Skip to content

Conversation

@jonasnick
Copy link
Contributor

Based on #207.

without this PR

> SECP256K1_BENCH_ITERS=256 ./bench_bulletproofs | grep verify
bulletproofs_uncompressed_verify_64bits_16base,   669.0       ,   670.0       ,   671.0

with this PR:

> SECP256K1_BENCH_ITERS=256 ./bench_bulletproofs | grep verify
bulletproofs_uncompressed_verify_64bits_16base,   642.0       ,   644.0       ,   653.0

TODO:

  • do the same for proving
  • cleanup

…ngeproof module

You can verify this commit with `git diff --color-moved=zebra`
@jonasnick jonasnick mentioned this pull request Feb 7, 2023
apoelstra and others added 27 commits February 8, 2023 03:09
Silence a compiler warning about an unitialized use of a scalar in case
the user tries to provide a 0-length list of commitments.

Also ensures that commitments have normalized field elements when they
are loaded into ges.
Add a transcript module for doing a generic Fiat Shamir
norm arg: add verify test vector with vector size > 1
This makes it easy to use Fiat Shamir in when invoking child protocols.
This commit also updates norm argument to use asset_gen instead of G for
storing the inner product
For compatibility with exisiting Pedersen commitments data structures,
it is necessary to have commitments be of the G_a*v + G*gamma where G_a
is asset gen and gamma is blinding factors.

However, in BP++ design, the blinding values are along H_vec. In order
make these compatible with BP++, we make h0 = G
Commit to digits and multiplicities
Commit to reciprocals of digits as 1/(e + d_i)
Commit to S. Compute l's adaptive to create a zero polynomial
Run the run norm proof argument on the computed C
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants