Skip to content

Bulletproofs+ Audit for Monero

Overview

Hello everyone! This CCS proposal is for the audit of the Bulletproofs+ implementation for range proofs in Monero. Bulletproofs+ is a more efficient range proof protocol building on Bulletproofs. Bulletproofs+ for Monero has been implemented by Dr. Sarang Noether as per this proposal. Bulletproofs+ offers at least 5% proof size reduction and 5-10% speedup in verification1. Refer to our blogs2 for in-depth technical differences between Bulletproofs and Bulletproofs+.

Scope

We aim to perform a cryptographic and security assessment of the Bulletproof+ (referred to as BP+ hereafter) protocol specific to the Monero blockchain. Our goal is to establish the readiness of a specific C++ implementation of BP+ as a drop in replacement to the existing range proof protocol Bulletproofs in Monero. We plan to cover the following points as a part of the audit:

  1. A full peer review of the eprint version (link) of the paper with focus on the soundness of the scheme. Note that at the time of writing this proposal, the paper is not yet published in a peer-reviewed conference/journal (to the best of our knowledge).
  2. Thorough examination if the BP+ code (link) accurately represents the Bulletproofs+ prove and verify algorithms, in particular
    • To check if the code allows an attacker to generate a false proof that the verify algorithm deems as correct,
    • To check if the code leaks any information to an attacker from examining the proof generated by an honest prover,
  3. Assess the correctness of the C++ code (~1500 lines of code of BP+ including tests and headers) from a logical and an implementation point of view, including the underlying elliptic curve arithmetic used. We will use an independent Rust implementation to provide an extra layer of validation.
  4. Focus on identifying vulnerabilities related to security and in particular the cryptographic properties. We will do our best effort to offer improvements to the code.

About Us

Our team consists of the following members:

  1. Omer Shlomovits: Co-founder of ZenGoX, MPC-Alliance, ZK-Tel-Aviv. Vastly experienced in Crypto & Blockchain research, implementing complex cryptographic systems.
  2. Suyash Bagad: Cryptography Engineer at Aztec Protocol, ZenGoX Research member, B.Tech and M.Tech from the Indian Institute of Technology, Bombay with thesis primarily on Privacy-preserving Proofs of Reserves for Monero and Grin. First author of 2 papers presented to IEEE S&B, Crypto Valley conferences. Experienced in implementing zero-knowledge proof systems.

Note: We are the same team who had first proposed the implementation of BP+ for Monero.

Funding Note

We estimate to complete the project in about 1 month in two steps: (i) Full peer review of the paper, (ii) Complete audit of the implementation in form of a well-compiled report. We need a funding of XMR 90.3 (equivalent of $15,000) as per 7-day average price (1 XMR = $166.13) on Kraken. This project will include both Suyash and Omer working as well as academic advisory from Prof. Claudio Orlandi.

  1. Dr. Sarang's blog on Bulletproofs+. Available: https://gist.github.com/SarangNoether/ee6367fa8b5500120b2a4dbe23b71694

  2. Comparing Bulletproofs and Bulletproofs+. Available (Part I, Part II, Part III)

Edited by Suyash Bagad

Merge request reports