Bulletproofs - Reading Assignment

1. What exactly do Bulletproofs do on the Monero blockchain?
   they can increase the privacy of digital currency transactions and at the same time dramatically decrease their size.

2. Which other projects are the Bulletproof authors connected to? (hint: do some googling)
   Greg Maxwell, Andrew Poelstra, Pieter Wuille together with researchers from the Stanford Applied Cryptography Group.

3. How do Bulletproofs compare to zk-SNARKs?
   The use of NIZKP Bulletproofs does not require a trusted setup for parameter generation, like Zcash’s Powers of Tao ceremony. On the other hand, the verification of a Bulletproof is more time consuming than zk-SNARKs.

4. How do Bulletproofs improve scalability of multi-output transactions on Monero?
   By decreasing the size of cryptographic proof about 10 times.

Questions:

1. What exactly do Bulletproofs do on the Monero blockchain?
   Improves Monero’s privacy
   Bulletproofs aggregate all the range proofs of a RingCT(Confidential Transactions) and collectively prove their validity and annonimity “non-interactive zero knowledge proof”
2. Which other projects are the Bulletproof authors connected to? (hint: do some googling)
   Gregory Maxwell, Co-Founder and CTO of Blockstream…the company Blockstream was founded by Hashcash creator Adam Back and eight other people.
   Andrew Poelstra, Director of Research, Blockstream
   Pieter Wuille, Co-Founder and Core Tech Engineer, …worked on BIP32 , SegWit which enabled development of layer two scaling solutions such as Lightening Network…etc…
   Benedikt Bünz, Stanford University
   Jonathan Bootle, University College London
   Dan Boneh, Stanford University

BIP32 Lightening SegWit: Flyclient Blockstream MimbleWimble CoinJoin ZEther, Prio, Balloon Hashing, PowerSpy, Riposte, Gyrophone, etc
3. How do Bulletproofs compare to zk-SNARKs?
The use of NIZKP Bulletproofs does not require a trusted setup for parameter generation, like Zcash’s Powers of Tao ceremony. zk-SNARKs rely on a trusted setup for parameter generation while bulletproofs don’t.
On the other hand, Bulletproof verification is more time consuming than zk-SNARKs Bulletproofs improve scalability by reducing the size of the cryptographic proof from 10kB of the range proofs RingCT produces to 1kB.
4. How do Bulletproofs improve scalability of multi-output transactions on Monero?
NIZKP Bulletproof verification is more time consuming than zk-SNARKs Bulletproofs improve scalability by reducing the size of the range proofs of the cryptographic proof RingCT produces from 10kB to 1kB. Previous size of multi-output XMR transactions scaled mostly linearly depending on the number of outputs (ex: 1 output = 7kB, 2 outputs = 13kB). Under bulletproofs, transaction sizes scale logarithmically instead (ex: 1 output = 2kB, 2 outputs = 2.5kB).

Bulletproofs - Reading

1. On the Monero Blockchain, Bulletproofs increase the privacy of digital currency transaction and at the sametime decrease their size.

2. Other projects that the Bulletproof authors connected to are.

• BTCcoreDevs
• Blockstream
• MAST(Taproot)

3. In comparison to ZK - SNARKS, Bulletproofs do not require a trusted setup for parameter generation, like ZK’s Power of Tao Ceremony.

4. The way Bulletproofs improve scalability of multi-output transaction under Monero is, transaction sizes will scale logarithmically (example 1output = 2KB, 2 output = 2.5KB). This will give the potential to increase Monero scalability.

1. They address the drawbacks of RingCT which is the large size of range proofs RingCT produces. Bulletproofs increase privacy while decreasing size.
2. Pressed for time. Would like help with this one.
3. Bulletproofs do not require trusted set up for parameter generation but is more time consuming when compared to zk-SNARKS.
4. Bulletproofs improve scalability on Monero because they have a low fingerprint (size).

Bulletproofs - Reading Assignment

1. What exactly do Bulletproofs do on the Monero blockchain?
   Bulletproofs can increase the privacy of digital currency transactions and at the same time dramatically decrease their size.

2. Which other projects are the Bulletproof authors connected to? (hint: do some googling)

   • Blockstream
   • They also worked together on writing the Schnorr Paper (reference: Coin Delite article) that shows how to apply so called “Schnorr multi-signatures” to Bitcoin.

3. How do Bulletproofs compare to zk-SNARKs?
   The use of NIZKP Bulletproofs does not require a trusted setup for parameter generation.
   On the other hand, the verification of a Bulletproof is more time consuming than zk-SNARKs.

4. How do Bulletproofs improve scalability of multi-output transactions on Monero?
   Bulletproofs technology has the potential to greatly contribute to Monero’s scalability.
   1 output from 7kB down to 2kB and 2 outputs from 13kB down to 2.5 kB.

Pressed for time. Would like help with this one.

You can check on Google if you find anything about Greg Maxwell, Andrew Poelstra and Pieter Wuille, who are the Authors of Bulletproofs

1. What exactly do Bulletproofs do on the Monero blockchain?
   They increase the privacy of transactions and reduce the size
2. Which other projects are the Bulletproof authors connected to? (hint: do some googling)
   Blockstream, Bitcoin Core, Segregated Witness
3. How do Bulletproofs compare to zk-SNARKs?
   Bulletproofs do not require a trusted setup for parameter generation but the verification is more time consuming.
4. How do Bulletproofs improve scalability of multi-output transactions on Monero?
   They greatly decrease the size of a cryptographic proof improving scalibility.

1. Bulletproofs are an improvement to the range proofs as they can increase the privacy of transactions and significantly reduce the size of the proof. However, using Bulletproof is very time-consuming to verify.

2. The Bulletproof whitepaper outlines that the authors were also involved with Blockstream.

3. The verification time is longer for a Bulletproof in comparison to zk-SNARKs, however, it does not require a trusted setup for parameter generation.

4. Bulletproofs allows the size of transactions to be increased logarithmically rather than linearly. Essentially, it improves Monero’s scalability by reducing transaction sizes as the number of users grows.

1. They allow the number of decoy signatures to increase in a Ring signature while reducing the overall size of the transaction. This is due to the fact that it is a ZKP and is requires less information to verify.
2. It is a group of Phd students from Stanford university that focus on security minded mechanisms. They do research on cryptography with a wide purview not limited to just cryptocurrencies. Greg Maxwell was also a publisher on the research paper for bulletproof and the original testnet for the paper was BTC.
3. They are cousins born from the same base program the fiat shamir heuristic.
4. It dramatically reduces the Tx size and allows for linear scaling of transactions. Instead of 7kB transactions adding onto of each other in a block, a 2kB transaction would have very little additional storage requirements when the second transaction is added to the block.

1. What exactly do Bulletproofs do on the Monero blockchain?

They can increase the amount of decoy (increasing privacy) while saving space in the block sizes.

2. Which other projects are the Bulletproof authors connected to? (hint: do some googling)

Bitcoin, Grin, MimmbleWimmble, BIP32, Segregated Witness, Schnorr signatures

3. How do Bulletproofs compare to zk-SNARKs?

They don’t need a trusted setup for parameter creation but unfortunately it is more time consuming than ZKSNARKS

4. How do Bulletproofs improve scalability of multi-output transactions on Monero?

They reduce the size of the of a cryptographic proof from 10KB to less than 1KB which makes the transaction size smaller.

1. Reduce the size of the range proof.
2. Gregory Maxwell, Andrew Poelstra, Pieter Wuille
3. Verifying a Bulletproof takes longer than zk-SNARKs.
4. It decreases the size of cryptographic proof about 10 times.

1. Increase the privacy of digital currency transactions and at the same time dramatically decrease their size.

2. Greg Maxwell, Andrew Poelstra and Pieter Wuille along with researchers from the Stanford Applied Cryptography Group.

3. Bulletproofs don’t require a trusted setup for parameter generation, but verification of a Bulletproof is more time consuming than zk-SNARKs.

4. Under the Bulletproof update, transaction size will no longer increase in a linear way. Instead it will increase in a logarithmic manner thereby greatly improving scalability.

1. Bulletproofs use non-interactive zero-knowledge proofs (NIZKPs) to

“to aggregate all the range proofs of a Confidential Transaction and collectively prove their validity”

This increases user privacy whilst also decreasing the (computing) size of range proofs.

2. The authors of Bulletproofs - Benedikt Bunz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille and Greg Maxwell - are connected to other projects including Blockstream, Mimble Wimble and SegWit.

3. zk-SNARKS are

“the only practical way to completely unlink the identities engaged in a digital currency transaction.”

BUT

“there are serious trade-offs with this approach, such as the requirement of a trusted parameter generation ceremony.”

This is in comparison to bulletproofs where

“the use of NIZKP Bulletproofs does not require a trusted setup for parameter generation, like Zcash’s Powers of Tao ceremony. On the other hand, the verification of a Bulletproof is more time consuming than zk-SNARKs.”

4. Bulletproofs improve scalability of multi-output transactions by decreasing the size of the UTXO set:

“if implemented, total size of Bitcoin’s UTXO set would be only 17 GB (compared to 160 GB) if Confidential Transactions were to be implemented”

"the size of XMR transactions scales mostly linearly… Under bulletproofs, transaction sizes will then scale logarithmically instead (ex: 1 output = 2kB, 2 outputs = 2.5kB).

1. Bulletproofs on the Monero blockchain are a big deal as they increase privacy of tx and at the same time they are dramaticly decreased in size. Ring signatures, confidential transactions, stealth addresses.

2. Greg Maxwell, Andrew Poelstra and Pieter Wuille teamed up with researchers from the Stanford Applied Cryptography Group.

3. zk.SNARKs require a trusted setup for parameter generation where bulletproofs don’t but take more time for verification process.

4. Bulletproofs can reduce the size of cryptographic proof while increasing privacy.

1. They implement non-interactive zero-knowledge proof technology to make transactions more private and also improve the scalability of the blockchain.

2. I found Andrew Pooelstra who now works at Blockstream, and found this of him talking about Mimble Wimble…which I glimpsed later on in this course so I checked it out. Exciting stuff! https://tv.bit2me.com/andrew-poelstra-mimblewimble/

3. They take more time to verify - but don’t rely on trusted set-up like zCash.

4. They reduce the size of transactions so that with the number of outputs the transaction doesn’t necessarily increase in size linearly.

link to original reading assignment is broken!!

1. Bulletproofs are short non-interactive zero-knowledge proofs that require no trusted setup.
2. Benedikt Bunz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wuille, Greg Maxwell.
   taken from a Standford applied crypto group whitepaper:
   https://eprint.iacr.org/2017/1066.pdf
3. zk. SNARKs requires trusted setup and it’s a faster prover/verification time process
4. they reduce Proof Size
   https://ethereum.stackexchange.com/questions/59145/zk-snarks-vs-zk-starks-vs-bulletproofs-updated

1. They reduce the size of the range RingCT produces and increase the privacy

2. Greg Maxwell, Andrew Poelstra and Pieter Wuille along with researchers from the Stanford Applied Cryptography Group.

3. They both have pus and minuses zk-SNARKs is in need of a trusted environment where bulletproof takes more time in the verification process

4. Reduce size from 10Kb to less then 1Kb still increasing privacy

1. The Bulletproofs can increase the privacy of digital currency transactions and at the same time dramatically decrease their size.
2. Greg Maxwell, Andrew Poelstra, Pieter Wuille and a team of researchers from Stanford Applied Cryptography Group
3. Bulletproofs is more time consuming to verify, while zk-SNARKs require a trusted environment to set up the parameters.
4. Reduce size from over 10kB to less than 1kB, while increasing the privacy.

. BP is like Segwit but for Monero. It is an optimization scheme. It reduces drastically the size of transaction on the BC, while keeping deep privacy, which is typically expensive on a BC.

. Schnorr(multisig optimization for bitcoin), erlay (efficient transaction relay for bitcoin).

. BP does not require a trusted setup. So the verifier is not verifying a known statement, he just has to verify the validity of the commitment. In that sense BP is non interactive and succinct.

. Because the more data to verify you add, the size of the verifiable commitment grows by lesser and lesser margins(logarithmic growth).

1. They increase privacy of digital currency transactions and decrease the size of transactions
2. Quarkslab
3. Bulletproofs do not require a trusted setup for parameter generation, but it is more time consuming than zk-SNARKs.
4. Scale transactions will be logarithmically