Bitcoin Forum>Bitcoin>Development & Technical Discussion
Author

Topic: Bulletproofs and SNARK (Read 305 times)

LeGaulois
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
Bulletproofs and SNARK
February 23, 2018, 07:19:13 AM
#5
Thanks guys

@nullius see Bulletproofs: Short Proofs for Confidential Transactions and More I didn't check the link posted by @ETFbitcoin but it's surely about the same. As for the quote, I didn't bookmark the link so not sure from where I got it :/ (edit; I got it from the PDF itself lol)

I think Monero is using Bulletproofs or planned to.


Quote from: ABCbits on February 22, 2018, 10:31:31 PM

But i don't see any discussion mention which says it can reduce blocksize since it's bigger than normal signature size even though it's far smaller than CT signature size.

Edit;

Quote
However, verifying a bulletproof is more time consuming than verifying a SNARK proof.

Bulletproofs are designed to enable efficient confidential tranactions in Bitcoin and other cryptocurrencies. Confidential transactions hide the amount that is transfered in the transaction. Every confidential transaction contains a cryptographic proof that the transaction is valid. Bulletproofs shrink the size of the cryptographic proof from over 10kB to less than 1kB. Moreover, bulletproofs support proof aggregation, so that proving that m transaction values are valid adds only O(log(m)) additional elements to the size of a single proof. If all Bitcoin transactions were confidential and used Bulletproofs, then the total size of the blockchain would be only 17 GB, compared to 160 GB with the currently used proofs.
https://crypto.stanford.edu/bulletproofs/
HeRetiK
legendary
Activity: 3122
Merit: 2178
Playgram - The Telegram Casino
Re: Bulletproofs and SNARK
February 23, 2018, 03:36:30 AM
#4
Quote from: nullius on February 22, 2018, 10:07:39 PM
FYI, if the discrete logarithm assumption were to fail, a great number of things would be shattered—from your web browser’s DH-based key agreements, to Bitcoin’s public-key security.  Also, almost no cryptosystems in widespread use today are PQ safe; however, quantum computers do not exist—not yet, and maybe never.

While quantum computing is not the voodoo magic it is often made out to be, its progress has been taking long strides:

https://newsroom.intel.com/news/intel-advances-quantum-neuromorphic-computing-research/


There's a reason why the official recommendation has shifted from Suite B to post-quantum cryptography:

https://www.iad.gov/iad/programs/iad-initiatives/cnsa-suite.cfm

(ignore the certificate error -- the NSA expects you to install their root CA certificate, thank you but no thank you)


Of course it's still hard to tell what the actual impact of quantum computing will be, but when it comes to defining long term cryptographic standards it definitely can't be ignored anymore.
ABCbits
legendary
Activity: 2870
Merit: 7490
Crypto Swap Exchange
Re: Bulletproofs and SNARK
February 22, 2018, 10:31:31 PM
#3
Link : https://blockstream.com/2018/02/21/bulletproofs-faster-rangeproofs-and-much-more.html

Quote from: LeGaulois on February 22, 2018, 07:02:30 PM
Is there someone in the house able to explain to me just a little thing.

This afternoon I have read a paper telling Bulletproofs are better than SNARK... And if all Bitcoin transactions used Bulletproofs then the size of the blockchain would be only 17 GB instead of (how much 150-200gb??)

But the main advantage with Bulletproofs is the confidential transactions, what else?

Is there a chance to see it with Bitcoin? Because

Quote
…An adversary that can break the binding property of the commitment scheme or the soundness of the proof system can generate coins out of thin air and thus create uncontrolled but undetectable inflation rendering the currency useless…
…While the discrete logarithm assumption is believed to hold for classical computers, it does not hold against a quantum adversary.

So then, its a weakness rather than something else Huh

As far as i know, the main advantage of Bulletproof is their zero-proof knowledge with more efficient transaction size and faster confirmation. So, while it's similar to CT, it's more efficient which is perfect for bitcoin where scaling is the one of the most important things.
But i don't see any discussion mention which says it can reduce blocksize since it's bigger than normal signature size even though it's far smaller than CT signature size.

Also, zero-proof knowledge is widely used and i'm sure developer will take lots of time for debug/testing to make sure scenario you mention never happen.
I would say this is interesting technology since it could give Bitcoin user more privacy/anonymity without bloat the transaction size too much, even Monero plan to research this technology as well.

Please CMIIW.
nullius
copper member
Activity: 630
Merit: 2614
If you don’t do PGP, you don’t do crypto!
Re: Bulletproofs and SNARK
February 22, 2018, 10:07:39 PM
#2
Quote from: LeGaulois on February 22, 2018, 07:02:30 PM
This afternoon I have read a paper telling Bulletproofs are better than SNARK...

Link, please?

By the way:

Quote from: LeGaulois on February 22, 2018, 07:02:30 PM
Quote
…An adversary that can break the binding property of the commitment scheme or the soundness of the proof system can generate coins out of thin air and thus create uncontrolled but undetectable inflation rendering the currency useless…
…While the discrete logarithm assumption is believed to hold for classical computers, it does not hold against a quantum adversary.

Even without context, that simply sounds like part of how cryptographers reduce the security of their work to a few security assumptions, and then of course should explain what happens if those assumptions were to fail.

The part about the commitment scheme and proof system sounds like this quote pertains to SNARKs.

FYI, if the discrete logarithm assumption were to fail, a great number of things would be shattered—from your web browser’s DH-based key agreements, to Bitcoin’s public-key security.  Also, almost no cryptosystems in widespread use today are PQ safe; however, quantum computers do not exist—not yet, and maybe never.
LeGaulois
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
Re: Bulletproofs and SNARK
February 22, 2018, 07:02:30 PM
#1
Is there someone in the house able to explain to me just a little thing.

This afternoon I have read a paper telling Bulletproofs are better than SNARK... And if all Bitcoin transactions used Bulletproofs then the size of the blockchain would be only 17 GB instead of (how much 150-200gb??)

But the main advantage with Bulletproofs is the confidential transactions, what else?

Is there a chance to see it with Bitcoin? Because

Quote
…An adversary that can break the binding property of the commitment scheme or the soundness of the proof system can generate coins out of thin air and thus create uncontrolled but undetectable inflation rendering the currency useless…
…While the discrete logarithm assumption is believed to hold for classical computers, it does not hold against a quantum adversary.

So then, its a weakness rather than something else Huh
Bitcoin Forum>Bitcoin>Development & Technical Discussion
Jump to: