Profile picture
Lucas Nuzzi @LucasNuzzi
, 16 tweets, 5 min read Read on Twitter
1\ In 6 hours, #Bulletproofs become mandatory on the #Monero mainnet.

I don't remember being this excited about a hard fork in a long time. The article below gives you the full picture as to why, but I will try to summarize it in this thread.

medium.com/digitalassetre…
2\ Disclaimer before I begin: A couple of weeks ago, I shared some of the findings of our report on #Zcash and many in the community (incl. @fluffypony) perceived it as an attack on @monero.

- It wasn't. In fact, we see vibrant experimentation and development in Monero.
3\ #Bulletproofs is one the most important technologies deployed on a mainnet this year. It can be applied to many proof systems to increase privacy and efficiency, as it reduces transaction sizes (& fees) by as much as 80%.

To fully appreciate this, let's clarify a few things:
4\ Monero uses a Ring Signature scheme, whereby a transaction's real sender is mixed with decoy signatures pulled from the chain. The primary goal of a ring signature is to enable the true signer of a message to claim plausible deniability, as real & decoy signers become equal.
5\ RingCT adds Confidential Transactions to this scheme, which hide transaction amounts. Despite popular belief, Confidential Transactions use encoding (which keeps data hidden, immutable and verifiable), instead of encryption (which keeps data hidden and reversible).
6\ At a low level, the fundamental basis of Confidential Transactions is a cryptographic primitive for encoding called a Pedersen commitment. For context, cryptographic primitives are the building blocks of systems that use cryptography and are comprised of well-known algorithms.
7\ All input values in an XMR transaction are encoded, and a by-product of this process is a data point called a range proof. In essence, range proofs allow the network to verify that the amounts in a tx are not negative, and that the sender is not creating XMR out of thin air.
8\ Range proofs consume a lot of space, and this is the problem Bulletproofs can address. It proposes using a non-interactive zero knowledge proof (NIZKP) system to aggregate all the range proofs of a Confidential Transaction and collectively prove their validity.
9\ For context, the basic concept behind a NIZKP is to cryptographically prove that something exists, without knowing what that something is. This is achieved by issuing a set of challenges that, if completed successfully, can statically prove that a party has a secret.
10\ Relative to zk-SNARKs, the NIZKP system proposed by the Bulletproof white paper has both benefits and drawbacks. On one hand, it does not require a trusted setup for parameter generation, like Zcash. On the other hand, its verification is more time consuming.
11\ Up until today, XMR transactions scaled mostly linearly depending on the number of outputs (ex: 1 output = 7kB, 2 outputs = 14kB).

Now, under Bulletproofs, transaction size will scale logarithmically (ex: 1 output = 2kB, 2 outputs = 2.5kB).
12\ This is a significant increase in efficiency, as it reduces transaction size and lowers fees. Bitcoin can greatly benefit from Monero's testing of Bulletproofs (& CT), and it's great to see developers applying this technology to a network of Monero's size.
13\ The space savings granted by Bulletproofs may also enable the implementation of additional obfuscation mechanisms. As I have suggested to MRL, increasing the mandatory number of outputs in a transaction can make it significantly harder to trace balances by analyzing the chain
14\ An interesting observation for the cryptography nerd: once Bulletproofs activate, Monero and Zcash will become cousins. Both make use of Non-Interactive Zero Knowledge Proofs that conceptually share a common ancestor: the Fiat-Shamir heuristic. Maybe now we can stop fighting?
15\ To conclude, both Zcash and Monero have their fair share of virtues and drawbacks, and while they are often compared against each other, we believe both will succeed in the long run.

Final disclaimer: I own both ZEC and XMR. This is not financial advice.
One more hour to go. Make sure your nodes are up to date. Here's a website with the countdown: xmr.noctism.com
Missing some Tweet in this thread?
You can try to force a refresh.

Like this thread? Get email updates or save it to PDF!

Subscribe to Lucas Nuzzi
Profile picture

Get real-time email alerts when new unrolls are available from this author!

This content may be removed anytime!

Twitter may remove this content at anytime, convert it as a PDF, save and print for later use!

Try unrolling a thread yourself!

how to unroll video

1) Follow Thread Reader App on Twitter so you can easily mention us!

2) Go to a Twitter thread (series of Tweets by the same owner) and mention us with a keyword "unroll" @threadreaderapp unroll

You can practice here first or read more on our help page!

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just three indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member and get exclusive features!

Premium member ($30.00/year)

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!