Bulletproofs and Bulletproofs+ Rust implementation for Aggregated Range Proofs over multiple elliptic curves

Related tags

Cryptography elliptic-curves bulletproofs zero-knowledge-proofs
Overview

Bulletproofs

This library implements Bulletproofs+ and Bulletproofs aggregated range proofs with multi-exponent verification. The library supports multiple elliptic curves: secp256k1 , ristretto , ed25519

Usage

Control range and batch size using n,m variables. Supported range is any number 0<n<2^64. The library contains multiple test examples that can be followed (run them with Cargo test). To change an elliptic curve, change feature for Curv dependency inside Cargo.toml.

Benchmarks

Run cargo bench. For ristretto the current implementation is ~4x slower than dalek-cryptography.

Contact

Feel free to reach out or join the ZenGo X Telegram for discussions on code and research.

Comments
  • Non-power of 2 Inner-Product Argument

    Non-power of 2 Inner-Product Argument

    This Bulletproofs implementation doesn't support inner-product argument generation and verification for inputs of sizes other than powers of 2. How do we use inner-product argument for input sizes not a power of 2? Also, how do we realise it in implementation?

    opened by suyash67 4
  • Not proper expression for formula (7) in Bulletproofs+?

    Not proper expression for formula (7) in Bulletproofs+?

    opened by 3for 2
  • Inner-Product Verification with Multiexponentiation | Inner-Product Protocol for Non-powers of 2

    Inner-Product Verification with Multiexponentiation | Inner-Product Protocol for Non-powers of 2

    1. Faster inner product proof verification using a single multi-exponentiation as described in Section 3.1 of the Bulletproofs paper. Improves the inner product verification by ~30%

    2. Protocols similar in spirit to Bulletproofs require support for inner product protocol with secret vector sizes a non-power of 2. I have added a test demonstrating the same. The idea is simple: 2.1 Append secret vectors with 0's to make them the next power of 2 2.2 Extend the original base vectors to make them too the next power of 2 2.3 Compute vector exponentiations with a condition to check any 0's. This ensures minimum overhead computational cost due to modification of vector sizes to the next power of 2.

    opened by suyash67 1
  • Faster Verification of Bulletproofs and Bulletproofs+

    Faster Verification of Bulletproofs and Bulletproofs+

    Improved verification speed of BP, BP+ by 1.3X to 2.2X and 1.6X to 2X respectively by compressing all the verification equations into a single multi-exponentiation check. This factor decreases as the number of proofs aggregated increases. A brief write-up about how we reduce verification to a single check is present in this blog.

    opened by suyash67 0
  • Weighted Inner Product Based Range Proofs

    Weighted Inner Product Based Range Proofs

    Implementing range proofs with size 15% shorter than that of the original Bulletproofs protocol using weighted inner product argument introduced in Bulletproofs+ paper.

    • [x] Write weighted inner product (wip) prover and verifier functions.

    • [x] Fasten verification using multi-exponentiation in wip.

    • [x] Scalar power and multiplication optimisations in wip.

    • [x] Range proof using wip protocol and comparison with Bulletproofs.

    • [x] Benchmark wip and the associated range proof.

    enhancement 
    opened by suyash67 0
  • Generic over choice of curve

    Generic over choice of curve

    PR makes algorithms described in the crate generic over choice of curve.

    Blocked on:

    • [ ] https://github.com/ZenGo-X/curv/pull/96 PR
    • [ ] Caught a bug. Aggregation range proof doesn't work for p256 curve. Failing test: test_agg_batch_4_range_proof_64_p256. It works for all other curves. All other algorithms work fine with all curves including p256.
    • [ ] I renamed and rewrote function generate_random_point to support all other curves - now it's derive_point. It worths a quick look if it's fine
    opened by survived 0
  • add interface for zero knowledge interval proof

    add interface for zero knowledge interval proof

    prove that a pedersen commitment is to a value a<x<b. If b-a is a power of 2 this can be done non interactively with only one range proof assuming the:

    1. prover commits to a value a<x<b
    2. prover generates a pedersen commitment to a value a
    3. prover generates a range proof to commitment that is commitment from 1 minus commitment from 2
    4. prover sends range proof together with the opening of the commitment from 2
    opened by omershlo 0
Releases(v1.1.6)
Owner
[ZenGo X]
Threshold cryptography for blockchains. Projects with "city" in name are work in progress.
[ZenGo X]
GitHub
Rust implementation of multi-party Schnorr signatures over elliptic curves.

Multi Party Schnorr Signatures This library contains several Rust implementations of multi-signature Schnorr schemes. Generally speaking, these scheme

[ZenGo X] 148 Dec 15, 2022
L2 validity rollup combined with blind signatures over elliptic curves inside zkSNARK, to provide offchain anonymous voting with onchain binding execution on Ethereum

blind-ovote Blind-OVOTE is a L2 voting solution which combines the validity rollup ideas with blind signatures over elliptic curves inside zkSNARK, to

Aragon ZK Research 3 Nov 18, 2022
ZKP fork for rust-secp256k1, adds wrappers for range proofs, pedersen commitments, etc

rust-secp256k1 rust-secp256k1 is a wrapper around libsecp256k1, a C library by Peter Wuille for producing ECDSA signatures using the SECG curve secp25

null 53 Dec 19, 2022
A pure-Rust implementation of Bulletproofs using Ristretto.

Bulletproofs The fastest Bulletproofs implementation ever, featuring single and aggregated range proofs, strongly-typed multiparty computation, and a

dalek cryptography 832 Dec 28, 2022
DAPOL+ Proof of Liabilities using Bulletproofs and Sparse Merkle trees

DAPOL+ implementation Implementation of the DAPOL+ protocol introduced in the "Generalized Proof of Liabilities" by Yan Ji and Konstantinos Chalkias A

Mysten Labs 5 Apr 9, 2023
Basis Spline Fun(ctions) and NURBS Curves / Surfaces

bsfun Basis Spline Fun(ctions) This is a super simple Rust library for working with basis splines and NURBS (Non-Uniform Rational B-Splines) with zero

null 5 May 14, 2023
Rust implementation of {t,n}-threshold ECDSA (elliptic curve digital signature algorithm).

Multi-party ECDSA This project is a Rust implementation of {t,n}-threshold ECDSA (elliptic curve digital signature algorithm). Threshold ECDSA include

[ZenGo X] 706 Jan 5, 2023
Implementation of the BLS12-381 pairing-friendly elliptic curve group

bls12_381 This crate provides an implementation of the BLS12-381 pairing-friendly elliptic curve construction. This implementation has not been review

Zero-knowledge Cryptography in Rust 183 Dec 27, 2022
Trait that allows comparing a value to a range of values.

range_cmp Docs This Rust crate provides the RangeComparable trait on all types that implement Ord. This traits exposes a rcmp associated method that a

Akvize 3 Nov 8, 2023
X25519 elliptic curve Diffie-Hellman key exchange in pure-Rust, using curve25519-dalek.

x25519-dalek A pure-Rust implementation of x25519 elliptic curve Diffie-Hellman key exchange, with curve operations provided by curve25519-dalek. This

dalek cryptography 252 Dec 26, 2022
Multi Party Key Management System (KMS) for Secp256k1 Elliptic curve based digital signatures.

Key Management System (KMS) for curve Secp256k1 Multi Party Key Management System (KMS) for Secp256k1 Elliptic curve based digital signatures. Introdu

[ZenGo X] 61 Dec 28, 2022
Elliptic curve cryptography on Soroban.

Elliptic Curve Cryptography on Soroban Contract examples and reusable primitives. Groth 16 verifier. This crate provides a SorobanGroth16Verifier obje

Xycloo Labs 5 Feb 10, 2023
Thaler's Proofs, Args, and ZK Implemented in Rust using arkworks

rthaler • Dr. Thaler's book Proofs, Args, and ZK implemented in rust using the arkworks cryptographic rust toolset. Various Zero Knowledge Protocols a

null 4 Jun 19, 2022
STARK - SNARK recursive zero knowledge proofs, combinaison of the Winterfell library and the Circom language

STARK - SNARK recursive proofs The point of this library is to combine the SNARK and STARK computation arguments of knowledge, namely the Winterfell l

Victor Colomb 68 Dec 5, 2022
Rust based Virtual Machine on Avalanche that implements Bulletproof ZK Proofs.

BulletproofVM Rust based Virtual Machine on Avalanche that implements Bulletproof ZK Proofs. Zero-Knowledge Virtual Machine This is a virtual machine

null 14 Jan 4, 2023
Noir is a domain specific language for zero knowledge proofs

The Noir Programming Language Noir is a Domain Specific Language for SNARK proving systems. It has been designed to use any ACIR compatible proving sy

null 404 Jan 1, 2023
P2P Network to verify authorship & ownership, store & deliver proofs.

Anagolay Network Node Anagolay is a next-generation framework for ownerships, copyrights and digital licenses. ?? Local Development The installation a

Anagolay Network 5 May 30, 2022
The Light Protocol program verifies zkSNARK proofs to enable anonymous transactions on Solana.

Light Protocol DISCLAIMER: THIS SOFTWARE IS NOT AUDITED. Do not use in production! Tests cd ./program && cargo test-bpf deposit_should_succeed cd ./pr

null 36 Dec 17, 2022
Safeguard your financial privacy with zero-knowledge proofs.

Spinner The Spinner project (https://spinner.cash) takes a privacy first approach to protect users crypto assets. It is a layer-2 protocol built on th

Spinner 21 Dec 28, 2022