No Major Issues In Monero’s ‘Bulletproofs’ Protocol, 2 More Audits To Go

Monero, a privacy focused cryptocurrency facilitating anonymous transactions, has announced the successful completion of an external technical audit for its ‘Bulletproofs’ protocol. It is an improved version of protocol related to zero-knowledge proof (ZK-Snarks), which Google’s cofounder Sergey Brin considers as “mind boggling”.

Bulletproofs enables efficient functioning of blockchain network and ensures faster transactions. The concept of Bulletproofs was first introduced by Bunz et al and became a subject of study at Stanford’s Applied Cryptography Group (ACG) and members of the University College London and Blockstream.

According to Stanford

“The technology is basically a non-interactive zero-knowledge proof protocol with very short proofs and without a trusted setup. Furthermore the proof size is only logarithmic in the witness size. Bulletproofs are well suited for efficient range proofs on committed values.”

The implementation will result in cheaper and faster transactions on the Monero network. As the data being processed is considerably smaller, the network will be able to scale-up easily.

Presently, two kinds of bulletproofs are being developed by the Monero team. They are single-output and multiple output. The single-output Bulletproof transactions compress transaction data by as much as 80% on the Monero blockchain. This means transaction costs will reduce further by about 80%, upon implementation of the Bulletproofs protocol on the mainnet. Multiple-output transactions will further decrease the data size, leading to an extremely low transaction fee.

Monero, through a blog post stated

“Overall, bulletproofs represent a huge advancement in Monero transactions. We get massive space savings, better verification times, and lower fees.”

Since December 2017, the concept was trialed on testnet. With the successful completion of audit, Bulletproofs has gone one step closer to become a reality. Kudelski Security, which conducted the audit, has found four ‘potential’ security issues of low risk nature. Furthermore, eight more errors related to“general code safety”, with minimum damage potential, were also found out. The cyber security firm did not find any crucial errors in the code.

“Although we didn’t find major security issues, the relative complexity of the new protocol combined with the limited set of tests (in particular, without test values) is a potential risk.”

To make sure that the audit process did not miss anything, Monero is planning to conduct two more audits. The first audit will be mostly done by the co-author of Bulletproofs research paper. The other audit will be performed by Quarkslab. Both audits will begin in the weeks to come. The Bulletproofs protocol is expected to be deployed in September/October. Sing-output Bulletproofs is planned to be rolled out initially. It will be followed by multiple-outputs.