0

The question here Proving amount of Monero - Range Proofs

Talks about how to do a range proof, but it doesn't quite say how to do it using existing methods of making a payment. I want to prove a number is between to positive values, can an existing application, like a specific wallet do this, or is there program code that can do this?

Ron King
  • 1
  • 1
  • 2
    Monero's range proofs prove that a commitment to a number is between 0 and 2^64. If you wanted to prove a commitment to a number is between two arbitrary numbers, you need a slightly more complicated proof involving potentially two range proofs. Please elaborate on the the intended use of this feature - it might inspire someone to implement the feature you describe. – knaccc Jun 04 '19 at 16:22

1 Answers1

2

The Monero wallets (official or any others that I'm aware of), do not offer any functionality to perform generic range proofs.

For a generic range proof, you could use code as in user679128's answer. If you are a competent Java developer, there is also a Java library created by one of the Bulletproof authors, which could be used to help implement what you require.

If your question is specific to Monero, insofar as you are wanting to prove you have funds in the wallet between values X and Y, currently this functionality does not exist, though I can imagine use-cases for this functionality. The nearest functionality that exists is get_reserve_proof, which proves you have at least X in your wallet.

jtgrassie
  • 19,111
  • 4
  • 14
  • 51
  • For a bulletproof rangeproof, there is an implementation by Dalek: https://github.com/dalek-cryptography/bulletproofs – user679128 Jun 04 '19 at 15:58
  • I'm a java developer, but I guess I can learn Rust! What environment was it intended to be used in, a blockchain project? Which blockchain project? – Ron King Jun 04 '19 at 20:31
  • @RonKing for that particular repo, I think stellar. You can make a java implementation. I believe there was one in golang on GitHub, but the Dalek version is by far the cleanest – user679128 Jun 04 '19 at 20:35
  • There's an Etherum client called Parity https://github.com/paritytech/parity-ethereum, maybe I could add the rust bulletproof code into it? Java would be better for me though. – Ron King Jun 04 '19 at 20:39
  • @RonKing I know Parity. It depends on what you want, it was not stated in the question. An EVM with a rangeproof instruction would be possible. This is better for the ethereum stack exchange or another question though – user679128 Jun 04 '19 at 20:45
  • @RonKing if this answer, answers your question. Could you mark it as accepted – user679128 Jun 08 '19 at 12:53
  • @user679128 perhaps consider that simply posting a link doesn't quite fully answer the users question(s). – jtgrassie Jun 08 '19 at 14:08
  • I've seen the Bulletproof code from Stanford, but it doesn't document how you would integrate this code along with some well known blockchain like Ethereum or Quorum, to make a working system that could perform transactions. I need an overall understanding of how the code in that project would be used. – Ron King Jun 08 '19 at 18:02
  • @RonKing I would argue that this is out of scope. The standard uses for bulletproof are to prove an amount is within a certain range and for circuit satisfiability. It has many use-cases in confidential transactions. I think that if you do not understand, how the code will be used overall. It is probably a misunderstanding of what bulletproofs is and it’s limitations on a theoretical level – user679128 Jun 08 '19 at 18:06
  • There's another range proof project, that specifically works with ethereum, and includes a smart contract and code written in Go. So I don't see how my question is out of scope? Here's the link to the code: https://github.com/ing-bank/zkproofs – Ron King Jun 08 '19 at 19:33
  • I should’ve clarified, for the bulletproof authors or original coders to document integration would be out of scope. Saying that, I also think that asking for how to build a transaction on a non-private chain is quite vague. With private chains there is a standard usage in confidential transactions. BTW Could you link me the smart contract directly? @RonKing – user679128 Jun 08 '19 at 19:54
  • TBC rangeproofs are just a way to prove a number is within a certain range. Without a usecase, asking how to use it to create a transaction is vague. If you just want to prove an amount is within a range on a chain like ethereum, please refer to the comment above about adding it to the evm. For how to add an instruction to the evm, that is blockchain specific – user679128 Jun 08 '19 at 19:57
  • I have a use case, but it's proprietary, I hope you understand. – Ron King Jun 08 '19 at 20:24
  • @RonKing oh I understand, good luck! – user679128 Jun 08 '19 at 20:25