By modifying UHS IDs to be Pedersen commitments to the value of their output, we can leverage some cryptographic proofs to ensure our invariants hold. Those proofs can be stored to allow for checking the invariants across the entire monetary supply enabling a basic form of auditing. As an added benefit, because all our invariants can now be proven in zero-knowledge (i.e., without revealing the underlying value to the system), we can completely remove the value from output and thus blind values from the sentinel—and, by extension, the entire transaction processor.

Technically, to accomplish this, we only need a few things:

• A routine to choose blinding factors for the Pedersen commitments (such that all the pedersen commitments in a balanced transaction sum to 0), and
• Range proofs to guarantee that all UHS IDs are within some allowable range

For the sake of avoiding significant code changes, providing some additional privacy benefits, and avoiding some other potential attacks, we'll include a few other values (some of which need to be stored by client wallets, others needing to be stored in the UHS, and a few that are only necessary for the initial validation of the transaction).