Commit 4a854695 authored by luigi1111's avatar luigi1111
Browse files

Merge !197

Bulletproofs+ Audit for Monero

See merge request monero-project/ccs-proposals!197
parents ae65ec57 f87a4585
layout: fr
title: "Bulletproofs+ Audit for Monero"
author: Suyash Bagad
date: 22 December 2020
amount: 90.3
- name: Audit Report of Bulletproofs+ Code and the E-print paper
funds: 100% (90.3 XMR)
status: unfinished
- date:
### Overview
Hello everyone! This CCS proposal is for the audit of the Bulletproofs+ [implementation]( for range proofs in Monero. [Bulletproofs+]( is a more efficient range proof protocol building on [Bulletproofs]( Bulletproofs+ for Monero has been implemented by Dr. Sarang Noether as per [this]( proposal. Bulletproofs+ offers at least 5% proof size reduction and 5-10% speedup in verification[^1]. Refer to our blogs[^2] for in-depth technical differences between Bulletproofs and Bulletproofs+.
### Scope
We aim to perform a cryptographic and security assessment of the Bulletproof+ (referred to as BP+ hereafter) protocol specific to the Monero blockchain. Our goal is to establish the readiness of a specific C++ implementation of BP+ as a drop in replacement to the existing range proof protocol Bulletproofs in Monero. We plan to cover the following points as a part of the audit:
1. A full peer review of the eprint version ([link]( of the paper with focus on the soundness of the scheme. Note that at the time of writing this proposal, the paper is not yet published in a peer-reviewed conference/journal.
2. Thorough examination if the BP+ code ([link]( accurately represents the Bulletproofs+ prove and verify algorithms, in particular
- To check if the code allows an attacker to generate a false proof that the verify algorithm deems as correct,
- To check if the code leaks any information to an attacker from examining the proof generated by an honest prover,
3. Assess the correctness of the C++ code (~1500 lines of code of BP+ including tests and headers) from a logical and an implementation point of view, including the underlying elliptic curve arithmetic used. We will use an independent Rust [implementation]( to provide an extra layer of validation.
4. Focus on identifying vulnerabilities related to security and in particular the cryptographic properties. We will do our best effort to offer improvements to the code.
### About Us
Our team consists of the following members:
1. [Omer Shlomovits]( Co-founder of [ZenGoX](, [MPC-Alliance](, [ZK-Tel-Aviv]( Vastly [experienced]( in Crypto & Blockchain research, implementing complex cryptographic systems.
2. [Suyash Bagad]( Cryptography Engineer at Aztec Protocol, ZenGoX Research member, B.Tech and M.Tech from the Indian Institute of Technology, Bombay with thesis primarily on [Privacy-preserving Proofs of Reserves for Monero and Grin]( First author of 2 papers presented to IEEE S&B, Crypto Valley conferences. Experienced in implementing zero-knowledge proof systems.
Note: We are the same team who had first [proposed]( the implementation of BP+ for Monero.
### Funding Note
We estimate to complete the project in about 1 month in two steps: (i) Full peer review of the paper, (ii) Complete audit of the implementation in form of a well-compiled report. We need a funding of XMR 90.3 (equivalent of $15,000) as per 7-day average price (1 XMR = $166.13) on Kraken. This project will include both Suyash and Omer working as well as academic advisory from [Prof. Claudio Orlandi](
[^1]: Dr. Sarang's blog on Bulletproofs+. Available:
[^2]: Comparing Bulletproofs and Bulletproofs+. Available ([Part I](, [Part II](, [Part III](
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment