Can't seem to find the CT thread, can anyone remember the prerequisites for mainnet CT?
I can't find one either.
There was a
thread on "compact confidential transactions", which is a different scheme.
It would require a hard fork. The output value would need to be replaced with a EC points. You also need range proof support.
The exception is if there is only 1 output. In that case, you don't need a range proof.
They also embed some encrypted information in transaction so the receiver can handle it. This doesn't require extra transaction size though.
From memory, the range proofs require 32 bytes per possible output level and a 32 byte initialization value.
For a 1 bit (2 level) proof, that is 64 + 32 = 96 bytes. 2 bits is 4 levels, so 4 * 32 + 32 = 160. 3 bits is 8 levels which gives 8 * 32 + 32 = 288.
2 bits (4 levels) has the smallest size per bit (96 vs 80 vs 96). This means that they use radix-2 in their range proofs.
For 32 bit range proofs, that is 2560 bytes required for the range proof.
For outputs that have less than 32 bits of variation, a smaller range proof can be used.