BulletproofGens struct contains all the generators needed
for aggregating up to
m range proofs of up to
n bits each.
Instead of constructing a single vector of size
described in the Bulletproofs paper, we construct each party's
To construct an arbitrary-length chain of generators, we apply
SHAKE256 to a domain separator label, and feed each 64 bytes of
XOF output into the
ristretto255 hash-to-group function.
Each of the
m parties' generators are constructed using a
different domain separation label, and proving and verification
uses the first
n elements of the arbitrary-length chain.
This means that the aggregation size (number of
parties) is orthogonal to the rangeproof size (number of bits),
and allows using the same
BulletproofGens object for different
This construction is also forward-compatible with constraint system proofs, which use a much larger slice of the generator chain, and even forward-compatible to multiparty aggregation of constraint system proofs, since the generators are namespaced by their party index.
The maximum number of usable generators for each party.
Number of values or parties
Precomputed \(\mathbf G\) generators for each party.
Precomputed \(\mathbf H\) generators for each party.
Create a new
gens_capacityis the number of generators to precompute for each party. For rangeproofs, it is sufficient to pass
64, the maximum bitsize of the rangeproofs. For circuit proofs, the capacity must be greater than the number of multipliers, rounded up to the next power of two.
party_capacityis the maximum number of parties that can produce an aggregated proof.
pub fn share(&self, j: usize) -> BulletproofGensShare[src]
Returns j-th share of generators, with an appropriate slice of vectors G and H for the j-th range proof.
pub fn increase_capacity(&mut self, new_capacity: usize)[src]
Increases the generators' capacity to the amount specified. If less than or equal to the current capacity, does nothing.
Return an iterator over the aggregation of the parties' G generators with given size
Return an iterator over the aggregation of the parties' H generators with given size
impl Clone for BulletproofGens[src]
Auto Trait Implementations
impl RefUnwindSafe for BulletproofGens
impl Send for BulletproofGens
impl Sync for BulletproofGens
impl Unpin for BulletproofGens
impl UnwindSafe for BulletproofGens
type Output = T
Should always be
type Owned = T
The resulting type after obtaining ownership.
fn clone_into(&self, target: &mut T)[src]
The type returned in the event of a conversion error.