[Cryptography] Call for Reviewers: Bulletproofs in Monero

Howard Chu hyc at symas.com
Sun Jan 14 13:30:15 EST 2018 

The Monero Cryptocurrency uses Ring Confidential Transactions (ringCT)[1] to 
hide the amounts being transacted on its blockchain. One of the consequences 
of hiding amounts is that you still need a means of verifying that the amounts 
are legitimate, don't overflow, etc., without revealing them. In CT, "range 
proofs" are used to assert the validity of output amounts. These proofs are 
quite large, causing a typical 1-input/2-output Monero transaction to use 
around 12.5kB. (Pre-ringCT this transaction would be only around 500 bytes.[2])

Last November saw the release of new work out of Stanford called 
"Bulletproofs"[3] which makes the size of a range proof logarithmic in the 
number of values, instead of the linear size they currently consume. Use of 
Bulletproofs will reduce typical Monero transaction sizes by ~80%, so this is 
a significant improvement. The Monero Research Lab[4] developed a prototype in 
Java, and The Monero Project has subsequently implemented Bulletproofs in C++ 
and this code has been running on the Monero testnet since the beginning of 
last December.[5]

While the researchers in the Monero Research Lab are confident in the 
soundness of the math in the Bulletproofs paper, the Monero Project is being 
cautious about deploying the feature to production on mainnet. The Monero 
Project recognizes the value of independent 3rd-party reviews. Therefore, the 
Monero Project is now soliciting help in conducting formal, in-depth reviews 
of the C++ implementation. If you're interested, please contact 
sarang.noether at protonmail.com for details. Funds are available to pay for 
services rendered.

[1] http://www.ledgerjournal.org/ojs/index.php/ledger/issue/view/2
[2] 
https://monero.stackexchange.com/questions/1271/how-do-you-calculate-the-size-of-a-monero-transaction-before-it-is-sent
[3] https://crypto.stanford.edu/bulletproofs/
[4] https://getmonero.org/resources/research-lab/
[5] https://github.com/monero-project/monero/pull/2883

-- 
   -- Howard Chu
   CTO, Symas Corp.           http://www.symas.com
   Director, Highland Sun     http://highlandsun.com/hyc/
   Chief Architect, OpenLDAP  http://www.openldap.org/project/

More information about the cryptography mailing list