Bulletproof

A Bulletproof is a short, non-interactive zero-knowledge argument of knowledge that requires no trusted setup. Introduced by Bunz, Bootle, Boneh, and others, it is best known for efficient range proofs, demonstrating that a hidden committed value lies within a given interval, for example that a transaction amount is non-negative and below an overflow bound. The proof size grows only logarithmically with the size of the statement being proven.

The inner-product argument

The heart of a Bulletproof is a logarithmic inner-product argument. The prover repeatedly halves two vectors, committing to cross terms each round so that a relation about the original long vectors reduces to one about a single pair of scalars. This recursive compression is what shrinks a proof that would otherwise be linear in size down to a logarithmic number of group elements.

Where it fits

Because Bulletproofs rely only on the discrete-logarithm assumption and Pedersen commitments, they avoid the toxic-waste risk of pairing-based systems entirely. The cost is verification time, which is linear in the statement size and slower than the constant-time checks of setup-based schemes. They are widely used for confidential transaction amounts and for proving statements over committed values without revealing them.

Bulletproofs build on the vector commitment idea and offer a setup-free contrast to the trusted setup ceremony required by other proof systems.