Hi,

I've been using pretty heavily your library to create bulletproofs in web and mobile applications for my Master's thesis. The proof generation is quite fast on the browser and Node but extremely slow on mobile devices (I know it's not ideal at all to do cryptography in JS on mobile but rewriting the library in Native code would be too much work).

What I noticed is that it takes around 1 min to generate a proof of 16 bits on a Samsung S8. The vast majority of the time is spent in the "generateFromWitness" function. I think the reason is that it uses recursion, which may not be optimized in all JS engines.
Do you think it would make sense not to use recursion if trying to increase performances, even if less elegant?

Here is a benchmark showing that you should never use recursion in JavaScript: https://stackoverflow.com/questions/24915428/does-javascript-performance-suffer-from-deep-recursion

Cheers,
Dario

Hi!

I tried your code today but I was sadly unable to verify a generated proof on-chain. Testing multiRangeProofVerifier.js and rangeProofVerifier.js hit a "revert". Also the gas cost exceeds the block limit of around 7M gas. I was unable to find the cause of the bug though.

Cheers,
Dario

Hi ,

Suppose I want to prove that a number lies in a certain range.How can I use this library to do so?
which field is the secret number field and which is the lower and upper limit of the range?

Hi,

I've been testing some values in the multiRangeProofVerifier and I get a Polynomial identity check failed when I tested it with number = 321 and change = 29 (I got rid of extra and zero).

This error appears randomly depending on the inputted values. Any idea why ?

Cheers,
Dario