mirror of
https://github.com/monero-project/monero-docs.git
synced 2025-02-04 12:16:45 +00:00
9 lines
No EOL
21 KiB
HTML
9 lines
No EOL
21 KiB
HTML
<!doctype html><html lang=en class=no-js> <head><meta charset=utf-8><meta name=viewport content="width=device-width,initial-scale=1"><meta name=description content="Unofficial Monero Documentation"><meta name=author content="Piotr 'Qertoip' Włodarek"><link href=https://monerodocs.org/todo/bulletproofs/ rel=canonical><link rel="shortcut icon" href=../../assets/favicon.png><meta name=generator content="mkdocs-1.1.2, mkdocs-material-6.2.5"><title>Bulletproofs - Monero Documentation</title><link rel=stylesheet href=../../assets/stylesheets/main.15aa0b43.min.css><link rel=stylesheet href=../../assets/stylesheets/palette.75751829.min.css><meta name=theme-color content=#ffffff><link rel=preconnect href=https://fonts.gstatic.com crossorigin><link rel=stylesheet href="https://fonts.googleapis.com/css?family=Roboto:300,400,400i,700%7CRoboto+Mono&display=fallback"><style>body,input{font-family:"Roboto",-apple-system,BlinkMacSystemFont,Helvetica,Arial,sans-serif}code,kbd,pre{font-family:"Roboto Mono",SFMono-Regular,Consolas,Menlo,monospace}</style><link rel=stylesheet href=../../overrides.css></head> <body dir=ltr data-md-color-scheme data-md-color-primary=white data-md-color-accent=indigo> <input class=md-toggle data-md-toggle=drawer type=checkbox id=__drawer autocomplete=off> <input class=md-toggle data-md-toggle=search type=checkbox id=__search autocomplete=off> <label class=md-overlay for=__drawer></label> <div data-md-component=skip> </div> <div data-md-component=announce> </div> <header class=md-header data-md-component=header> <nav class="md-header-nav md-grid" aria-label=Header> <a href=https://monerodocs.org title="Monero Documentation" class="md-header-nav__button md-logo" aria-label="Monero Documentation"> <img src=../../images/monero.svg alt=logo> </a> <label class="md-header-nav__button md-icon" for=__drawer> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M3 6h18v2H3V6m0 5h18v2H3v-2m0 5h18v2H3v-2z"/></svg> </label> <div class=md-header-nav__title data-md-component=header-title> <div class=md-header-nav__ellipsis> <div class=md-header-nav__topic> <span class=md-ellipsis> Monero Documentation </span> </div> <div class=md-header-nav__topic> <span class=md-ellipsis> Bulletproofs </span> </div> </div> </div> <label class="md-header-nav__button md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg> </label> <div class=md-search data-md-component=search role=dialog> <label class=md-search__overlay for=__search></label> <div class=md-search__inner role=search> <form class=md-search__form name=search> <input type=text class=md-search__input name=query aria-label=Search placeholder=Search autocapitalize=off autocorrect=off autocomplete=off spellcheck=false data-md-component=search-query data-md-state=active required> <label class="md-search__icon md-icon" for=__search> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0116 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.516 6.516 0 019.5 16 6.5 6.5 0 013 9.5 6.5 6.5 0 019.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5z"/></svg> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11h12z"/></svg> </label> <button type=reset class="md-search__icon md-icon" aria-label=Clear data-md-component=search-reset tabindex=-1> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M19 6.41L17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12 19 6.41z"/></svg> </button> </form> <div class=md-search__output> <div class=md-search__scrollwrap data-md-scrollfix> <div class=md-search-result data-md-component=search-result> <div class=md-search-result__meta> Initializing search </div> <ol class=md-search-result__list></ol> </div> </div> </div> </div> </div> <div class=md-header-nav__source> <a href=https://github.com/monerodocs/md/ title="Go to repository" class=md-source> <div class="md-source__icon md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 448 512"><path d="M439.55 236.05L244 40.45a28.87 28.87 0 00-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 01-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 000 40.81l195.61 195.6a28.86 28.86 0 0040.8 0l194.69-194.69a28.86 28.86 0 000-40.81z"/></svg> </div> <div class=md-source__repository> monerodocs/md </div> </a> </div> </nav> </header> <div class=md-container data-md-component=container> <main class=md-main data-md-component=main> <div class="md-main__inner md-grid"> <div class="md-sidebar md-sidebar--primary" data-md-component=navigation> <div class=md-sidebar__scrollwrap> <div class=md-sidebar__inner> <nav class="md-nav md-nav--primary" aria-label=Navigation data-md-level=0> <label class=md-nav__title for=__drawer> <a href=https://monerodocs.org title="Monero Documentation" class="md-nav__button md-logo" aria-label="Monero Documentation"> <img src=../../images/monero.svg alt=logo> </a> Monero Documentation </label> <div class=md-nav__source> <a href=https://github.com/monerodocs/md/ title="Go to repository" class=md-source> <div class="md-source__icon md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 448 512"><path d="M439.55 236.05L244 40.45a28.87 28.87 0 00-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 01-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 000 40.81l195.61 195.6a28.86 28.86 0 0040.8 0l194.69-194.69a28.86 28.86 0 000-40.81z"/></svg> </div> <div class=md-source__repository> monerodocs/md </div> </a> </div> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../.. class=md-nav__link> Home </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-2 type=checkbox id=nav-2> <label class=md-nav__link for=nav-2> Interacting <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Interacting data-md-level=1> <label class=md-nav__title for=nav-2> <span class="md-nav__icon md-icon"></span> Interacting </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../interacting/download-monero-binaries/ class=md-nav__link> Download </a> </li> <li class=md-nav__item> <a href=../../interacting/verify-monero-binaries/ class=md-nav__link> Verify </a> </li> <li class=md-nav__item> <a href=../../interacting/overview/ class=md-nav__link> Overview </a> </li> <li class=md-nav__item> <a href=../../interacting/monero-config-file/ class=md-nav__link> Config file </a> </li> <li class=md-nav__item> <a href=../../interacting/monerod-reference/ class=md-nav__link> monerod </a> </li> <li class=md-nav__item> <a href=../../interacting/monero-wallet-cli-reference/ class=md-nav__link> monero-wallet-cli </a> </li> <li class=md-nav__item> <a href=../../interacting/monero-wallet-gui-reference/ class=md-nav__link> monero-wallet-gui </a> </li> <li class=md-nav__item> <a href=../../interacting/monero-wallet-rpc-reference/ class=md-nav__link> monero-wallet-rpc </a> </li> <li class=md-nav__item> <a href=../../interacting/monero-blockchain-export-reference/ class=md-nav__link> monero-blockchain-export </a> </li> <li class=md-nav__item> <a href=../../interacting/monero-blockchain-import-reference/ class=md-nav__link> monero-blockchain-import </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../../technical-specs/ class=md-nav__link> Technical specs </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-4 type=checkbox id=nav-4> <label class=md-nav__link for=nav-4> Cryptography <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Cryptography data-md-level=1> <label class=md-nav__title for=nav-4> <span class="md-nav__icon md-icon"></span> Cryptography </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../cryptography/introduction/ class=md-nav__link> Introduction </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-4-2 type=checkbox id=nav-4-2> <label class=md-nav__link for=nav-4-2> Asymmetric <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Asymmetric data-md-level=2> <label class=md-nav__title for=nav-4-2> <span class="md-nav__icon md-icon"></span> Asymmetric </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../cryptography/asymmetric/introduction/ class=md-nav__link> Introduction </a> </li> <li class=md-nav__item> <a href=../../cryptography/asymmetric/private-key/ class=md-nav__link> Private keys </a> </li> <li class=md-nav__item> <a href=../../cryptography/asymmetric/public-key/ class=md-nav__link> Public keys </a> </li> <li class=md-nav__item> <a href=../../cryptography/asymmetric/edwards25519/ class=md-nav__link> Edwards25519 curve </a> </li> <li class=md-nav__item> <a href=../../cryptography/asymmetric/key-image/ class=md-nav__link> Key image </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../../cryptography/base58/ class=md-nav__link> Base58 </a> </li> <li class=md-nav__item> <a href=../../cryptography/prng/ class=md-nav__link> PRNG </a> </li> <li class=md-nav__item> <a href=../../cryptography/keccak-256/ class=md-nav__link> Keccak-256 </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-5 type=checkbox id=nav-5> <label class=md-nav__link for=nav-5> Address <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Address data-md-level=1> <label class=md-nav__title for=nav-5> <span class="md-nav__icon md-icon"></span> Address </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../public-address/standard-address/ class=md-nav__link> Standard </a> </li> <li class=md-nav__item> <a href=../../public-address/subaddress/ class=md-nav__link> Subaddress </a> </li> <li class=md-nav__item> <a href=../../public-address/integrated-address/ class=md-nav__link> Integrated </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-6 type=checkbox id=nav-6> <label class=md-nav__link for=nav-6> Proof of Work <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label="Proof of Work" data-md-level=1> <label class=md-nav__title for=nav-6> <span class="md-nav__icon md-icon"></span> Proof of Work </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../proof-of-work/what-is-pow/ class=md-nav__link> What is PoW? </a> </li> <li class=md-nav__item> <a href=../../proof-of-work/pow-in-cryptocurrencies/ class=md-nav__link> PoW in Cryptocurrencies </a> </li> <li class=md-nav__item> <a href=../../proof-of-work/cryptonight/ class=md-nav__link> CryptoNight </a> </li> <li class=md-nav__item> <a href=../../proof-of-work/random-x/ class=md-nav__link> RandomX </a> </li> </ul> </nav> </li> <li class=md-nav__item> <a href=../../multisignature/ class=md-nav__link> Multisignature </a> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-8 type=checkbox id=nav-8> <label class=md-nav__link for=nav-8> Infrastructure <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label=Infrastructure data-md-level=1> <label class=md-nav__title for=nav-8> <span class="md-nav__icon md-icon"></span> Infrastructure </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../infrastructure/networks/ class=md-nav__link> Mainnet, stagenet, testnet </a> </li> <li class=md-nav__item> <a href=../../infrastructure/tor-onion-p2p-seed-nodes/ class=md-nav__link> Tor onion seed nodes </a> </li> <li class=md-nav__item> <a href=../../infrastructure/monero-pulse/ class=md-nav__link> MoneroPulse </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-9 type=checkbox id=nav-9> <label class=md-nav__link for=nav-9> Running a Node <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label="Running a Node" data-md-level=1> <label class=md-nav__title for=nav-9> <span class="md-nav__icon md-icon"></span> Running a Node </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../running-node/open-node-tor-onion/ class=md-nav__link> Open Node + Tor Onion </a> </li> </ul> </nav> </li> <li class="md-nav__item md-nav__item--nested"> <input class="md-nav__toggle md-toggle" data-md-toggle=nav-10 type=checkbox id=nav-10> <label class=md-nav__link for=nav-10> Accepting Monero <span class="md-nav__icon md-icon"></span> </label> <nav class=md-nav aria-label="Accepting Monero" data-md-level=1> <label class=md-nav__title for=nav-10> <span class="md-nav__icon md-icon"></span> Accepting Monero </label> <ul class=md-nav__list data-md-scrollfix> <li class=md-nav__item> <a href=../../accepting-monero/overview/ class=md-nav__link> Overview </a> </li> </ul> </nav> </li> </ul> </nav> </div> </div> </div> <div class=md-content> <article class="md-content__inner md-typeset"> <a href=https://github.com/monerodocs/md/edit/master/docs/todo/bulletproofs.md title="Edit this page" class="md-content__button md-icon"> <svg xmlns=http://www.w3.org/2000/svg viewbox="0 0 24 24"><path d="M20.71 7.04c.39-.39.39-1.04 0-1.41l-2.34-2.34c-.37-.39-1.02-.39-1.41 0l-1.84 1.83 3.75 3.75M3 17.25V21h3.75L17.81 9.93l-3.75-3.75L3 17.25z"/></svg> </a> <h1>Bulletproofs</h1> <p>Pieter Wuille on Bulletproofs:</p> <p>Bulletproofs is a general technology to implement zero-knowledge proofs.</p> <p>Bitcoin does not use zero-knowledge proofs. There is no way you can just "plug in" Bulletproofs anywhere in Bitcoin.</p> <p>Perhaps you are talking about confidential transactions (CT). This is a technique to permit a public ledger that makes the amounts hidden while still permitting everyone to verify the balances adds up. If that sounds like magic, that's because it is.</p> <p>CT rely on zero-knowledge proofs. They could use Bulletproofs. They could also use other types of zero-knowledge proofs (there are several, zk-SNARKS is the well known, each with their own trade-offs). Certainly the invention of Bulletproofs made CT more accessible.</p> <p>However... CT is still very different from how Bitcoin works right now. There is no obvious way to integrate them. My best hope would be using something like an extension block, where you can have coins on the "legacy" side or coins on the confidential side - with explicit operations to move them between the two.</p> <p>However, that is far from simple, and AFAIK nobody is really working on it. Much as I love this technique and would be very excited to see it in Bitcoin, it's unrealistic to think that it will be usable anytime soon there.</p> <p>Every system must lack at least one of unconditional soundness and unconditional blindness. It's perfectly possible to build a system that lacks both.</p> <p>Bulletproofs are a general zero-knowledge proof technique. That means that they can be used to prove any statement over secret data without revealing that data.</p> <p>You could prove you know 2 numbers that add up to 7.</p> <p>You could prove that you know a string whose SHA256 hash is 16c28109a2719ebd4a123db11ff966f02d814354e3dc932449484f1c5a804af4, without revealing anything else about that string.</p> <p>They could be used instead of zk-SNARKs in Zero-Knowledge Contingent Payments (swapping money for solutions to a problem). These can be done without any changes to Bitcoin.</p> <p>You could (in theory, read on) use them to build a blockchain similar to ZCash (which heavily relies on zk-SNARKs for proving that their ledger makes sense), but without the trusted setup procedure or novel cryptography (Bulletproofs use very conservative security assumptions). Unfortunately, Bulletproof validation is much slower than zk-SNARK validation for complex problems, so it's not really comparable.</p> <p>I expect that the most interesting applications are things we haven't considered yet. They suddenly bring zero-knowledge proofs into scope for a lot of problems and protocols where it wasn't really reasonable to go through the effort of using one of the existing proof systems.</p> <p>++++</p> <p>I'm pretty sure that Monero is not unconditionally sound. Even if it is, after switching to Bulletproofs they won't be (Bulletproofs cannot be made unconditionally sound).</p> <p>Yes, with the old rangeproof construction there was an alternative that was unconditionally sound, but not unconditionally private.</p> <p>This is not possible with Bulletproofs (and theoretically impossible with anything with similar compactness; unconditionally sound proofs cannot be small).</p> <p>++++</p> <p>Bulletproofs are a general zero-knowledge proof technique. That means that they can be used to prove any statement over secret data without revealing that data.</p> <p>You could prove you know 2 numbers that add up to 7.</p> <p>You could prove that you know a string whose SHA256 hash is 16c28109a2719ebd4a123db11ff966f02d814354e3dc932449484f1c5a804af4, without revealing anything else about that string.</p> <p>They could be used instead of zk-SNARKs in Zero-Knowledge Contingent Payments (swapping money for solutions to a problem). These can be done without any changes to Bitcoin.</p> <p>You could (in theory, read on) use them to build a blockchain similar to ZCash (which heavily relies on zk-SNARKs for proving that their ledger makes sense), but without the trusted setup procedure or novel cryptography (Bulletproofs use very conservative security assumptions). Unfortunately, Bulletproof validation is much slower than zk-SNARK validation for complex problems, so it's not really comparable.</p> <p>I expect that the most interesting applications are things we haven't considered yet. They suddenly bring zero-knowledge proofs into scope for a lot of problems and protocols where it wasn't really reasonable to go through the effort of using one of the existing proof systems.</p> <p>++++</p> <p>Practical zero-knowledge proofs have existed for a few years now, and ZKCPs are indeed an application of them.</p> <p>Bulletproofs are just a new type of zero-knowledge proof. Compared to zk-SNARKS, they're much more conservative in their security assumptions, and don't need a complicated setup procedure before proofs can be created. On the other hand, they're also larger and slower for complicated problsms. And they don't do anything that couldn't be done before - they're just more practical depending on your requirements.</p> </article> </div> </div> </main> <footer class=md-footer> <div class="md-footer-meta md-typeset"> <div class="md-footer-meta__inner md-grid"> <div class=md-footer-copyright style="margin: auto;"> <a href=http://bumz4sduzxzlobbgzy5fiufdflg3mo2jyecdwdx5rphrqldms7wlmiid.onion/ >Tor onion version</a> | <a href=https://qertoip.com/ >contact</a> | © 2021 MoneroDocs under <a href=https://opensource.org/licenses/MIT>MIT</a> | built w/ <a href=https://www.mkdocs.org/ >mkdocs</a> and <a href=https://squidfunk.github.io/mkdocs-material/ >squidfunk/material</a> </div> </div> </div> </footer> </div> <script src=../../assets/javascripts/vendor.93c04032.min.js></script> <script src=../../assets/javascripts/bundle.83e5331e.min.js></script><script id=__lang type=application/json>{"clipboard.copy": "Copy to clipboard", "clipboard.copied": "Copied to clipboard", "search.config.lang": "en", "search.config.pipeline": "trimmer, stopWordFilter", "search.config.separator": "[\\s\\-]+", "search.placeholder": "Search", "search.result.placeholder": "Type to start searching", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.term.missing": "Missing"}</script> <script>
|
|
app = initialize({
|
|
base: "../..",
|
|
features: [],
|
|
search: Object.assign({
|
|
worker: "../../assets/javascripts/worker/search.8c7e0a7e.min.js"
|
|
}, typeof search !== "undefined" && search)
|
|
})
|
|
</script> </body> </html> |