Lattice-BP++ (Confidential Transactions)¶
Lattice-BP++ is Soqucoin's quantum-safe confidential transaction system. It hides transaction amounts while allowing network validators to verify that no coins were created or destroyed. Patent pending (Soqucoin Labs Inc.).
What It Does¶
Standard Soqucoin transactions expose the amount sent. Lattice-BP++ transactions look like this to observers:
| Field | Standard TX | Lattice-BP++ TX |
|---|---|---|
| Sender | Visible | Visible |
| Receiver | Visible | Visible |
| Amount | Visible | Hidden |
| Validity | Verifiable | Verifiable (via range proof) |
The amount is replaced by a cryptographic commitment. A zero-knowledge range proof proves the committed value is non-negative and within valid bounds, without revealing what it is.
Technical Design¶
Commitments¶
Lattice-BP++ uses Module-LWE commitments instead of Pedersen commitments (which rely on ECC and break under quantum attack):
| Parameter | Value |
|---|---|
| Lattice dimension | n=256 |
| Modulus | q=8,380,417 |
| Hardness | Module-LWE/SIS |
| Security level | NIST Level 2 (quantum-safe) |
These are the same lattice parameters used by NIST's ML-DSA (Dilithium) standard.
Range Proofs¶
The range proof proves that a committed value v satisfies 0 ≤ v < 2^64 without revealing v. The proof construction uses an inner-product argument adapted to the lattice setting.
| Metric | Value |
|---|---|
| Proof size | 12,321 bytes |
| Prove time | 0.556 ms (Apple M4) |
| Verify time | 0.022 ms (Apple M4) |
| Bits proven | 64-bit range |
Ring Signatures¶
For sender privacy, Lattice-BP++ includes Module-LWE ring signatures that obscure which input is the real spender among a set of decoys:
| Parameter | Value |
|---|---|
| Ring size | Up to 11 members |
| Signature type | Module-LWE ring signature |
| Anonymity set | Configurable per transaction |
Consensus Integration¶
Lattice-BP++ is opt-in. Users choose whether to send a standard (transparent) or confidential transaction. Both types coexist on the same chain.
Activation¶
| Network | Status |
|---|---|
| Regtest | ALWAYS_ACTIVE |
| Stagenet | Pending BIP9 activation |
| Mainnet | Pending security audit |
Why Not Classical Bulletproofs?¶
Classical Bulletproofs++ (used by Monero, Mimblewimble) rely on the Discrete Logarithm Problem over elliptic curves. A quantum computer running Shor's algorithm breaks this completely.
Lattice-BP++ replaces the ECC math with lattice-based alternatives that resist both classical and quantum attacks. The tradeoff is larger proofs (12 KB vs ~0.7 KB) but with full quantum safety.
Source Code¶
| Component | Location |
|---|---|
| Commitments | src/crypto/latticebp/commitment.cpp |
| Range proofs | src/crypto/latticebp/range_proof.cpp |
| Ring signatures | src/crypto/latticebp/ring_signature.cpp |
| Consensus wiring | src/script/interpreter.cpp |