And for some reason, it never occurred to me to question what “confidential” really meant. I never stopped to check what exactly was visible through those links.

Recently, however, we processed another swap on rabbit.io, converting some cryptocurrency into USDT on the Liquid blockchain. The user asked us for details about the transaction. I opened the block explorer - and that’s when I had a moment of shock.

The entire interaction graph between addresses was right there in plain sight. Who sent something to whom. When. How often. The structure of relationships between addresses was fully exposed. And none of that was hidden by any “confidentiality.”

That’s when I realized I had been seriously mistaken - and, worse, that I had unintentionally misled you. I’m sorry.

Liquid does not protect you from AML-related abuse. If an AML monitoring service decides to label any address that has ever sent you funds as “tainted,” it can just as easily label your address tainted too - for the exact same reasons they do so on any other transparent blockchain.

I had confused one kind of confidentiality with another. And that confusion matters.

What Does Liquid Actually Hide?

“Confidential transaction” is not a metaphor in the case of Liquid - it’s a technically accurate term. But it means something very specific: the amount and the asset type are hidden. That’s it.

That said, here’s a metaphor that helped me understand it. As I started digging into the details, I began to think of Liquid as a table covered with a tablecloth. The tablecloth hides the dish - you can’t see what’s on it or how much of it there is - but the table itself, and the movement of dishes across it, remains fully visible to anyone looking through a block explorer.

An outside observer cannot tell whether you transferred one hundred bitcoins or fifty cents’ worth of USDT. But they can clearly see that address A sent something to address B, and that B later received something from address C.

And that’s where my problem begins.

For personal Bitcoin payments unrelated to swaps on rabbit.io, I use the Lightning Network. The reason is simple: the recipient does not see the history of the coins. They have no basis to declare them “tainted” and withhold my bitcoins under that pretext without delivering anything in return.

I naively assumed Liquid offered similar protection - perhaps with some trade-offs in terms of full self-custody, but without the operational complexity of managing payment channels.

It turns out, it doesn’t.

What Liquid does very well is solve a different problem altogether. The confidentiality of transactions on Liquid protects users from abuse by token issuers operating on the network.

On Ethereum, Tron, and similar blockchains, the smart contracts behind popular tokens are designed so that the issuer can see every wallet balance and, if necessary, press a button to freeze your tokens.

On Liquid, issuers cannot technically do that - that’s the first point. And even if they wanted to, it would be pointless: the amounts and asset types held at each address are hidden. The issuer simply does not know who holds how many of their tokens.

That is a meaningful defense against targeted censorship. It’s also a decent shield against unwanted attention from scammers and thieves - no one can see how much value flows into your address.

Liquid solves the problem it was designed to solve. It just wasn’t the problem I thought it was solving. And that doesn’t make the blockchain bad - it makes it specialized.

What We Actually Mean by “Confidential”

Before we go any further, let’s clarify something. When we call a transaction “confidential,” what exactly are we talking about?

Every transaction has several components, and each of them can be hidden separately:

• The amount and the asset - how much of what is being transferred.
• The relationships between addresses - who interacted with whom and what the transaction graph looks like.
• Identities - the link between addresses and real-world individuals or organizations.
• The very existence of the transfer - whether anyone can even see that a transaction took place.

Different systems make different parts confidential. And once we separate these layers, it becomes much easier to understand what each technology actually protects - and what it doesn’t.

Confidentiality in Bitcoin

Lightning Network: Delivering Bitcoin from an Unknown Sender

If Liquid hides “how much” and “what,” Lightning hides “where from.”

Imagine you want to send a package to a friend in another city. You don’t deliver it yourself. You hand it to a courier, who gives it to a long-distance bus driver, who passes it to a local taxi driver in the destination city, and the taxi driver finally delivers it to your friend.

That taxi driver, the last person in the chain, only knows that the bus driver handed him the box. He has no idea that you were the original sender.

In Lightning, this is called onion routing - the same concept used in Tor. The recipient only sees the last hop in the route. The history of your coins is invisible to them. An AML analyst has nothing to analyze, because no transaction history is recorded anywhere.

This is exactly what I personally needed. That’s why I use Lightning for my private transactions.

There is a nuance: opening and closing payment channels are recorded on the Bitcoin blockchain. But those are just the first and last transactions - not the dozens, hundreds, or even thousands of payments that may pass between them.

Silent Payments: One Recipient, Many Invisible Addresses

Public figures face a major problem. If they publish a regular Bitcoin address for donations or payments, anyone can open a block explorer and see how many times funds were sent to that address and how much bitcoin it currently holds. It’s as if your bank card number gave complete strangers access to your account statement.

Silent Payments solve this elegantly.

• I publish a single “silent address.”
• You paste it into your wallet to send me money.
• Your wallet then performs a clever mathematical trick: it takes my public key and your key, and generates from them a completely new, unique one-time address.
• That address belongs to me - but even I don’t know it in advance. And it cannot be linked back to my public silent address.

The amounts are still visible - this is just a regular Bitcoin transaction. But the link between a public identity that posted an address and the specific incoming payments is hidden.

A similar privacy scheme was recently proposed on the Stellar network.

Ark: A Melting Pot for Bitcoin

Ark is a relatively new protocol built on top of Bitcoin and actively under development. It aims to offer something similar to Lightning, but without requiring users to manage channels.

Instead of individual payment channels, all participants deposit their coins into a shared pool while retaining control over the amount they contributed. You throw your coins into the pot - they dissolve among thousands of others.

When you want to pay someone, you instruct the operator to reassign a certain amount to another participant inside the pool. If the recipient is not part of the pool, the operator withdraws the funds and sends them to the specified address. The operator cannot refuse your request.

As a result, the coins you originally deposited and the coins your friend eventually receives are not linked by a visible on-chain trail. The connection is broken.

This resembles a mixer at first glance, but its primary purpose is not to sever links between deposits and withdrawals. The core feature is the internal transfers within the pool - reassignments of claims against the operator. These are instant and cheap, much like internal transfers within CEX.

The key difference is that, unlike a CEX operator, the Ark operator cannot freeze your funds.

From a confidentiality standpoint, this is also similar to internal CEX transfers: the operator sees everything, while outside observers see nothing - not even the fact that transfers occurred.

Shielded CSV: The Recipient Verifies Alone

This is a very new idea, still in the research phase. But it can be explained quite simply.

• How does a regular blockchain work? Alice publicly announces to the world: “I’m sending Bob one thousand satoshis!” Everyone sees it, verifies it, and records it.
• How would Shielded CSV work? Alice sends Bob a private message: “I’m sending you one thousand satoshis. Here is proof that I had them and that I correctly spent them. Verify it yourself.” To the rest of the world, Alice publishes not the transaction itself, but a cryptographic proof that she had the funds and spent them properly, meaning she cannot spend them again.

All information about how much she sent and to whom is transmitted directly from Alice to Bob. The recipient verifies the content of the transfer without revealing it to the world. More precisely, the network verifies that the transaction is valid, while the recipient verifies what it actually contains.

The blockchain stores only the minimal cryptographic trace required to prevent double spending. If you were not involved in the transaction, you learn nothing about it - except that some UTXO was destroyed.

A similar model - where the blockchain stores only zk-proofs of transaction correctness - has been operating successfully for nearly a decade on the Zcash network.

Confidentiality in Other Cryptocurrencies

MimbleWimble: A Blockchain Without Addresses

Let’s step outside Bitcoin. Here, developers tackled the transaction graph problem in a far more radical way.

In traditional blockchains, you see addresses, amounts, and an explicit transaction structure: here’s an input, here’s an output, and here’s the link between them.

In MimbleWimble - used in Grin and Beam - there are no addresses at all. There aren’t even visible amounts. There are only inputs and outputs, and their sizes are hidden.

When a block is formed, it doesn’t contain individual transactions with clear links between each input and output. Instead, it contains:

• a complete list of all inputs included in the block,
• a complete list of all outputs created in the block,
• and a mathematical proof that the overall balance is correct.

There is no record of who sent coins to whom. Moreover, if the output of a transaction is spent within the same block that included its parent transaction, those intermediate inputs and outputs disappear entirely from the blockchain history.

An outside observer sees only that some coins were destroyed and new ones were created.

However, transactions are not confidential to the network nodes processing them before inclusion in a block. While a transaction is propagating across the network, the link between its inputs and outputs is visible. If someone actively monitors transaction propagation before block inclusion, they may be able to reconstruct parts of the graph.

MWEB in Litecoin: Addresses That Aren’t Really There

The Litecoin network implemented an extension called MimbleWimble Extension Block (MWEB). This is not a separate MimbleWimble chain like Grin or Beam, but an additional layer embedded within the main blockchain.

Coins can be:

• moved from regular UTXOs into MWEB,
• used inside MWEB,
• and later withdrawn back to standard Litecoin.

In some ways, this resembles Ark in Bitcoin - except there is no single operator. The “operators” are the network nodes and, of course, the miners who include inputs and outputs in blocks.

For user convenience, Litecoin’s MWEB implementation includes address functionality. There are familiar-looking strings that behave like addresses, and the blockchain understands when a transaction is sent to an “MWEB address.”

But these addresses exist only at the user interface level. Inside MWEB blocks themselves, there are no addresses - only aggregated lists of inputs and outputs.

Monero: “I Am Spartacus!”

In the final scene of the film Spartacus directed by Stanley Kubrick, after the failed rebellion, the Romans demand that the prisoners identify Spartacus. One man stands up and says, “I am Spartacus!” Then another stands. Then another. Soon dozens are claiming to be him.

That’s essentially how Monero works.

When you send a transaction, your wallet takes your coin and mixes it with several other unrelated historical outputs from the blockchain as decoys. From an outside observer’s perspective, the transaction could have been initiated by any member of that group.

At the same time, Monero hides the recipient using one-time stealth addresses: a unique address is generated for each payment (similar in spirit to Silent Payments), and it cannot be linked to the recipient’s public address. The transaction amounts are also hidden.

This is currently the most aggressive form of on-chain confidentiality. That’s precisely why regulators tend to dislike Monero.

But “most aggressive” does not automatically mean “most future-proof.” Even though the blockchain records themselves are opaque, they still exist. And no one can be absolutely certain that new analytical techniques won’t emerge one day capable of extracting more information from those records.

This potential risk distinguishes Monero from systems like the Lightning Network, where transaction records simply do not exist on-chain at all.

In fact, a well-known Bitcoin enthusiast known as Supertestnet has been running a challenge for months: he asks Monero users to send him a payment over Lightning, and in return he sends them an equivalent payment in Monero. Then he invites them to compare how much each sender can learn about the recipient. Interestingly, he sometimes manages to extract some sensitive information from the limited data recorded on the Monero blockchain.

In Conclusion: There Is No Such Thing as Universal Confidentiality

Let’s put everything into a simple picture.

Want to protect yourself from targeted issuer censorship or financial surveillance? Then Liquid is your tool. It does this job very well. Tether cannot see your USDT balance on Liquid and cannot freeze it, and scammers cannot tell which addresses are worth targeting with phishing attacks.

Want to hide the origin of your coins and protect yourself from AML abuse? Choose the Lightning Network. The recipient cannot see where the funds came from.

All you need is to prevent incoming transactions from being linked to your public identity? Use Silent Payments in Bitcoin or a similar solution on Stellar.

Want no one to see the transaction graph at all? Look toward MimbleWimble (Grin, Beam, Litecoin), Ark, or Zcash.

Want to hide everything today - sender, recipient, amount, and graph - even if there is a small risk that future analysis might unravel some of it? That’s where Monero comes in.

Waiting for what comes next? Keep an eye on Shielded CSV.

Each technology was designed to address a specific threat model. It makes no sense to criticize a hammer because it’s bad at driving screws. Liquid does exactly what it was built to do. It just wasn’t solving the problem I thought it was solving - and I didn’t take the time to understand that before recommending it to you.

Now I have. And I hope this helped you understand it too.