Merge !197

Bulletproofs+ Audit for Monero See merge request monero-project/ccs-proposals!197

Merge !197
Bulletproofs+ Audit for Monero See merge request monero-project/ccs-proposals!197
4a854695 · luigi1111 · ae65ec57 · f87a4585 · 4a854695
Commit 4a854695 authored Jan 14, 2021 by luigi1111
--- a/bulletproofs-plus-audit.md
+++ b/bulletproofs-plus-audit.md
+---
+layout: fr
+title: "Bulletproofs+ Audit for Monero"
+author: Suyash Bagad
+date: 22 December 2020
+amount: 90.3 
+milestones:
+  - name: Audit Report of Bulletproofs+ Code and the E-print paper 
+    funds: 100% (90.3 XMR)
+    done: 
+    status: unfinished
+payouts:
+  - date:
+    amount:
+---
+
+### Overview
+
+Hello everyone! This CCS proposal is for the audit of the Bulletproofs+ [implementation](https://github.com/SarangNoether/monero/tree/bp-plus) for range proofs in Monero. [Bulletproofs+](https://eprint.iacr.org/2020/735) is a more efficient range proof protocol building on [Bulletproofs](https://eprint.iacr.org/2017/1066.pdf). Bulletproofs+ for Monero has been implemented by Dr. Sarang Noether as per [this](https://charity.gofundme.com/o/en/campaign/dr-sarang-noether-to-implement-bulletproofs-in-monero) proposal. Bulletproofs+ offers at least 5%  proof size reduction and 5-10% speedup in verification[^1]. Refer to our blogs[^2] for in-depth technical differences between Bulletproofs and Bulletproofs+.
+
+### Scope
+
+We aim to perform a cryptographic and security assessment of the Bulletproof+ (referred to as BP+ hereafter) protocol specific to the Monero blockchain. Our goal is to establish the readiness of a specific C++ implementation of BP+ as a drop in replacement to the existing range proof protocol Bulletproofs in Monero. We plan to cover the following points as a part of the audit:
+1. A full peer review of the eprint version ([link](https://eprint.iacr.org/2020/735)) of the paper with focus on the soundness of the scheme. Note that at the time of writing this proposal, the paper is not yet published in a peer-reviewed conference/journal. 
+2. Thorough examination if the BP+ code ([link](https://github.com/SarangNoether/monero/tree/bp-plus)) accurately represents the Bulletproofs+ prove and verify algorithms, in particular
+    - To check if the code allows an attacker to generate a false proof that the verify algorithm deems as correct,
+    - To check if the code leaks any information to an attacker from examining the proof generated by an honest prover, 
+3.  Assess the correctness of the C++ code (~1500 lines of code of BP+ including tests and headers) from a logical and an implementation point of view, including the underlying elliptic curve arithmetic used. We will use an independent Rust [implementation](https://github.com/ZenGo-X/bulletproofs) to provide an extra layer of validation. 
+4. Focus on identifying vulnerabilities related to security and in particular the cryptographic properties. We will do our best effort to offer improvements to the code.  
+
+### About Us
+
+Our team consists of the following members:
+1. [Omer Shlomovits](https://www.omershlomovits.com/): Co-founder of [ZenGoX](https://zengo.com/research/),  [MPC-Alliance](https://www.mpcalliance.org/), [ZK-Tel-Aviv](https://www.meetup.com/Zero-Knowledge-Tel-Aviv/). Vastly [experienced](https://www.omershlomovits.com/work) in Crypto & Blockchain research, implementing complex cryptographic systems. 
+2. [Suyash Bagad](https://suyash67.github.io/homepage/): Cryptography Engineer at Aztec Protocol, ZenGoX Research member, B.Tech and M.Tech from the Indian Institute of Technology, Bombay with thesis primarily on [Privacy-preserving Proofs of Reserves for Monero and Grin](https://suyash67.github.io/homepage/assets/pdfs/suyash-masters-thesis.pdf). First author of 2 papers presented to IEEE S&B, Crypto Valley conferences. Experienced in implementing zero-knowledge proof systems.
+
+Note: We are the same team who had first [proposed](https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/156) the implementation of BP+ for Monero.
+
+### Funding Note
+
+We estimate to complete the project in about 1 month in two steps: (i) Full peer review of the paper, (ii) Complete audit of the implementation in form of a well-compiled report. We need a funding of XMR 90.3 (equivalent of $15,000) as per 7-day average price (1 XMR = $166.13) on Kraken. This project will include both Suyash and Omer working as well as academic advisory from [Prof. Claudio Orlandi](https://users-cs.au.dk/orlandi/). 
+
+
+[^1]: Dr. Sarang's blog on Bulletproofs+. Available: https://gist.github.com/SarangNoether/ee6367fa8b5500120b2a4dbe23b71694
+
+[^2]: Comparing Bulletproofs and Bulletproofs+. Available ([Part I](https://suyash67.github.io/homepage/project/2020/07/03/bulletproofs_plus_part1.html), [Part II](https://suyash67.github.io/homepage/project/2020/07/03/bulletproofs_plus_part2.html), [Part III](https://suyash67.github.io/homepage/project/2020/07/03/bulletproofs_plus_part3.html))
+
+