From 43cbfe194157cedfd89e853058948fd8184e26b1 Mon Sep 17 00:00:00 2001 From: Suyash Bagad Date: Tue, 22 Dec 2020 18:23:36 +0100 Subject: [PATCH 1/2] Initial commit of bp+ audit proposal. --- bulletproofs-plus-audit.md | 48 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) create mode 100644 bulletproofs-plus-audit.md diff --git a/bulletproofs-plus-audit.md b/bulletproofs-plus-audit.md new file mode 100644 index 0000000..46ede2f --- /dev/null +++ b/bulletproofs-plus-audit.md @@ -0,0 +1,48 @@ +--- +layout: fr +title: "Bulletproofs+ Audit for Monero" +author: Suyash Bagad +date: 22 December 2020 +amount: 99 +milestones: + - name: Audit Report of Bulletproofs+ Code and the E-print paper + funds: 100% (99 XMR) + done: + status: unfinished +payouts: + - date: + amount: +--- + +### Overview + +Hello everyone! This CCS proposal is for the audit of the Bulletproofs+ [implementation](https://github.com/SarangNoether/monero/tree/bp-plus) for range proofs in Monero. [Bulletproofs+](https://eprint.iacr.org/2020/735) is a more efficient range proof protocol building on [Bulletproofs](https://eprint.iacr.org/2017/1066.pdf). Bulletproofs+ for Monero has been implemented by Dr. Sarang Noether as per [this](https://charity.gofundme.com/o/en/campaign/dr-sarang-noether-to-implement-bulletproofs-in-monero) proposal. Bulletproofs+ offers at least 5% proof size reduction and 5-10% speedup in verification[^1]. Refer to our blogs[^2] for in-depth technical differences between Bulletproofs and Bulletproofs+. + +### Scope + +We aim to perform a cryptographic and security assessment of the Bulletproof+ (referred to as BP+ hereafter) protocol specific to the Monero blockchain. Our goal is to establish the readiness of a specific C++ implementation of BP+ as a drop in replacement to the existing range proof protocol Bulletproofs in Monero. We plan to cover the following points as a part of the audit: +1. A full peer review of the eprint version ([link](https://eprint.iacr.org/2020/735)) of the paper with focus on the soundness of the scheme. Note that at the time of writing this proposal, the paper is not yet published in a peer-reviewed conference/journal. +2. Thorough examination if the BP+ code ([link](https://github.com/SarangNoether/monero/tree/bp-plus)) accurately represents the Bulletproofs+ prove and verify algorithms, in particular + - To check if the code allows an attacker to generate a false proof that the verify algorithm deems as correct, + - To check if the code leaks any information to an attacker from examining the proof generated by an honest prover, +3. Assess the correctness of the C++ code (~1500 lines of code of BP+ including tests and headers) from a logical and an implementation point of view, including the underlying elliptic curve arithmetic used. We will use an independent Rust [implementation](https://github.com/ZenGo-X/bulletproofs) to provide an extra layer of validation. +4. Focus on identifying vulnerabilities related to security and in particular the cryptographic properties. We will do our best effort to offer improvements to the code. + +### About Us + +Our team consists of the following members: +1. [Omer Shlomovits](https://www.omershlomovits.com/): Co-founder of [ZenGoX](https://zengo.com/research/), [MPC-Alliance](https://www.mpcalliance.org/), [ZK-Tel-Aviv](https://www.meetup.com/Zero-Knowledge-Tel-Aviv/). Vastly [experienced](https://www.omershlomovits.com/work) in Crypto & Blockchain research, implementing complex cryptographic systems. +2. [Suyash Bagad](https://suyash67.github.io/homepage/): Cryptography Engineer at Aztec Protocol, ZenGoX Research member, B.Tech and M.Tech from the Indian Institute of Technology, Bombay with thesis primarily on [Privacy-preserving Proofs of Reserves for Monero and Grin](https://suyash67.github.io/homepage/assets/pdfs/suyash-masters-thesis.pdf). First author of 2 papers presented to IEEE S&B, Crypto Valley conferences. Experienced in implementing zero-knowledge proof systems. + +Note: We are the same team who had first [proposed](https://repo.getmonero.org/monero-project/ccs-proposals/-/merge_requests/156) the implementation of BP+ for Monero. + +### Funding Note + +We estimate to complete the project in about 1 month in two steps: (i) Full peer review of the paper, (ii) Complete audit of the implementation in form of a well-compiled report. We need a funding of XMR 99 (equivalent of $15,000) as per 7-day average price (1 XMR = $151.80) on Kraken. This project will include both Suyash and Omer working as well as academic advisory from [Prof. Claudio Orlandi](https://users-cs.au.dk/orlandi/). + + +[^1]: Dr. Sarang's blog on Bulletproofs+. Available: https://gist.github.com/SarangNoether/ee6367fa8b5500120b2a4dbe23b71694 + +[^2]: Comparing Bulletproofs and Bulletproofs+. Available ([Part I](https://suyash67.github.io/homepage/project/2020/07/03/bulletproofs_plus_part1.html), [Part II](https://suyash67.github.io/homepage/project/2020/07/03/bulletproofs_plus_part2.html), [Part III](https://suyash67.github.io/homepage/project/2020/07/03/bulletproofs_plus_part3.html)) + + From f87a4585802845826fbda7137b67bed6054fc4f3 Mon Sep 17 00:00:00 2001 From: Suyash Bagad Date: Wed, 13 Jan 2021 22:45:03 +0100 Subject: [PATCH 2/2] Updated funding to consider latest XMR price. --- bulletproofs-plus-audit.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/bulletproofs-plus-audit.md b/bulletproofs-plus-audit.md index 46ede2f..8a61b13 100644 --- a/bulletproofs-plus-audit.md +++ b/bulletproofs-plus-audit.md @@ -3,10 +3,10 @@ layout: fr title: "Bulletproofs+ Audit for Monero" author: Suyash Bagad date: 22 December 2020 -amount: 99 +amount: 90.3 milestones: - name: Audit Report of Bulletproofs+ Code and the E-print paper - funds: 100% (99 XMR) + funds: 100% (90.3 XMR) done: status: unfinished payouts: @@ -38,7 +38,7 @@ Note: We are the same team who had first [proposed](https://repo.getmonero.org/m ### Funding Note -We estimate to complete the project in about 1 month in two steps: (i) Full peer review of the paper, (ii) Complete audit of the implementation in form of a well-compiled report. We need a funding of XMR 99 (equivalent of $15,000) as per 7-day average price (1 XMR = $151.80) on Kraken. This project will include both Suyash and Omer working as well as academic advisory from [Prof. Claudio Orlandi](https://users-cs.au.dk/orlandi/). +We estimate to complete the project in about 1 month in two steps: (i) Full peer review of the paper, (ii) Complete audit of the implementation in form of a well-compiled report. We need a funding of XMR 90.3 (equivalent of $15,000) as per 7-day average price (1 XMR = $166.13) on Kraken. This project will include both Suyash and Omer working as well as academic advisory from [Prof. Claudio Orlandi](https://users-cs.au.dk/orlandi/). [^1]: Dr. Sarang's blog on Bulletproofs+. Available: https://gist.github.com/SarangNoether/ee6367fa8b5500120b2a4dbe23b71694