Bulletproofs - Max Fang's Notes

# Bulletproofs - Paper: [abstract](https://ieeexplore.ieee.org/document/8418611), [pdf](https://eprint.iacr.org/2017/1066.pdf) ## Resources ### Bulletproofs in [[Monero]] - ([[2018-10-18]] Blog post) [Monero Becomes Bulletproof](https://medium.com/digitalassetresearch/monero-becomes-bulletproof-f98c6408babf) - ([[2020-12-24]] Blog post) [Bulletproofs+ in Monero](https://www.getmonero.org/2020/12/24/Bulletproofs+-in-Monero.html) ### ([[2018-04-13]] Blog post) [Faster Bulletproofs with Ristretto & AVX2](https://blog.chain.com/faster-bulletproofs-with-ristretto-avx2-29450b4490cd) ### [[Rust]] implementation by [[Dalek Cryptography]] https://github.com/dalek-cryptography/bulletproofs Links: [[Ristretto]] *The fastest [Bulletproofs](https://crypto.stanford.edu/bulletproofs/) implementation ever, featuring single and aggregated range proofs, strongly-typed multiparty computation, and a programmable constraint system API for proving arbitrary statements (under development).* *This library implements Bulletproofs using [Ristretto](https://ristretto.group/), using the `ristretto255` implementation in [`curve25519-dalek`](https://doc.dalek.rs/curve25519_dalek/index.html). When using the [parallel formulas](https://medium.com/@hdevalence/accelerating-edwards-curve-arithmetic-with-parallel-formulas-ac12cf5015be) in the `curve25519-dalek` AVX2 backend, it can verify 64-bit rangeproofs **approximately twice as fast** as the original `libsecp256k1`-based Bulletproofs implementation.* #### Documentation The user-facing documentation for this functionality can be [found here](https://doc.dalek.rs/bulletproofs/index.html). In addition, the library _also_ contains extensive notes on how Bulletproofs work. These notes can be found in the library's [internal documentation](https://doc-internal.dalek.rs/bulletproofs/index.html): - how [Bulletproofs work](https://doc-internal.dalek.rs/bulletproofs/notes/index.html); - how [the range proof protocol works](https://doc-internal.dalek.rs/bulletproofs/range_proof/index.html); - how [the inner product proof protocol works](https://doc-internal.dalek.rs/bulletproofs/inner_product_proof/index.html); - how [the aggregation protocol works](https://doc-internal.dalek.rs/bulletproofs/notes/index.html#aggregated-range-proof); - how the Bulletproof constraint system proofs work (under development); - how the constraint system reduction works (under development); - how the aggregated constraint system proofs work (future work).