Superman. Thor. Colossus. Iron Man. Findora. Whether they fight for justice in the world of color-dot imagination — or save the day with futuristic crypto technology — each of these has made using their bulletproof superpower look easy.
So what does “bulletproof” mean when it comes to cryptocurrency?
Bulletproofs are a specific kind of zero-knowledge proof (ZKP) called SNARKs. They are range-proofs that can prove statements of low to medium complexity, and are used by Findora to mask the amount and token type involved in a transaction, though not the sender and receiver address.
To better understand what Bulletproofs are, let’s back up real quick and go over zero-knowledge proofs.
Understanding Zero-Knowledge Proofs
ZKPs are a sophisticated way to prove identity without revealing real personal data, such as bank information, passwords, Social Security numbers, and other sensitive information. The technology is based on three elements: witness, challenge, and response.
The ZKP verification process begins when a user wants to prove knowledge of some hidden information. The hidden information is the “witness” to the proof. By asking a set of questions, the “prover” can establish whether the other party, referred to as the “verifier,” really knows this hidden information, without revealing any specifics of the information.
The prover asks the verifier a question that can only be answered by someone who has knowledge of the hidden information. The verifier responds with a challenge — asking the prover a question. By the third stage — the response — the verifier sends another question. When the prover responds, the verifier checks the answers against known characteristics of the hidden information. This cycle repeats until the verifier is confident the other party really does know the secret information.
ZKP developers often use an analogy known as the “Ali Baba cave” to explain the way ZKPs work in relatively simple terms. Within this imaginary cave, there is a magic door that can only be opened with the right secret word. A character called Peggy knows the word, and another figure named Victor wants to be able to confirm that she really does know the password.
Victor must devise a way to confirm the secret word without ever actually knowing it. This involves a series of questions in which he doesn’t seek a direct answer about the secret word itself, but rather about the parameters or context of this knowledge — ancillary information that could only be known by someone who also knows the secret word. Through a complex exchange of very limited information, Victor becomes convinced that Peggy knows the magic word, and Peggy keeps her secret.
A Wonderland of SNARKs and STARKs
“Just the place for a Snark! I have said it twice:
That alone should encourage the crew.
Just the place for a Snark! I have said it thrice:
What I tell you three times is true.”
— Lewis Carroll, The Hunting of the Snark
For many developers, ZKP technology is just the place for a SNARK. Rather than the imaginary creation of an iconic writer — and an equally accomplished mathematician — SNARK in the crypto realm is an abbreviation for zero-knowledge succinct non-interactive argument of knowledge. A companion technology, STARK, is known as zero-knowledge scalable transparent argument of knowledge.
SNARKs require a trusted setup and the creation of cryptographic keys to verify identity. STARKs do not require a trusted setup and provide more scalability, transparency and security for blockchains. However, STARKs also have a larger proof size and take longer to verify. STARKs are the newer technology, and are currently more expensive to use in transactions and have very little documentation or developer support. So although STARKs feature some clear advantages, at this time they are less commonly used in ZKP verification. For more on the comparative benefits of these technologies, see this insightful article by ConsenSys.
Bulletproofs are essentially a trustless SNARK. In real terms, this means that two parties in a transaction do not need a third intermediary. This feature is central to Findora’s decentralized character, allowing transactions to take place without the intervention of an additional party.
What Are Bulletproofs?
In the crypto universe, Bulletproofs are known as an advanced innovation in zero-knowledge proofs. The concept was refined by a team of Stanford researchers, many of whom became industry pioneers at Findora, a public blockchain that provides on-chain confidentiality and programmable privacy.
Bulletproofs are a way that a prover and verifier can prove to the chain that everything is in order without putting on the chain what all the transaction details are. The two parties have a trustless way to prove that the input amount of the transaction type is accurate.
They are also a far more efficient ZKP than other options. By streamlining the efficiency of ZKPs, Bulletproofs can verify proofs in less than half a millisecond, adding new layers of trust, privacy and security to cryptocurrency transactions.
Because they do not require massive proof sizes, Bulletproofs do not create network congestion. Like STARKs, they do not require a trusted setup, but the similarity ends there — the size of a Bulletproof is ten times smaller when compared with the tremendous proof sizes typical of STARKs.
Every ZKP transaction contains cryptographic proof that the transaction is valid. Bulletproofs shrink the size of the cryptographic proof from over 10kB to less than 1kB.
|Protocol||Proof size||Prover time||Verifier time||Batch verification time (amortized)|
|Bulletproofs (used in Findora)||739 bytes||29 ms||3.4 ms||0.34 ms|
|Sigma protocol||8 KB||32 ms||16ms||16 ms|
|SNARKs||180 bytes||4000 gates|
|~10 ms||~10 ms|
Bulletproofs take milliseconds to generate. As Findora explains: “Bulletproofs’ verification time benefits greatly from batch processing. The amortized verification time for confidential transactions with Bulletproofs is 0.34ms. Furthermore, these numbers do not take in parallel processing, which could scale the throughput of proof verification (proofs/seconds) linearly in the number of processors.”
How Bulletproofs Work With ZKP
Bulletproofs hide the amount and asset type of a transaction, but not the identities of the sender and receiver. Users benefit from the ability to selectively disclose transactions, based on their own personal preferences. The sender and recipient always have the option to unmask hidden data. This is called double masking.
The sender uses ZKP to prove that a committed amount falls within a certain range, without specifying the actual figure. A sender can use this scheme to prove that the amount he sent is non-negative and does not exceed his balance, which is necessary to prevent double-spending on the chain.
Real-world examples include a lending platform that needs to prove solvency, a fund seeking to prove it is investing within its mandate, an investor anonymously demonstrating accreditation, or an auditor checking compliance while preserving confidentiality.
According to Warren Paul Anderson, Vice-President of Product at Discreet Labs, a key contributor to the development of Findora, these privacy features work seamlessly together to facilitate secure, stable, and private financial transactions: “Findora Native Chain uses zero-knowledge proofs, namely Bulletproofs (live) and PLONKs (test) to support private transactions. This enables users with an option to send / receive transactions privately by hiding the amount, the asset type, and (soon) the address. It also allows users to issue private tokens, such as stablecoins. This ZKP privacy can be extended to EVM-based blockchains as well.”
Limitations of Bulletproofs
Though Bulletproofs dramatically increase the speed and efficiency of confidential transactions, making private financial services possible on a blockchain, it is a limited technology. Notably, it cannot protect the wallet addresses used in a transaction. However, triple masking, using another advanced zero-knowledge proof technology known as Plonks, will be able to.
Triple masking is a unique cryptographic technology that will soon “extend Findora’s current implementation of private transactions, which currently masks transaction amounts, to also include the ability to mask the sender and receiver’s addresses,” says Anderson. “Triple masking will unlock enhanced use cases that can be developed on Findora. Imagine private stablecoin remittance, private DEX transactions with no front running nor MEV attacks, private DAOs, private NFTs, etc.”
In the DeFi sphere, Bulletproofs are kryptonite to fraud, providing highly-secure zero-knowledge verification to investment funds, lending platforms, and security exchanges whose inefficiencies often make them vulnerable to scams, schemes and cyberattacks.
Bulletproofs have many other transactional benefits, including shorter proofs of solvency, short verifiable shuffles, confidential smart contracts, and as a drop-in replacement for Sigma protocols.
As Findora notes: “This is a transparent scheme, meaning it does not require any preprocessing phase or trusted setup. The security of Bulletproofs relies on the hardness of the discrete logarithm problem in elliptic curves, which is one of the oldest and most battle-tested assumptions in cryptography.”
Looking forward, Anderson believes these technologies will make Findora “a liquidity hub for privacy, by combining its multi-chain architecture to extend privacy to other blockchain ecosystems. Findora will accelerate the mainstream adoption of web3 through privacy where users can not only own their crypto but also own their data, and selectively disclose transaction details for auditing, without revealing the global state of all transaction history.”
Findora is a public blockchain with programmable privacy for a wide range of cryptocurrency transactions, including stablecoins, wrapped tokens, DeFi and NFTs. Bulletproofs and next-generation ZKP innovations are central to its twin missions of enhancing the security of crypto transactions while optimizing transparency.
Findora is one of the most decentralized delegated POS blockchains. Findora uses a novel multi-chain architecture, which consists of a UTXO-based blockchain for privacy and scalability (called Native Chain), and an account-based EVM-compatible blockchain for programmability, interoperability, and composability (called Smart Chain).
The multi-chain architecture is intraconnected via a trustless atomic swap protocol called Prism. Findora’s multi-chain architecture parallelizes the best of ZKP for scalability and privacy with the best of EVM for programmability, interoperability, and composability.
Carolyn Coley is a blockchain reporter. She joined Smartereum after graduating from UC Berkeley in 2018.