Javascript is disabled or not supported in your browser. JavaScript must be enabled in order for you to use WIKINDX fully. Enable JavaScript through your browser options then try again, otherwise, try using a different browser.

MoneroResearch.info

Wikindx
Resources
- Random Resource
- Last Solo View
Search
- Quick Search
- Advanced Search
- Category Tree
- Quick List All...
- Browse...
  - Types
  - Creators
  - Cited
  - Years
  - Keywords
  - Keyword Groups
  - Collections...
    - ALL
    - Book
    - Journal
    - Manuscript
    - Proceedings
  - Publishers...
    - ALL
    - Book
    - Conference
    - Institution
    - Legal
  - Categories
  - Subcategories
  - Languages
  - System Users
  - Departments
  - Institutions
- Zoom...
  - Titles
  - Creators
  - Years
Metadata
- List Ideas
- Search Ideas
- Random...
  - Quote
  - Paraphrase
  - Idea
- Keywords...
  - Quotes
  - Paraphrases
  - Ideas
  - Not Ideas

WIKINDX Resources

Goodell, B. (2024). Security Review - Generalized Bulletproofs. Unpublished manuscript.
Added by: Rucknium (06/12/2024, 17:56)

Resource type: Manuscript
BibTeX citation key: Goodell2024
View all bibliographic details

Categories: Monero-focused
Subcategories: Full-Chain Membership Proofs
Creators: Goodell
Collection: Cypher Stack

Views: 341/341

Attachments GBP_Security_Review.pdf

[46/46]

URLs https://repo.getmo ... sts/449#note_27508

Abstract

We review the Generalized Bulletproofs (GBPs) proposal in [7], [8], which reduces to the Bulletproofs (BPs) proposal described in [3] in a certain edge case. The GBPs proposal, and its proofs, are straightforward extensions of Bulletproofs (BPs), described in [3], demonstrating that GBPs are perfectly complete, have special honest-verifier zero-knowledge (SHVZK), and computational witness-extended emulation (CWEE). The proofs in [7] correctly and directly extend the proofs in [3], so it is subjectively unlikely that BPs are secure and GBPs are not.

That is to say, if BPs are up to industry standards, so are GBPs. Moreover, other recent work in [9] demonstrates that BPs are simulation-extractable, and so future extensions of that work may yet demonstrate that GBPs are also simulation-extractable. However, the security proofs in both [3] and [7] neglect runtime and success probability of their reductions, data which is useful in assessing tightness gaps and practical security. Taking tightness gaps into account when assessing practical security is not an industry standard because doing so leads to less efficient systems, but [2] describes practical attacks against a wide variety of popular signature schemes proven secure with forking arguments (Schnorr blind, Okamoto-Schnorr blind, GJKR threshold, original FROST threshold, CoSI and two-round MuSig multi-, Abe-Okamoto partially-blind, and ZGP17 conditional-blind signatures). The GBPs tightness gap is wide since the proof of CWEE in [7] (and [3]) uses a generalized forking lemma.

For these reasons, the author recommends further investigation into whether the attack vectors in [2] apply to BPs and GBP.

WIKINDX 6.10.2 | Total resources: 236 | Username: -- | Bibliography: WIKINDX Master Bibliography | Style: APA Enhanced