Impossible to verify proof on-chain #1
Comments
|
Hello Dario.
Yes, proof can not be verified on chain right now as it’s too expensive. You can try to reduce bit length to 16 bits and change corresponding “m” and “n” parameters. Can you run tests on local ganache-cli environment with 20m gas block limit?
Sincerely, Alex
…________________________________
From: Dario Anongba Varela <[email protected]>
Sent: Friday, May 25, 2018 5:14:10 PM
To: BANKEX/BulletproofJS
Cc: Subscribed
Subject: [BANKEX/BulletproofJS] Impossible to verify proof on-chain (#1)
Hi!
I tried your code today but I was sadly unable to verify a generated proof on-chain. Testing multiRangeProofVerifier.js and rangeProofVerifier.js hit a "revert". Also the gas cost exceeds the block limit of around 7M gas. I was unable to find the cause of the bug though.
Cheers,
Dario
—
You are receiving this because you are subscribed to this thread.
Reply to this email directly, view it on GitHub<#1>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AGKv95xuREwOnatttHdmFumTTmbmZbMyks5t2BGygaJpZM4UODP3>.
|
|
Hi! I tried merging @shamatar's JS Bulletproof creation and @solidblu1992's smart contracts since @shamatar's proof verification on-chain does not work as it costs too much gas for some reason and @solidblu1992's does not have a way to create proofs in JavaScript so his implementation cannot be used in a web or mobile apps. Being able to merge both would actually result in an usable implementation of Confidential transactions. Sadly, it doesn't work on this specific line in BulletproofVerifiy.sol: v.Y2 = ecMath.MultiExp(bp[0].V, v.vpz, 0, 0); require(P.length == 2*s.length); I'm pretty sure that I serialize the parameters correctly following @solidblu1992's guideline. The code to test this can be found on this repo. Checking the file test/bulletproofs.js. Any ideas? Would be nice to actually have a working prototype instead of just PoCs for Confidential transactions. |
|
Hello @darioAnongba I'm working on a draft of serialization format + relayers fee for transaction, I hope that we can start a work of merging tomorrow. Let me finish with a work and I'll get back to you with this problem :) The main problem we will have to solve is whether using a block hash as a source of random number to save 50% of gas on verification is acceptable and secure. Sincerely, Alex |
|
Hi, ok I understand. Let me know if I can be of any help. Also concerning the debugging with ganache-cli, going down to 32 bits still reverts. It works with 16 bits costing 4291783 gas. Also, I coulnd't figure out what the N parameter was and what to set as you don't use it to generate or verify proofs on-chain. I kept it at 6. Cheers, |
|
N parameter is just a log2(M), to limit number of public parameters needed for generation.
…________________________________
From: Dario Anongba Varela <[email protected]>
Sent: Monday, May 28, 2018 7:27:19 PM
To: BANKEX/BulletproofJS
Cc: Alexander; Mention
Subject: Re: [BANKEX/BulletproofJS] Impossible to verify proof on-chain (#1)
Hi, ok I understand.
Let me know if I can be of any help.
Also concerning the debugging with ganache-cli, going down to 32 bits still reverts. I works with 16 bits costing 4291783 gas. Also, I coulnd't figure out what the N parameter was and what to set as you don't use it to generate or verify proofs on-chain. I kept it at 6.
Cheers,
Dario
—
You are receiving this because you were mentioned.
Reply to this email directly, view it on GitHub<#1 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AGKv9zBeJyS3qmD4rpaiy5tBmjrHAvU-ks5t3CVngaJpZM4UODP3>.
|
|
Oh I see. |
Hi!
I tried your code today but I was sadly unable to verify a generated proof on-chain. Testing multiRangeProofVerifier.js and rangeProofVerifier.js hit a "revert". Also the gas cost exceeds the block limit of around 7M gas. I was unable to find the cause of the bug though.
Cheers,
Dario
The text was updated successfully, but these errors were encountered: