Bulletproofs - Reading Assignment

Read the Medium article implementing Bulletproofs for Monero. Answer the questions and post your answers below:

Questions:

1. What exactly do Bulletproofs do on the Monero blockchain?
2. Which other projects are the Bulletproof authors connected to? (hint: do some googling)
3. How do Bulletproofs compare to zk-SNARKs?
4. How do Bulletproofs improve scalability of multi-output transactions on Monero?

1. Bulletproofs . This technology is intended to address one of the main drawbacks of RingCT: the size of the range proofs this scheme produces. Bulletproofs can increase the privacy of digital currency transactions and at the same time dramatically decrease their size.

2. Bulletproofs: Short Proofs for Confidential Transactions and More. After working on the Confidential Transactions scheme, Greg Maxwell, Andrew Poelstra and Pieter Wuille teamed up with researchers from the Stanford Applied Cryptography Group.

3. Relative to zk-SNARKs, the NIZKP system proposed by the Bulletproof white paper has both benefits and drawbacks. On one hand, the use of NIZKP Bulletproofs does not require a trusted setup for parameter generation , like Zcash’s Powers of Tao ceremony. On the other hand, the verification of a Bulletproof is more time consuming than zk-SNARKs.

4.Bulletproofs can be seen as an approach to vertical scalability as they can greatly decrease the size of a cryptographic proof from over 10kB to less than 1kB. The Bulletproof white paper focused on applying NIZKPs to the Bitcoin blockchain and stated that, if implemented, total size of Bitcoin’s UTXO set would be only 17 GB (compared to 160 GB) if Confidential Transactions were to be implemented.

1. Bulletproofs impact on Monero by increasing its privacy, decreasing transaction size and solving RingCT’s range proofs’ size issue.
2. It was developed by Benedict Bunz and Jonathan Bootle.
3. The comparison between Bulletproofs and zk-SNARKs highlights that they both have pros and cons, but the main differences are: zk-SNARKs require a trusted setup for parameter generation while Bulletproofs don’t; Bulletproofs have a more time-consuming verification process.
4. Bulletproofs need less space within the transaction, because they have lower size and would enable greater security while freeing more space for transactions. A reduction in size would make the entire blockchain more efficient and scalable, leading to better results and wider diffusion.

1. What exactly do Bulletproofs do on the Monero blockchain?

The Pedersen commitment scheme used in RingCT has an additively homomorphic property, which, put (very) simply, allows multiple decoy inputs to be aggregated through addition. This guarantees that one of the encoded inputs is spendable/valid and that the sender is not double spending funds or creating XMR out of thin air. A by-product of this process is range proof that proves that the amount committed by a given Pedersen Commitment falls within a certain range and is not a negative number.

2. Who developed Bulletproofs?

Dr. Adam Back

3. How do Bulletproofs compare to zk-SNARKs?

Relative to zk-SNARKs, the NIZKP system proposed by the Bulletproof has both benefits and drawbacks. On one hand, the use of NIZKP Bulletproofs Whitepaper does not require a trusted setup for parameter generation , like Zcash’s Powers of Tao ceremony. On the other hand, the verification of a Bulletproof is more time consuming than zk-SNARKs.

4. How do Bulletproofs improve scalability of multi-output transactions on Monero?

Bulletproofs have a much lower fingerprint (or size) relative to the proof systems used in blockchain networks today. In fact, much like SegWit, Bulletproofs can be seen as an approach to vertical scalability as they can greatly decrease the size of a cryptographic proof from over 10kB to less than 1kB.

1. What exactly do Bulletproofs do on the Monero blockchain?
   Reduce the size of “range proofs”, aggregating all of them and collectively prove their validity.

2. Who developed Bulletproofs?
   Greg Maxwell, Andrew Poelstra and Pieter Wuille in colaboration with researchers from Stanford Applied Cryptography Group.

3. How do Bulletproofs compare to zk-SNARKs?
   Both has benefits and drawbacks; NIZKP Bulletproofs does not require a trusted setup for parameter generation, but on the other hand the verification of a Bulletproof is more time consuming than zk-SNARKs.

4. How do Bulletproofs improve scalability of multi-output transactions on Monero?
   Two benefits with Bulletproofs is that decreases the size of a cryptographic proof over 10kB to less than 1kB, allowing also transaction sizes scale logarithmically (instead of linear) … so, this space saving can be used to improve scalability of multi-output transactions.

• What exactly do Bulletproofs do on the Monero blockchain?
  they can increase the privacy of digital currency transactions and at the same time dramatically decrease their size.

• Who developed Bulletproofs?
  Greg Maxwell, Andrew Poelstra, Pieter Wuille and a team of researchers from Stanford Applied Cryptography Group that collaborated with them.

• How do Bulletproofs compare to zk-SNARKs?
  Both system have ups and downs, while one system is more time consuming to verify, the other one require a trusted enviroment to set up the parameters.

• How do Bulletproofs improve scalability of multi-output transactions on Monero?
  Bulletproofs can reduce sensitively the size of a cryptographic proof from over 10kB to less than 1kB, while increasing the privacy.

1. Increase the privacy of digital currency transactions and at the same time dramatically decrease their size.
2. Greg Maxwell, Andrew Poelstra, Pieter Wuille and a team of researchers from Stanford Applied Cryptography Group
3. zk-SNARKs require a trusted setup for parameter generation while Bulletproofs don’t; Bulletproofs have a more time-consuming verification process.
4. Reduce size from over 10kB to less than 1kB, while increasing the privacy.

1. Increase the privacy of digital currency transactions and at the same time dramatically decrease their size.
2. Greg Maxwell, Andrew Poelstra and Pieter Wuille along with researchers from the Stanford Applied Cryptography Group.
3. On one hand, the use of NIZKP Bulletproofs does not require a trusted setup for parameter generation , like Zcash’s Powers of Tao ceremony. On the other hand, the verification of a Bulletproof is more time consuming than zk-SNARKs.
4. With bulletproofs, transaction sizes will scale logarithmically (ex: 1 output = 2kB, 2 outputs = 2.5kB). Therefore , this technology has the potential to greatly contribute to Monero’s scalability.

1. What exactly do Bulletproofs do on the Monero blockchain?
   They can increase the privacy of digital currency transactions and at the same time dramatically decrease their size.

2. Who developed Bulletproofs?
   Greg Maxwell, Andrew Poelstra and Pieter Wuille teamed up with researchers from the Stanford Applied Cryptography Group.

3. How do Bulletproofs compare to zk-SNARKs?
   Bulletproofs does not require a trusted setup for parameter generation. On the other hand, the verification of a Bulletproof is more time consuming than zk-SNARKs.

4. How do Bulletproofs improve scalability of multi-output transactions on Monero?
   Under bulletproofs, transaction sizes will then scale logarithmically instead (ex: 1 output = 2kB, 2 outputs = 2.5kB).

1. What exactly do Bulletproofs do on the Monero blockchain?
   Bulletproofs provide a more efficient range proof for confidential transactions, by using a non-interactive zero knowledge proof (NIZKP) system to aggregate all the range proofs of a Confidential Transaction and collectively prove their validity.

2. Who developed Bulletproofs?
   Greg Maxwell, Andrew Poelstra, Pieter Wuille together with researchers from the Stanford Applied Cryptography Group.

3. How do Bulletproofs compare to zk-SNARKs?
   NIZKP Bulletproofs does not require a trusted setup to generate parameters but verification of a Bulletproof is more time consuming.

4. How do Bulletproofs improve scalability of multi-output transactions on Monero?
   Bulletproof transaction size is logarithmic in number of outputs which can help scaling.

1. Bulletproofs reduce the size of the range proof that RingCT produces
2. Gregory Maxwell, Andrew Poelstra, Pieter Wuille with researchers from the Stanford Applied Cryptography Group
3. “The use of NIZKP Bulletproofs does not require a trusted setup for parameter generation, like Zcash’s Powers of Tao ceremony. On the other hand, the verification of a Bulletproof is more time consuming than zk-SNARKs.”
4. By decreasing the size of cryptographic proof about 10 times.

1. the reduce the size of the range, necessary to do range proofs
   2.developed by the stanford applied crypto group and and peter wuille, greg maxwell, adny poelstra
   3.compared to zk snarks it does not require a trusted set up for parameter generation , but it is more time consuming to verify than zk snarks
2. as the lower the size of a range, for a range proof. they take less size on the blockchain. this is helpful for scaling.

1. What exactly do Bulletproofs do on the Monero blockchain?
   • This technology is intended to address one of the main drawbacks of RingCT: the size of the range proofs this scheme produces.
2. Who developed Bulletproofs?
   • Greg Maxwell, Andrew Poelstra and Pieter Wuille teamed up with researchers from the Stanford Applied Cryptography Group
3. How do Bulletproofs compare to zk-SNARKs?
   • Bulletproofs don’t not require a trusted setup for parameter generation, like Zcash’s Powers of Tao ceremony. On the other hand, the verification of a Bulletproof is more time consuming than zk-SNARKs. So it’s a tradeoff again between speed and decentralization.
4. How do Bulletproofs improve scalability of multi-output transactions on Monero?
   • They have a smaller fingerprint where transaction sizes will then scale logarithmically (ex: 1 output = 2kB, 2 outputs = 2.5kB).

1- Bulletproofs are a big deal, as they can increase the privacy of digital currency transactions and at the same time dramatically decrease their size.

2- Greg Maxwell, Andrew Poelstra and Pieter Wuille along with researchers from the Stanford Applied Cryptography Group.

3- Relative to zk-SNARKs, the NIZKP system proposed by the Bulletproof has both benefits and drawbacks. On one hand, the use of NIZKP Bulletproofs does not require a trusted setup for parameter generation, like Zcash’s Powers of Tao ceremony. On the other hand, the verification of a Bulletproof is more time consuming than zk-SNARKs.

4- Bulletproofs can be seen as an approach to vertical scalability as they can greatly decrease the size of a cryptographic proof from over 10kB to less than 1kB.
As discussed by MRL researcher Sarang Noether in December of 2017, under the current range proof format, the size of XMR transactions scales mostly linearly depending on the number of outputs (ex: 1 output = 7kB, 2 outputs = 13kB). Under bulletproofs, transaction sizes will then scale logarithmically instead (ex: 1 output = 2kB, 2 outputs = 2.5kB). Therefore, this technology has the potential to greatly contribute to Monero’s scalability.

1. another method to encode the range-proofs of several output decoys but with better/logarithmic compression rates than usual size of same amount of outputs but linear size RingCT’s.
2. BTCcoreDevs + Cryptography University Academia ( Benedikt Bunz, Jonathan Bootle, Dan Boneh,Andrew Poelstra,Pieter Wuille and Greg Maxwellk, Stanford University + University College London + Blockstream )
3. “On one hand, the use of NIZKP Bulletproofs does not require a trusted setup for parameter generation, like Zcash’s Powers of Tao ceremony. On the other hand, the verification of a Bulletproof is more time consuming than zk-SNARKs.”
4. improves on the transaction size front the encoding of the range-proofs a lot for higher amount of decoy outputs added, the more outputs added the lower total size compared to the 1st range-proofs encoding method

1. Reducing the proofs size.
2. Greg Maxwell, Andrew Poelstra and Pieter Wuille and researchers from Stanford Applied Cryptography Group
3. Relative to zk-SNARKs, the NIZKP system proposed by the Bulletproof white paper has both benefits and drawbacks. On one hand, the use of NIZKP Bulletproofs does not require a trusted setup for parameter generation, like Zcash’s Powers of Tao ceremony. On the other hand, the verification of a Bulletproof is more time consuming than zk-SNARKs.
4. Increasing the mandatory number of outputs in a transaction can make it significantly harder to trace balances by analyzing the blockchain.

1. They can increase the privacy of digital currency transactions & at the same time dramatically decrease their size.

2. Greg Maxwell, Andrew Poelstra and Pieter Wuille teamed up with researchers from the Stanford Applied Cryptography Group.

3. How do Bulletproofs compare to zk-SNARKs?
   Bulletproofs does not require a trusted setup for parameter generation but the verification of a Bulletproof is more time consuming than zk-SNARKs.

4.Bulletproofs decrease transaction sizes allowing the scalability of multi outpout TX.

1. It increases privacy of transactions and decreases the size.
2. Greg Maxwell,Andrew Poelstra,Pieter Wullie and a team of researchers from Stanford Applied Cryptography group.
3. NIZKP does not require a trusted setup for parameter generation. Bulletproof does require a longer verivication time that zk-SNARKs.
4. Decreasing the size of cryptographic proof.

• What exactly do Bulletproofs do on the Monero blockchain?
  Bulletproofs can increase the privacy of digital currency transactions and at the same time dramatically decrease their size.

• Who developed Bulletproofs?
  Greg Maxwell, Andrew Poelstra and Pieter Wuille

• How do Bulletproofs compare to zk-SNARKs?
  On one hand, the use of NIZKP Bulletproofs does not require a trusted setup for parameter generation , like Zcash’s Powers of Tao ceremony. On the other hand, the verification of a Bulletproof is more time consuming than zk-SNARKs.

• How do Bulletproofs improve scalability of multi-output transactions on Monero?
  Under the current range proof format, the size of XMR transactions scales mostly linearly depending on the number of outputs (ex: 1 output = 7kB, 2 outputs = 13kB). Under bulletproofs, transaction sizes will then scale logarithmically instead (ex: 1 output = 2kB, 2 outputs = 2.5kB). Therefore, this technology has the potential to greatly contribute to Monero’s scalability.