Hi Andrew - we have been looking at using bullet proofs for proof of location knowledge, and proof of environment knowledge (temperature/humidity) in supply chain transactions. I was wondering if you could help us out with our questions.

1. The Confidential Transactions API provide a min/max range but the bullet proof API only seem to provide a min range API. Is there a reason for this or are we missing something.

2. Once we have a range proof we would like to pass this proof down a chain of suppliers and customers in a way that observers of the public data on the blockchain cannot trace back up the chain to reveal the addresses of the participants in the chain of supplier and customers. Something like what is described here: http://dspace.mit.edu/bitstream/handle/1721.1/35401/31311897-MIT.pdf;sequence=2
   We are not sure if there is a library that can help with this or if there is more recent research that we should be looking at.

Thanks

Bulletproofs are just mind blowing making it ideal into a global crypto currency. They are Light and in the same time very efficient in both CPU and memory usage. BP looks amazing to be integrated into anonymous coins.

My only concerns are about about correctness of the implementation and readiness. Could this implementation be integrated in a real cryptocurrency? Do you guys think, exploits that could not be fixed can appear?

I am running into an issue (RC=0) on rangeproof_verify where, at the end of the borromean_verify the memory compare is failing. I am still quite the n00b on this and haven't reached a level of understanding to understand why.

The rangeproof_info runs and returns what appears to be sensible min/max value range. The rangeproof_verify fails (but the min/max range returned are the same as the rangeproof_info)

Here are some of the data points (converted to hex strings for this issue):
Pederson commit (RC=1) :
commit result = 8186b483d56a33826ae73d88f732985c4ccb1f32ba35f4b4cc47fdcf04aa6eb

rangeproof_sign: (RC=1):
proof result = 651 bytes with:
60700000001e71d15da123812f19dbdae65812ac8433ece2d6dbf4fda54ee87a112620c8469ae80bc67945d9a15aea39018195a3b75babce28a683c10688a21c43769388594b417548738a277be6b728b197c659342ca55b2188bd96e3723139cfe19d8b734c5afa7eb9b01fb46f5b40fcfc62ff7864c72a4cab1a543fd6bc695d97b0b83dad4a9fe6f4198b1a97204a12ea298296a9be1c1b1cac28d075a31dfebfedc3cb515a1b97ed96c2fd848795f62295fdaa293bad5427ed2417a59df9a6a85b8ec4dce06d6632d247a8ec2dcaf3f9eb3d071deb71242434c389f355637647afcf67cca57cc64d6735fef67ea977bd556ac3824a77e7402f9825cbe0157d7aa0f8bf2e68e0aa267f0471189b6d0cc242e404abdc34b5d4d1403ad03e4d375e4784fcba7d3066e716fa52761513eaace3c338aeaefefea3ad9ef627521d1ce8cb2608a683e8bf4b36fb01465bc2b5e55dbab981b61c43ef27123d83bdafa0d180797640e7b5ded4cdb396cfd71d9ddaebfb88582ed3d05a2388b47affb4e4b67232c9ce3691552e9bcb7ef7b1b845ffed7fba9116ce62ecbc40f542f94056ab20ffc72af0142fdec0bf5d310be269c25bb5ddaa23737a6422de65274f668529adcc5bc7bb7ab854d47c14e27f2d4f56079b79e7d552e4fbe85527b6e56fc3efc0884cde739ff953b2dfbc61d41ad9f9a61d98d86628563f5f88d3e83576954592ca8eba3ce5acfe6670cb4d5d175997814bf64180fe56a41845c6dd49f47d6cef1c40c59cc054154af6c12a84bbfd9c531526618cd098793675ccf5d5c261669c2fe10484c701f2cf15bb1c74087d1a3893e3b72ca2ba2d18f295af7b5bcaf70877842ba20307a6edd6324414b380c4a99cc8

In rangeproof_verify, in borromean verify:
e0 = 8b734c5afa7eb9b01fb46f5b40fcfc62ff7864c72a4cab1a543fd6bc695d97b0
tmp = acd4ce0ac50ba4fe2a7732a821010e8d3247316781370f9bef0561bbcf289e

Any insight would be helpful.

Hello, I was experimenting with the Bulletproof library and noticed a minor error in bench_bulletproof.c. This issue arises when installing the library with specific configuration modules. The mistake occurs on line 302 and is as follows:

data.generators = secp256k1_bulletproof_generators_create(data.ctx, &data.blind_gen, 64 * 1024, 1);

The correct code, as indicated by line 299, should be:
data.generators = secp256k1_bulletproof_generators_create(data.ctx, &data.blind_gen, 64 * 1024);

It's only a minor mistake, but I thought it was worth pointing out. Other than that, everything works well. If you're interested in how I configured it, I've included a brief note below:

git clone -b bulletproofs https://github.com/apoelstra/secp256k1-zkp/

./autogen.sh

./configure --enable-module-commitment --enable-module-rangeproof --enable-module-generator --enable-module-bulletproof --enable-experimental

Now to fix a minor error open the file located at:
/secp256k1-zkp/src/bench_bulletproof.c
and change line 302 to:
data.generators = secp256k1_bulletproof_generators_create(data.ctx, &data.blind_gen, 64 * 1024);

Now run:
make
./tests
sudo make install

To check if everything gets installed write the following:
ls "/usr/local/include/"

The output should show something like the following:
secp256k1_bulletproofs.h secp256k1_ecdh.h secp256k1_extrakeys.h secp256k1_preallocated.h secp256k1_schnorrsig.h
secp256k1.h secp256k1_commitment.h secp256k1_ellswift.h secp256k1_generator.h secp256k1_rangeproof.h

Given a commitment C=x1G+x2G+vH, constructed by 2 participants that each only know one of the blinding factors and v, would it be possible for both of them to generate some kind of a partial bulletproof, which can then be aggregated by either of them to produce a single bulletproof for C?

Hi, I'm trying to use the implementation of bulletproofs. I built with these commands:

./autogen.sh
./configure --enable-experimental --enable-module-commitment --enable-module-generator --enable-module-bulletproof
make

Which gives the error:

src/bench_bulletproof.c:302:23: error: too many arguments to function ‘secp256k1_bulletproof_generators_create’
  302 |     data.generators = secp256k1_bulletproof_generators_create(data.ctx, &data.blind_gen, 64 * 1024, 1);``

Is this a bug or something I messed up?

How do I install the .a,.o,.so etc files at a custom location?
Thanks,
L