Zoltan asks, “What are Bulletproofs?

A team of researchers has published a paper titled ‘Bulletproofs: Short Proofs for

Confidential Transactions and More.’ “It described Bulletproofs as a new non-

interactive zero knowledge proof protocol, with very short proofs and without a trusted setup.” “What does it mean? How does it work?

What will be the practical benefits?” A highly technical question. Thank you for asking it,

Zoltan. Let me try to explain this as best I can. Confidential transactions (CT) is an invention published

three years ago [by Gregory Maxwell] that allows you… to encrypt the amount in a bitcoin transaction. By encrypting the amounts, you can [hide]

a very important source of information… [which] analytics companies can track. In [answering] a previous question I mentioned CoinJoin,

where lots of people participate in a transaction. One of the disadvantages of that is, unless you

are all trading approximately the same amount, it is very easy to track which input belongs to

which output because of the amounts involved. Confidential transactions is meant to be

used with coin mixing strategies to create… anonymous and private bitcoin transactions,

whereby no one can track who is paying what to whom. Confidential transactions encrypts the value so

you can’t see how much is being transacted. If you use that together with mixing, you can’t really

tell which output corresponds to which inputs. It makes for much more robust privacy. You might be thinking, ‘if the amount is encrypted,

how do we know they didn’t spend money twice?’ ‘How do we know they didn’t create new money

from nothing, [i.e. inflate the supply]?’ The technique that’s used in confidential transactions

is called a zero-knowledge proof, where you prove something is true without

knowing some underlying information. In the case of confidential transactions, you can use

a special type of math in the zero-knowledge proof, to [show that] the amounts in the inputs

and outputs are equal and add up to zero, without knowing what these amounts are. This seems impossible [to a layperson]. The math, when

you read it, doesn’t make it seem any more possible. It is quite confusing and very difficult to

understand. I don’t really understand it. What I do understand is, if you encrypt

values in the inputs and the outputs, you can then apply a proof that

says they cancel each other out. The sum is zero, so you know there is an equal amount

of inputs and outputs; no new money was created. The specific zero-knowledge proof used in

confidential transactions is called a range proof, [where] you can prove that a number is within a

certain range without knowing what the number is. Bulletproofs is in development because a problem

with non-interactive zero-knowledge proofs is that… they tend to be very large,

use a large amount of data. A confidential transaction containing these

non-interactive zero knowledge proofs… could be 20 kilobytes, compared to a

normal transaction that is about 200 bytes. That is not a very good trade-off. You get a lot of privacy, but in return the capacity of

your blockchain just decreased tremendously, because these transactions just

became a hundred times larger. [The paper] is a very interesting read,

although you might find it challenging. [The authors] achieved a much shorter proof, [where] you can prove the amounts in the

inputs and outputs are within a range, without using as much data and making very large

transactions, reducing the capacity of your blockchain. It is a very incredible development in cryptography. Once again, a demonstration that research in the Bitcoin

and the crypto ecosystem is pushing boundaries, generating new cryptographic knowledge and

discoveries in [computer] science every single day. As you asked, the practical benefits are that we can get

confidential transactions with much shorter proofs, allowing us to encrypt the values, and gain greater

anonymity without transactions being enormous in size.

## Nealaka says:

We need more people like you in the space. Thanks for the videos.

## 1983banana1983 says:

Great! Another video 🙂 Like before watching. Because of Andreas.

## Grin Talk says:

Then sapling comes in for Zcash and provides scalability

## Gianluca Ghettini says:

if(andreas) likes++;

## Gianluca Ghettini says:

is BulletProof a subset of MimbleWimble or a completely different thing? And if the miner fee is implied in the

differencebetween the sum of the inputs and the sum of the outputs, how can the miner infer this amount when including the transaction in a block?## vydas dasvy says:

smashed the like

## ThanksMia says:

Are the developers touching themselfs while creating those names bulletproofs… atomic swaps… etc?

## nion456789 says:

Smashed the like

## GBU Prof. Wally says:

Always providing value to the ecosystem. Thank you.

## Leonidas Koufalis says:

And folks, wherever you are out there, just remember… Nacho Cheese, Nacho Bitcoin.

## Thomas Grainger says:

The proof that the numbers add to Zero is relatively simple, the tricky bit is proving they don't overflow – hence the name "Range proof"

## iBust says:

Thanks for the video!!

## Colton Brummel says:

Zoltan Istvan? Cool guy!

## spIetty says:

Unrelated question: Is that the new Thinkpad X1 Extreme? (or P1?)

## UnknownEssense says:

Constantly advocate for privacy and make a video on bulletproofs without mentioning Monero. Shame.

## Febels says:

My dearest respect for all you've done for the cryptoshpere Andreas, but you as a privacy advocate explaining Bulletproof and range proof WITHOUT even mentioning their latest successful implementation into a noteworthy cryptocurrency leaves a doubtful impression.

## Nick Nguyen says:

If someone/something wants to destroy Bitcoin network, what are the easiest way that it could be archived ? And what are the likelyhood/possibility that it could happen ? (hoping to be hearing your answer in the next video, thank you)

## Random Alphabets says:

I read the bulletproof research paper… didn't get past the first page…

## Alex Lary says:

Can bullet proofs be added to btc?

## Sylver Chavez says:

Love your videos. Could you describe the difference in monero and zcash and the pros and cons of each?

## Hermes Moreira says:

The audio is too low! On the next video you should try to increase it somehow.

## CryptoRocky says:

As always, you're amazing Andreas. EVERYONE help support him by becoming a Patron on Patreon!!! You are the reason I first signed up for Patreon btw. First person I became a Patron for 🙂 Btw volume is very low on this recording brotha.

## Autonova says:

This is so genius.