Bulletproofs: Efficient Range Proofs for Confidential Transactions is a working publication from Stanford University’s Applied Cryptography Group. The project is overseen by professor Dan Boneh, and it involves PhD students and researchers from Stanford, University College London, and Blockstream. “Bulletproofs are designed to enable efficient confidential transactions in Bitcoin and other cryptocurrencies,” a background abstract begins.
A common misconception is transacting in bitcoin is somehow anonymous, confidential. The press often touts it as such, especially in the service of crime.
The irony of payment systems in the digital age is how public they are. Entire industries have been built up around gathering payment information, habits. Bitcoin is a step, for sure, toward thwarting institutional electronic payments’ invasiveness, but it is a long way from the anonymity of cash, for example.
“Confidential transactions hide the amount that is transferred in the transaction,” the paper continues, “Every confidential transaction contains a cryptographic proof that the transaction is valid. Bulletproofs shrink the size of the cryptographic proof from over 10kB to less than 1kB,” they claim.
Could Bulletproofs Ease the Scaling Debate?
Nothing in the paper overtly refers to the ongoing scaling debate, other than Bulletproofs assisting in scaling as a general idea. Those championing large block sizes have done so under the criticism of slow transaction times and higher fees. Meanwhile, status-quo arguments revolve around a bitcoin not reserved for micropayments, more for a settlement standard and store of value.
“If all Bitcoin transactions were confidential and used Bulletproofs, then the total size of the blockchain would be only 17 GB, compared to 160 GB with the currently used proofs,” authors Benedikt Bünz, Jonathan Bootle, Dan Boneh, Andrew Poelstra, Pieter Wiulle, Greg Maxwell insist.
Professor Dan Boneh
zkSNARKs, popularized in ZCash, are precursors to Bulletproofs. However, “Bulletproofs are short non-interactive zero-knowledge proofs that require no trusted setup,” which is the case with SNARKs.
“A Bulletproof can be used to convince a verifier that an encrypted plaintext is well formed. For example, prove that an encrypted number is in a given range, without revealing anything else about the number,” the ACG team asserts. The tradeoff in using Bulletproofs is in verification, as it is “more time consuming than verifying a SNARK proof.”
Block efficiency usage means the ACG proposal can “have many other applications in cryptographic protocols,” they write, “such as shortening proofs of solvency, short verifiable shuffles, confidential smart contracts, and as a general drop-in replacement for Sigma-protocols.”
News.bitcoin.com has examined issues relative to Bulletproofs with regard to confidentiality and a recent Mimblewimble testnet.