Paper 2023/1090

Bulletproofs With Stochastic Equation Sets

Michael Brand, RMIT University
Benoit Poletti
Abstract

Bulletproofs are general-purpose Zero Knowledge Proof protocols that allow a Prover to demonstrate to a Verifier knowledge of a solution to a set of equations, represented as a Rank 1 Constraint System. We present a protocol extending the standard Bulletproof protocol, which introduces a second layer of interactivity to the protocol, by allowing the Verifier to choose the set of equations after the Prover has already committed to portions of the solution. We show that such Verifier-chosen (or stochastically-chosen) equation sets can be used to design smaller equation sets with less variables that have the same proving-power as their larger, deterministic counterparts but are, in practice, orders of magnitude faster both in proof generation and in proof verification, and even reduce the size of the resulting proofs. We demonstrate this with an example from a real-world application. Our method maintains all the classical benefits of the Bulletproof approach: efficient proof generation, efficient proof checking, extremely short proofs, and the ability to use Fiat-Shamir challenges in order to turn an interactive proof into a non-interactive proof.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Keywords
zero-knowledge proofbulletproofstochastic equation set
Contact author(s)
michael brand @ rmit edu au
bpoletti @ incert lu
History
2023-07-16: approved
2023-07-13: received
See all versions
Short URL
https://ia.cr/2023/1090
License
Creative Commons Attribution
CC BY

BibTeX

@misc{cryptoeprint:2023/1090,
      author = {Michael Brand and Benoit Poletti},
      title = {Bulletproofs With Stochastic Equation Sets},
      howpublished = {Cryptology {ePrint} Archive, Paper 2023/1090},
      year = {2023},
      url = {https://eprint.iacr.org/2023/1090}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.