Author: Kiara Bickers
Source: https://blog.blockstream.com/bitcoins-shielded-csv-protocol-explained/
Today's BTC development mainly focuses on two directions: (1) scaling; (2) privacy. Common proposals often require adding new opcodes and programming tools to BTC's script system. However, an old idea is also making a comeback: creating transactions in a more private and peer-to-peer manner. Currently, every BTC transaction is broadcast across the entire network for verification. This is an effective method to prevent double-spending, but it also means that the exposed information exceeds the strictly necessary extent. This leads to heavier computational burden, higher costs, and a system difficult to expand in throughput. But what if we delegate part of the transaction processing to the beneficiary (client-side), wouldn't this both improve efficiency and open up a new realm of privacy for BTC?
In our recently published paper, Blockstream, together with Alpen Labs and ZeroSync, developed the "Shielded CSV Protocol", an enhancement of the client-side validation protocol, providing fully private transactions. This new protocol is a significant step in strengthening BTC transaction privacy, and moreover, through additional measures we will introduce in this article, it hopes to increase transaction throughput from 11 per second to over 100 per second.
This article provides an overview of the Shielded CSV Protocol. The Shielded CSV Protocol aims to improve layer one blockchain performance while maintaining full compatibility with BTC. The protocol was jointly created by Jonas Nick, Liam Eagen, and Robin Linus. Here is the story behind the Shielded CSV Protocol and how it has the potential to change everything.
CSV: A Point-to-Point Scaling Solution
CSV transfers the burden of transaction verification from every full node in the network to the transaction's recipients. This makes Bitcoin more point-to-point. Imagine not needing to store all transaction details on the blockchain. Instead of using a detailed transaction potentially linked to your identity, you only use a simple 64-byte nullifier, which means nothing to anyone observing the public blockchain record, and is only meaningful to the sender and receiver. If every node had to verify every transaction, the entire network would naturally be slowed down. By transferring transaction verification to the beneficiary, the data stored on the blockchain can be significantly reduced - from an average of 560 weight units (WU) to 64 WU, shrinking by approximately 8.75 times, making the system more streamlined and efficient. This malleability protocol brings enormous scalability potential to Bitcoin, allowing users to process 10 times more transactions - approximately 100 per second.Bitcoin Today
You might say, "Easier said than done. What exactly is this? What are the trade-offs?"How Does Shielded CSV Make Bitcoin More Private?
Compared to transparent blockchain transactions, CSV protocols generally enhance privacy because certain information is only transferred to the beneficiary. However, in traditional CSV protocols like RGB and Taproot Assets, once a coin is sent, both sender and receiver can see the complete transaction history. In the Shielded CSV protocol, we use a solution similar to zk-SNARK to "compress" evidence, ensuring no transaction information is leaked. This means the transaction history is hidden, providing better privacy compared to existing protocols.What is a "Nullifier" and How Does it Prevent Double Spending?
When initiating a payment, the sender directly passes the transaction to the recipient. A small piece of data derived from the transaction will be written to the blockchain, called a "nullifier". Full nodes in the network only need to perform one Schnorr signature verification for each Shielded CSV nullifier. The recipient checks the coin's validity and ensures the nullifier is placed on the blockchain to prevent any double spending. Other CSV protocols also have nullifiers, but in many cases, they are complete Bitcoin transactions, unlike the derived "random bubbles" used here. Shielded CSV nullifiers make blockchain analysis more difficult.Does Shielded CSV Require a Soft Fork or Hard Fork?
Shielded CSV does not require a soft fork or hard fork. It remains compatible with Bitcoin throughout. CSV separates transaction verification from consensus rules, gaining flexibility without modifying the core protocol. Because Bitcoin can store any type of data, different CSV protocols like RGB, Taproot Assets, and even multiple versions of Shielded CSV can coexist without conflict. Nodes do not need to reject blocks containing unfamiliar data. Instead, this data only needs to be parsed by the "beneficiary" if it is relevant to them. By offloading transaction verification, the blockchain's primary goal is simplified: confirming transaction data in an agreed order and preventing double spending.Does Shielded CSV Allow Me to Trade Bitcoin?
Shielded CSV will operate as an independent system, using the Bitcoin blockchain to record nullifiers and prevent double spending in the CSV protocol. However, to directly integrate it with Bitcoin and enable frictionless transactions, a bridging solution is still needed. The current protocol does not deeply explore how BitVM's bridging solution works, but it remains an active area of development and research. Currently, bridging is possible through a trusted third party or a consortium, but the ultimate goal is a fully trustless system. Achieving this means establishing a genuine, seamless interaction between Bitcoin and Shielded CSV, allowing users to benefit from enhanced privacy without sacrificing Bitcoin's trustless data. This is a complex challenge that could redefine how Bitcoin scales and ensures transaction security.Read the Complete Paper
The Shielded CSV protocol offers a method to enhance Bitcoin's scalability and privacy, promising to open new frontiers for more efficient point-to-point transactions. By transferring transaction verification burden to the beneficiary, on-chain data is greatly reduced, enabling higher transaction throughput and stronger privacy - all without soft or hard forks. If you're curious about how this protocol works and its trade-offs, we highly recommend reading the complete paper: "Shielded CSV: Private and Efficient Beneficiary Verification". This could be the future of Bitcoin.Although the protocol authors have added many methods to compress evidence volume (such as evidence compression based on proof systems and non-interactive aggregate signatures based on Schnorr signatures), which improved the protocol's throughput, due to abandoning the one-time sealed paradigm, it will face more barriers compared with Bitcoin UTXO-based expansion solutions.
