A speedy implementation of the Bulletproofs+ range proving system that does fun tricks.
In particular, it supports: - Proof aggregation. You can generate a proof containing multiple range assertions in an efficient way. - Extended commitments. Commitments may contain multiple masks. - Batch verification. Verifying a set of multiple proofs is extremely fast. - Minimum value promises. You can additionally prove that a commitment binds to at least a specified value. - Mask extraction. If the prover and verifier agree on a shared secret, the verifier can use it to recover the mask used for the commitment in a non-aggregated proof.
Unlike the original Bulletproofs range proving system, Bulletproofs+ is:
- Smaller. Regardless of the aggregation factor, a Bulletproofs+ proof is 96 bytes shorter.
- Faster. Compared to a fork of the dalek-cryptography Bulletproofs implementation, this implementation verifies non-aggregated proofs in only ~85% of the time.
As always, your mileage may vary.
This implementation takes its cue from the dalek-cryptography Bulletproofs implementation, as well as the Monero Bulletproofs+ implementation.
All original source code files are marked with
Copyright 2022 The Tari Project
SPDX-License-Identifier: BSD-3-Clause
All re-used and or adapted dalek-cryptography source code files are marked with
Copyright 2022 The Tari Project
SPDX-License-Identifier: BSD-3-Clause
Modified from:
Copyright (c) 2018 Chain, Inc.
SPDX-License-Identifier: MIT