# Bulletproofs : Efficient Range Proofs for Confidential Transactions

@inproceedings{Bnz2017BulletproofsE, title={Bulletproofs : Efficient Range Proofs for Confidential Transactions}, author={Benedikt B{\"u}nz and Jonathan Bootle and D. Boneh and A. Poelstra and Pieter Wuille and Gregory Maxwell}, year={2017} }

We propose Bulletproofs, a new non-interactive zero-knowledge proof protocol with very short proofs and without a trusted setup; the proof size is only logarithmic in the witness size. Bulletproofs are especially well suited for efficient range proofs on committed values: they enable proving that a committed value is in a range using only 2 log2pnq ` 9 group and field elements, where n is the bit length of the range. Proof generation and verification times are linear in n. Bulletproofs greatly… Expand

#### 31 Citations

How to Prove a Secret: Zero-Knowledge Proofs on Distributed Data via Fully Linear PCPs

- Computer Science
- IACR Cryptol. ePrint Arch.
- 2019

The notion of fully linear probabilistically checkable proof systems is introduced and it is observed that zero-knowledge proofs on distributed data provide a general-purpose tool for protecting MPC protocols against malicious parties. Expand

Doubly-Efficient zkSNARKs Without Trusted Setup

- Computer Science
- 2018 IEEE Symposium on Security and Privacy (SP)
- 2018

The Fiat-Shamir heuristic is applied to produce a zero-knowledge succinct non-interactive argument of knowledge (zkSNARK) in the random oracle model, based on the discrete log assumption, which is called Hyrax. Expand

An Improved Non-Interactive Zero-Knowledge Range Proof for Decentralized Applications

- Computer Science
- 2019 IEEE International Conference on Decentralized Applications and Infrastructures (DAPPCON)
- 2019

This paper focuses on a particular kind of ZKP, called zero knowledge range proof (ZKRP), that has been applied in blockchain-based payments for banks, and introduces a new ZKRP which has the following remarkable features. Expand

Scalable, transparent, and post-quantum secure computational integrity

- Computer Science
- IACR Cryptol. ePrint Arch.
- 2018

The first realization of a transparent ZK system (ZK-STARK) in which verification scales exponentially faster than database size is reported, and this exponential speedup in verification is observed concretely for meaningful and sequential computations, described next. Expand

Coloured Ring Confidential Transactions

- Computer Science
- DPM/CBT@ESORICS
- 2018

This work proposes a novel transaction type, which enables privacy preserving trading of independent assets on a common block-chain by extending the ring confidential transaction with an additional commitment to a colour and a publicly verifiable proof of conservation. Expand

How to Squeeze a Crowd: Reducing Bandwidth in Mixing Cryptocurrencies

- Computer Science
- 2018 IEEE European Symposium on Security and Privacy Workshops (EuroS&PW)
- 2018

This work proposes a simple technique for efficiently sampling cover traffic from a finite (and public) set of known values, while deriving a compact description of the resulting transaction set, and describes the construction as a recoverable sampling scheme. Expand

ZoKrates - Scalable Privacy-Preserving Off-Chain Computations

- Computer Science
- 2018 IEEE International Conference on Internet of Things (iThings) and IEEE Green Computing and Communications (GreenCom) and IEEE Cyber, Physical and Social Computing (CPSCom) and IEEE Smart Data (SmartData)
- 2018

ZoKrates is introduced, a toolbox to specify, integrate and deploy off-chain computations, which hides significant complexity inherent to zero-knowledge proofs, provides a more familiar and higher level of programming abstractions to developers and enables circuit integration, hence fostering adoption. Expand

Aurora: Transparent Succinct Arguments for R1CS

- Mathematics, Computer Science
- IACR Cryptol. ePrint Arch.
- 2018

A zero knowledge succinct non-interactive argument (SNARG) for Rank-1 Constraint Satisfaction (R1CS), a widely-deployed NP language undergoing standardization, has a transparent setup, is plausibly post-quantum secure, and uses lightweight cryptography. Expand

An Efficient NIZK Scheme for Privacy-Preserving Transactions Over Account-Model Blockchain

- Computer Science
- IEEE Transactions on Dependable and Secure Computing
- 2021

The NIZK scheme is perfect zero knowledge in the common reference string model, while its soundness holds in the random oracle model, and dramatically improves the time efficiency in generating a proof, at the cost of relatively longer proof size. Expand

PRCash: Centrally-Issued Digital Currency with Privacy and Regulation

- Business, Computer Science
- IACR Cryptol. ePrint Arch.
- 2018

PRCash is the first digital currency to provide control of money supply, transparency, regulation, and privacy at the same time, and thus make its adoption as a fiat currency feasible. Expand

#### References

SHOWING 1-10 OF 50 REFERENCES

Efficient Non-interactive Proof Systems for Bilinear Groups

- Computer Science, Mathematics
- EUROCRYPT
- 2007

The goal of this paper is to spread the use of non-interactive cryptographic proofs from mainly theoretical purposes to the large class of practical cryptographic protocols based on bilinear groups. Expand

Efficient Protocols for Set Membership and Range Proofs

- Mathematics, Computer Science
- ASIACRYPT
- 2008

Two new approaches to buildingset-membership proofs based on bilinear group assumptions are presented, and a discrete logarithm based setting, which is an order ofmagnitude more efficient than previously known ones. Expand

An Efficient Noninteractive Zero-Knowledge Proof System for NP with General Assumptions

- Computer Science, Mathematics
- Journal of Cryptology
- 1998

It is shown how to prove that an n -gate circuit is satisfiable, with error probability 1/nO(1) , using only O(n lg n) random committed bits, which matches to within a constant factor the number of committed bits required by the most efficient known interactive proof systems. Expand

Proofs-of-delay and randomness beacons in Ethereum

- 2017

Blockchains generated using a proofof-work consensus protocol, such as Bitcoin or Ethereum, are promising sources of public randomness. However, the randomness is subject to manipulation by the… Expand

Recursive composition and bootstrapping for SNARKS and proof-carrying data

- Computer Science
- STOC '13
- 2013

This work constructs the first fully-succinct publicly-verifiable SNARK, and recursively compose the SNARK to obtain a "weak" PCD system for shallow distributed computations, and uses the PCD framework to attain stronger notions of SNARKs and PCD systems. Expand

A verifiable secret shuffle and its application to e-voting

- Computer Science
- CCS '01
- 2001

A mathematical construct which provides a cryptographic protocol to verifiably shuffle a sequence of k modular integers is presented, and its application to secure, universally verifiable, multi-authority election schemes is discussed and shown to be honest-verifier zeroknowledge in a special case and in general. Expand

On the Size of Pairing-Based Non-interactive Arguments

- Computer Science, Mathematics
- EUROCRYPT
- 2016

It is shown that linear interactive proofs cannot have a linear decision procedure, and it follows that SNARGs where the prover and verifier use generic asymmetric bilinear group operations cannot consist of a single group element. Expand

Borromean Ring Signatures ∗

- 2015

In 2002, Abe, Ohkubo, and Suzuki developed a new type of ring signature based on the discrete logarithm problem, which used a novel commitment structure to gain significant savings in size and… Expand

From extractable collision resistance to succinct non-interactive arguments of knowledge, and back again

- Computer Science
- ITCS '12
- 2012

This work forms a general and relatively natural notion of an extractable collision-resistant hash function (ECRH) and shows that, if ECRHs exist, then a modified version of Di Crescenzo and Lipmaa's protocol is a succinct non-interactive argument for NP. Expand

Parallel Coin-Tossing and Constant-Round Secure Two-Party Computation

- Computer Science
- CRYPTO
- 2001

In this paper we show that any two-party functionality can be securely computed in a constant number of rounds, where security is obtained against malicious adversaries that may arbitrarily deviate… Expand