Expand description
The batched range proof instructions.
A batched range proof is defined with respect to a sequence of commitments [C_1, ..., C_N]
and bit-lengths [n_1, ..., n_N]. It certifies that each C_i is a commitment to a number of
bit-length n_i.
There are three batched range proof instructions: VerifyBatchedRangeProof64,
VerifyBatchedRangeProof128, and VerifyBatchedRangeProof256. The value N in
VerifyBatchedRangeProof{N} specifies the sum of the bit-lengths that the proof is certifying
for a sequence of commitments.
For example to generate a batched range proof on a sequence of commitments [C_1, C_2, C_3] on
a sequence of bit-lengths [32, 32, 64], one must use VerifyBatchedRangeProof128 as 128 is
the sum of all bit-lengths.
The maximum number of commitments is fixed at 8. Each bit-length in [n_1, ..., n_N] must be a
power-of-two positive integer less than 128.
Modules§
- The 64-bit batched range proof instruction.
- The 128-bit batched range proof instruction.
- The 256-bit batched range proof instruction.
Structs§
- The context data needed to verify a range-proof for a Pedersen committed value.