Closed hiddely closed 4 years ago
Hi @hlycklama It is my interest, as well, how the implementation of the Halo protocol's amortization strategies would look like in the Bulletproofs setting. I wrote a piece here https://tlu.tarilabs.com/cryptography/amortization-bp-ipp/mainreport.html Comments can be left here https://github.com/tari-labs/tari-university/pull/258
I have not read the halo paper, but yes the Bulletproofs paper allows for batched verification, which takes advantage of combining proofs to take advantage of the efficiency of the inner product argument.
See details here: https://doc-internal.dalek.rs/bulletproofs/notes/index.html#aggregated-range-proof And I explain more here, under the "aggregated range proof" section: https://medium.com/@cathieyun/building-on-bulletproofs-2faa58af0ba8
See details here: https://doc-internal.dalek.rs/bulletproofs/notes/index.html#aggregated-range-proof
Your link is old (per the missing #hash fragment part of the link)
https://doc-internal.dalek.rs/bulletproofs/range_proof/index.html#aggregated-range-proof-protocol
In this paper (section 3/3.1), the authors suggest a method to amortize the verification cost of an inner product argument. Is this something that could provide an improvement to the current Bulletproof implementation or does it not apply?