MoneroResearch.info 
Eagen, L. Li. E. 2022. Bulletproofs++. [Cryptology ePrint Archive, Report 2022/510]. Added by: Plowsof (20220505 13:11) Last edited by: Rucknium (20220505 14:03) 
Resource type: Miscellaneous BibTeX citation key: Eagen2022 View all bibliographic details 
Categories: Monerofocused Keywords: Bulletproofs, Monero, Whitepaper Creators: Eagen 
Views: 142/1859

Attachments 2022510.pdf [45/530]  URLs https://eprint.iacr.org/2022/510, https://github.com ... gen/BulletproofsPP 
Abstract 
Building on Bulletproofs [1] and Bulletproofs+ [2], I describe several new range proofs that achieve both shorter proof sizes and witness lengths as well as a new confidential transaction protocol for multiple types of currency. The first section describes how to modify the (weighted) inner product protocol to prove a norm relation, i.e. self inner product, while only committing to the vector once. In the second section, this is used to construct a binary digit range proof of half the witness length of Bulletproofs(+). Using a novel permutation argument, which is essentially the logarithmic derivative of [3], and the norm argument, I then construct a family of range proofs for arbitrary bases. In the case of 64 bit range proofs, using 16 hexadecimal digits, the reciprocal range proof achieves a proof size of 10 curve points and 3 scalars, 416 bytes in Curve25519 and 418 in SECP256k1, and witness length of 23 scalars. This proof size is approximately 27% smaller than Bulletproofs+ and 38% smaller than Bulletproofs. The witness length, which is proportional to verification complexity, is reduced by a factor of roughly 6, which asymptotically approaches 8 as the number of ranges increases. Finally, I use the permutation argument to construct a zero knowledge confidential transaction protocol for multiple types of currency. This uses one multiplication per input and per output and supports multiparty proving, substantially improving on both ring signature [12] and Bulletproof [4] based confidential transactions.
