Question about the inner product proof

dalek-cryptography / bulletproofs

A pure-Rust implementation of Bulletproofs using Ristretto.

MIT License

1.02k stars 218 forks source link

Question about the inner product proof #299

Closed kenshamir closed 5 years ago

kenshamir commented 5 years ago

On this line: https://github.com/dalek-cryptography/bulletproofs/blob/main/src/inner_product_proof.rs#L197

What is the rationale to providing n if it can be derived from the information already given 1 << lg_n)?

hdevalence commented 5 years ago

n is (implicitly) part of the statement to be proved ("the inner product of these vectors of length n is ..."), so the code should verify that the witness data satisfies it. Otherwise you could imagine something like a prover which claims to be performing an inner product proof on vectors of length 1024 but actually supplies a proof about vectors of length 0 (whose inner product is 1), or something like that.