Bulletproofs - Reading Assignment

1. What exactly do Bulletproofs do on the Monero blockchain?

They can increase the privacy of digital currency transactions and at the same time dramatically decrease their size.

2. Which other projects are the Bulletproof authors connected to? (hint: do some googling)

Blockstream

Miniscript

3. How do Bulletproofs compare to zk-SNARKs?

The verification of a Bulletproof is more time consuming than zk-SNARKs, but Bulletproofs does not require a trusted setup for parameter generation.

4. How do Bulletproofs improve scalability of multi-output transactions on Monero?

Bulletproof can greatly decrease the size of a cryptographic proof from over 10kB to less than 1kB.

1.) increase the size of range proofs and decrease Transaction size
2.) CoinJoin, Blockstream
3.) Do not require a trusted setup for Parameter Generation. Verification is more time consuming than zk-SNARKs
4.) The size of the proof system is smaller

1. Bulletproofs are intended to be a means of decreasing the size cost of obscuring transaction amounts relative to RingCT.

2. Greg Maxwell is connected to other Bitcoin projects such as CoinJoin, CT, two way pegs for sidechains. Andrew Poelstra is involved with Blockstream and Mimble Wimble. Pieter Wuille, resaaponsible for SegWit, HD wallets, involved with Blockstream. Benedikt Bunz is also involved with Findora and Zether. Dan Boneh, Professor of appied cryptography, also involved with Zether, Jonathan Bootle is working on efficient zero knowledge proofs.

3. Unlike zk-SNARKS, Bulletproofs don’t require a trusted setup. However, Bulletproof verification is more time consuming.

4. The current range proof system of Monero mostly scales linearly, while Bulletproofs could scale logarithmically, contributing to scalability.

1. Increase the privacy and decrease the size of the tx by deacreasing range proofs of RingCT tx
2. Greg Maxwell, Andrew Poelstra and Pieter Wuille with researchers from the Stanford Applied Cryptography Group
3. Bulletproof don´t need a trusted setup for the parameter generation and in the other side the verification is more time consuming than zk-SNARKs
4. It can scale verticaly by reducing size and bundle by sharing the tx

1. Bulletproof - a new non-interactive zero-knowledge proof protocol with very
   short proofs and without a trusted setup; the proof size is only logarithmic in the witness size.

• Gregory Maxwell - Blockstream, Taproot
• Andrew Poelstra - Mimble Wimble
• Pieter Wuille - Taproot/Schnorr

3. The use of NIZKP Bulletproofs does not require a trusted setup for parameter generation , like Zcash’s Powers of Tao ceremony. On the other hand, the verification of a Bulletproof is more time consuming than zk-SNARKs. Bulletproofs can be seen as an approach to vertical scalability as they can greatly decrease the size of a cryptographic proof.

4. Under the current range proof format, the size of XMR transactions scales mostly linearly depending on the number of outputs (ex: 1 output = 7kB, 2 outputs = 13kB). Under bulletproofs, transaction sizes will then scale logarithmically instead (ex: 1 output = 2kB, 2 outputs = 2.5kB).
   The space savings granted by Bulletproofs may also enable the implementation of additional obfuscation mechanisms. Increasing the mandatory number of outputs in a transaction can make it significantly harder to trace balances by analyzing the blockchain. Decoys are used in Ring Signature inputs, but not in a transaction’s outputs. Implementing a system of decoy outputs will certainly increase the size of a transaction, but this increase may be trivial post Bulletproof activation.

1. What exactly do Bulletproofs do on the Monero blockchain?
   Bulletproofs are a big deal, as they can increase the privacy of digital currency transactions and at the same time dramatically decrease their size.
2. Which other projects are the Bulletproof authors connected to? (hint: do some googling)
   Simple Schnorr multi-signatures with applications to Bitcoin
   High-performance cryptography library libsecp256k1
   Mimble Wimble.
3. How do Bulletproofs compare to zk-SNARKs?
   The use of NIZKP Bulletproofs does not require a trusted setup for parameter generation like Zcash’s Powers of Tao ceremony.
   The verification of a Bulletproof is more time consuming than zk-SNARKs
4. How do Bulletproofs improve scalability of multi-output transactions on Monero?
   under the current range proof format, the size of XMR transactions scales mostly linearly depending on the number of outputs (ex: 1 output = 7kB, 2 outputs = 13kB). Under bulletproofs, transaction sizes will then scale logarithmically instead (ex: 1 output = 2kB, 2 outputs = 2.5kB). Therefore, this technology has the potential to greatly contribute to Monero’s scalability.

1. They increase the privacy level of transaction with the decrease of size in cryptographic proofs.
2. Both Gregory Maxwell, Andrew Poelstra, Pieter Wuille were involved in Bitcoin’s development projects.
3. Bulletproofs do not require a trusted setup for parameter generation like zk-SNARKS do. However, Bulletproofs consume more time for verification as compared to zk-SNARKS.
4. Bulletproofs have much lower size, as transaction sizes scales logarithmically rather than depending on output numbers.

What exactly do Bulletproofs do on the Monero blockchain?

It increases the privacy of digital currency transactions and tries to solve the issue of the size of range proofs on RingCT. It can be seen as an approach to vertical scalability as they can greatly decrease the size of a cryptographic proof from over 10kB to less than 1kB

Which other projects are the Bulletproof authors connected to? (hint: do some googling)

Blockstream

How do Bulletproofs compare to zk-SNARKs?

• Bulletproofs does not require a trusted setup for parameter generation
• The verification of a Bulletproof is more time consuming than zk-SNARKs

How do Bulletproofs improve scalability of multi-output transactions on

Monero?

Increasing the number of outputs in a transaction can make it significantly harder to trace balances by analyzing the blockchain, but it would increase the size of the blockchain. However, this increase may be trivial post Bulletproof activation.

1. They can increase the privacy of digital currency transactions and at the same time dramatically decrease their size.
2. Mimble Wimble, Segwit, Coinjoin.
3. The use of NIZKP Bulletproofs does not require a trusted setup for parameter generation. The verification of a Bulletproof is more time consuming than zk-SNARKs.
4. They can greatly decrease the size of a cryptographic proof from over 10kB to less than 1kB.

1. Bulletproofs replaced Ring CT and reduce the size of transactions.

2. BTC Dev’s, Mimblewimble, Taproot, blockstream.

3. ZK-Snarks require trust and bulletproofs are more time consuming.

4. Bulletproofs improve scalability by reducing TX size

1. What exactly do Bulletproofs do on the Monero blockchain? They can increase the privacy transactions, but also decrease size at the same time.
2. Which other projects are the Bulletproof authors connected to? tracking ransomeware funds with exchanges such as Binance, helping to fight money launderers.
3. How do Bulletproofs compare to zk-SNARKs? ZK-Snarks requires more trust.
4. How do Bulletproofs improve scalability of multi-output transactions on Monero? the space savings allows for multiple decoy transactions, which makes everything harder to track. Its an exponential improvement.

1. They increase privacy of digital currency transactions and at the same time dramatically decrease their size.

2. Greg Maxwell, Andrew Poelstra, Peter Wuille along with researchers from the Stanford Cryptography Group, Benedict Bunz, Jonathan Bootle and Dan Boneh developed Bulletproof. Greg Maxwell was also involved in Blockstream, the Mozilla Foundation and Xiph.
   Andrew Poelstra; Blockstream and Mimble Wimbledon
   Peter Wuille: Blockstream and Codechain Labs

3. Bulletproofs have a more time consuming verification process. ZkSNARKS require a trusted set up for parameter generation while bulletproofs do not.

4. Bulletproofs can be seen as an approach to vertical scalability as they can decrease the size of a cryptographic proof from over 10kB to less than 1kB. This space saving can be used to improve the scalability of multi output transactions.

1. What exactly do Bulletproofs do on the Monero blockchain?
They increase the privacy of Monero transactions and decrease their size dramatically.

2. Which other projects are the Bulletproof authors connected to? (hint: do some googling)
Dr. Adam Back (Blockstream Co-founder and HashCash inventor), Greg Maxwell (Bitcoin Core dev, former Blockstream CTO).

3. How do Bulletproofs compare to zk-SNARKs?
The use of NIZKP Bulletproofs does not require a trusted setup for parameter generation like Zcash’s Powers of Tao ceremony but the verification of a Bulletproof is more time consuming than zk-SNARKs.

4. How do Bulletproofs improve scalability of multi-output transactions on Monero?
Under Bulletproofs, transaction sizes will scale logarithmically instead of linearly (ex: 1 output = 2kB, 2 outputs = 2.5kB). Therefore, the technology has the potential to greatly contribute to Monero’s scalability.

1.) Bulletproofs are able to further increase the privacy of Monero transactions while decreasing their size. The ring signatures in confidential transactions produce lengthy range proofs, and bulletproofs help to reduce these by-products.
2.) Bulletproof authors are connected to other projects such as: Mimble Wimble code for privacy on blockchains (Andrew Poelstra), sidechain developments that look to improve Bitcoins scalability (Gregory Maxwell), and establishing blockchain upgrades like taproot/HD wallets (Peter Wuille).
3.) Compared to zk-SNARK’s, NIZKP bulletproofs don’t require a trusted entity to set up parameter generations (advantage for bulletproofs). A disadvantage of NIZKP bulletproofs when compared with zk-SNARK’s is that the bulletproof’s verification process takes a lot longer than zk-SNARK’s.
4.) Bulletproofs improve scalability of multi-output transactions on Monero by allowing its transactions to scale logarithmically rather than linearly. Transactions that scale linearly have larger outputs on each of their transactions (1 output = 7kB) than transactions scaling logarithmically (1 output = 2Kb).

1. What exactly do Bulletproofs do on the Monero blockchain? : They can increase the privacy of digital currency transactions while at the same time dramatically decrease their size.

2. Which other projects are the Bulletproof authors connected to? (hint: do some googling) : Bulletproofs authors : Benedikt Bünz and Dan Boneh from Stanford University. Jonathan Bootle from University College London. Andrew Poelstra and Pieter Wuille from Blockstream and Greg Maxwell.

3. How do Bulletproofs compare to zk-SNARKs? : Bulletproofs do not require a trusted setup for parameter generation while the verification of a Bulletproof is more time consuming than zk-SNARKs.

4. How do Bulletproofs improve scalability of multi-output transactions on Monero? : Under the current range proof format, the size of XMR transactions scales mostly linearly depending on the number of outputs (ex: 1 output = 7kB, 2 outputs = 13kB). Under bulletproofs, transaction sizes will then scale logarithmically instead (ex: 1 output = 2kB, 2 outputs = 2.5kB). Therefore, this technology has the potential to greatly contribute to Monero’s scalability.

What exactly do Bulletproofs do on the Monero blockchain?**

Bulletproofs will address the size issue caused by the inclusion of RingCT on the Monero blockchain.
Where transaction sizes increase linearly with each added decoy address, a bulletproof would increase logarithmically - effectively being able to fit many more decay addresses into the same transaction size.

They work by reducing the size of range proofs, by aggregating all of them and using non-interactive zero knowledge proofs (NIZKP) to collectively prove their validity.

Which other projects are the Bulletproof authors connected to? (hint: do some googling)**

• Andrew Poelstra is connected to Mimble Wimble,
• Gregory Maxwell is a former bitcoin core developer who continues to look into bitcoin scalability.
• Peter Wuille established bitcoin upgrades such as taproot and HD wallets.

How do Bulletproofs compare to zk-SNARKs?**

Bulletproofs don’t require a trusted setup for parameter generation - however, verification with NIZKP bulletproofs is more time consuming than zk-SNARK’s.

How do Bulletproofs improve scalability of multi-output transactions on Monero?**

Bulletproofs drastically improve the scalability of multi-output transactions on Monero, given that the transaction size will scale logarithmically, rather than linearly.

e.g.

• Linear => 1 output = 7kB… 2 outputs = 13kB,
• Logarithmic (Bulletproof) => 1 output = 2kB… 2 outputs = 2.5kB.

1. They can increase the privacy of digital currency transactions and at the same time dramatically decrease their size.

2. Authors of Bulletproof are also connected to: Mimble Wimble, Blockstream, Codechain Labs, Taproot

3. Bulletproofs do not require a trusted setup for parameter generation while the verification of a Bulletproof is more time consuming than zk-SNARKs.

4. Bulletproofs improve scalability of multi-output transactions on Monero by allowing its transactions to scale logarithmically rather than linearly. Transactions that scale linearly have larger outputs on each of their transactions (1 output = 7kB) than transactions scaling logarithmically (1 output = 2Kb).

1. Bulletproofs are a type of zero-knowledge proof that can be used to prove the correctness of a statement without revealing any information about the statement itself. In the context of the Monero blockchain, Bulletproofs are used to enable confidential transactions, which obscure the amounts being transferred in a transaction.

2. Bulletproofs were developed by a group of researchers including Benedikt Bünz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille, and Greg Maxwell. These researchers have also worked on other projects in the field of cryptography and blockchain technology.

3. Bulletproofs are similar to zk-SNARKs in that they both allow a prover to prove the correctness of a statement without revealing any information about the statement itself. However, Bulletproofs have some advantages over zk-SNARKs in terms of efficiency and scalability. Specifically, Bulletproofs are typically faster and require less space to prove statements, which can make them more suitable for use in certain applications.

4. Bulletproofs can improve the scalability of multi-output transactions on the Monero blockchain by allowing the transactions to be verified more efficiently. This is because Bulletproofs allow the verifier to efficiently check the correctness of the transactions without needing to know the actual amounts being transferred. This can reduce the amount of data that needs to be stored and transmitted, which can make the transactions faster and more scalable.

1. What exactly do Bulletproofs do on the Monero blockchain?
   Bulletproofs can increase the privacy of digital currency transactions and at the same time dramatically decrease their size.

2. Which other projects are the Bulletproof authors connected to? (hint: do some googling)
   Mimble Wimble, Taproot, Codechain Labs.

3. How do Bulletproofs compare to zk-SNARKs?
   The use of NIZKP Bulletproofs does not require a trusted setup for parameter generation like Zcash. Nonetheless, the verification of a Bulletproof is more time consuming than zk-SNARKs.

4. How do Bulletproofs improve scalability of multi-output transactions on Monero?
   Under the current range proof format, the size of XMR transactions scales mostly linearly depending on the number of outputs (ex: 1 output = 7kB, 2 outputs = 13kB). Under bulletproofs, transaction sizes will then scale logarithmically instead (ex: 1 output = 2kB, 2 outputs = 2.5kB). Therefore, this technology has the potential to greatly contribute to Monero’s scalability.

1. What exactly do Bulletproofs do on the Monero blockchain?
They increase privacy and also decrease their size needed on the blockchain.
2. Which other projects are the Bulletproof authors connected to? (hint: do some googling)
Gregory Maxwell, Andrew Poelstra and Pieter Wuille are connected to Blockstream and are connected with researchers from Stanford Applied Cryptography Group.
3. How do Bulletproofs compare to zk-SNARKs?
Bulletproofs are smaller and better for scalability, require no trusted setup for parameter generation, but are more time consuming.
4. How do Bulletproofs improve scalability of multi-output transactions on Monero?
Bulletproofs are smaller and the cryptographic proof is far smaller than on for example Bitcoin.