以证明数字在[0, 264 − 1]范围为例,考虑支持多个数字proof合计的情况,主要有以下几方面内容:
1. public parameters 公共变量• l: cardinality of the subgroup of the elliptic curve used (Ed25519) • N: bitsize of the elements whose range one wants to prove (N = 64) • M: number of proofs to aggregate (upper-bounded by maxM = BULLETPROOF_MAX_OUTPUTS = 16) • G: the base point of the subgroup of the elliptic curve used • H: another generator of the subgroup of the elliptic curve used whose discrete log wrt G is not known and hard to find • Gi: a list of MN generators of the subgroup of the elliptic curve used whose discrete log wrt any other generator is not known and hard to find • Hi: a list of MN generators of the subgroup of the elliptic curve used whose discrete log wrt any other generator is not known and hard to find
2. Values to commit to, hide, and prove:需要证明的数据。即私有变量• v: a list of M integers such that for all j, 0
