Closed tarcieri closed 4 years ago
This should be possible in principle. BPs use arithmetic API for scalars and opaque group elements, plus a multiscalar multiplication API for efficient verification.
Implementation of multiscalar multiplication (see curve25519-dalek impls) is more group-specific, as it relies on certain size and bit patterns in the scalars, plus various point representations on curve25519, switching from one to another based on whether a point is readded multiple times.
I suspect that a bigger obstacle is that secp256k1 bulletproofs already exist, but are implemented differently and with a different proof format. So I'm not sure who would be the audience for ristretto-style bulletproofs using secp256k1.
I suspect that a bigger obstacle is that secp256k1 bulletproofs already exist
Hi, I am looking for exactly that, but all I could find was this dead PR in libsecp256k1-zkp. Were you referring to another one by any chance? If so could you point me to it?
I'm implementing traits from the
group
crate in thek256
crate (presentlyGroup
andCurve
, but after thatPrimeGroup
would not be too difficult):https://github.com/RustCrypto/elliptic-curves/pull/164/files
I'm curious if it would be possible to use these traits to support Bulletproofs using other prime order groups besides Ristretto255 (Just an intellectual curiosity; I have no use case for this)