MoneroResearch.info |
Eagen, L. Li. E. 2022. Bulletproofs++. [Cryptology ePrint Archive, Report 2022/510]. Added by: Plowsof (5/5/22, 1:11 PM) Last edited by: Rucknium (4/5/24, 10:13 PM) |
Resource type: Miscellaneous BibTeX citation key: Eagen2022 View all bibliographic details |
Categories: Monero-focused Keywords: Bulletproofs, Monero, Whitepaper Creators: Eagen |
Views: 204/6473
|
Attachments 2022-510.pdf [24/1437], BP++FINAL.pdf [57/1320] | URLs https://eprint.iacr.org/2022/510, https://github.com ... gen/BulletproofsPP |
Abstract |
Building on Bulletproofs [1] and Bulletproofs+ [2], I describe several new range proofs that achieve both shorter proof sizes and witness lengths as well as a new confidential transaction protocol for multiple types of currency. The first section describes how to modify the (weighted) inner product protocol to prove a norm relation, i.e. self inner product, while only committing to the vector once. In the second section, this is used to construct a binary digit range proof of half the witness length of Bulletproofs(+). Using a novel permutation argument, which is essentially the logarithmic derivative of [3], and the norm argument, I then construct a family of range proofs for arbitrary bases. In the case of 64 bit range proofs, using 16 hexadecimal digits, the reciprocal range proof achieves a proof size of 10 curve points and 3 scalars, 416 bytes in Curve25519 and 418 in SECP256k1, and witness length of 23 scalars. This proof size is approximately 27% smaller than Bulletproofs+ and 38% smaller than Bulletproofs. The witness length, which is proportional to verification complexity, is reduced by a factor of roughly 6, which asymptotically approaches 8 as the number of ranges increases. Finally, I use the permutation argument to construct a zero knowledge confidential transaction protocol for multiple types of currency. This uses one multiplication per input and per output and supports multiparty proving, substantially improving on both ring signature [12] and Bulletproof [4] based confidential transactions.
|
Notes |
CCS for Peer Review: https://ccs.getmonero.org/proposals/bulletproofs-pp-peer-review.html
Peer review completed: https://moneroresearch.info/index.php?action=resource_RESOURCEVIEW_CORE&id=217 A rust implementation of BP++ https://github.com/sanket1729/rust-bulletproofs-pp Added by: Rucknium Last edited by: Rucknium |