Meh, that's mostly a mischaracterization I think. Bulletproo...

675b84fe75e216ab...

npub1vadcfln4ugt2h9ruwsuwu5vu5am4xaka7pw6m7axy79aqyhp6u5q9knuu7

hex

589629529b82442b47fed06692c81215873ca22bbfb70c30c474ee1cefd56657

nevent

nevent1qqs9393f22dcy3ptglldqe5jeqfptpeu5g4mldcvxrz8fmsual2kv4cprpmhxue69uhhyetvv9ujuem4d36kwatvw5hx6mm9qgsxwkuyle67y94tj378gw8w2xw2wa6nwmwlqhddlwnz0z7sztsaw2q46aelf

Kind-1 (TextNote)

2026-04-04T13:34:13Z

↳ 回复 事件不存在

5a4ef0c1b023fe0ac612408ee13867e8eba501622e37a34b4a59ace556582380...

Meh, that's mostly a mischaracterization I think. Bulletproofs as originally conceived was a valuable addition to the mix; it didn't have succinct verification so it couldn't directly compete with Groth16 and other pairing based schemes but it did have: no trusted setup and no assumptions outside of ECDLP. The other option was STARKs but the proof sizes were large. The verification scaling being bad was addressed in HALO and HALO2 with some rather clever tweaks, keeping the no-trusted-setup property while getting succinct verification. So nowadays it's a general class of algorithms see "folding schemes", "inner product arguments" and those can be flavours of zkSNARK; bulletproofs literally purely as originally written, yes, is rarely used, although perhaps occasionally still finds a use - an example is Curve Trees, which you mention. But it's also a paradigm which continues to be used in more sophisticated forms. Perhaps a confusion here is you were thinking about 'bulletproofs for confidential transactions via range proofs' (still used in Monero) as opposed to 'bulletproofs as a general ZKP system' (which was in the original paper).

原始 JSON

{
  "kind": 1,
  "id": "589629529b82442b47fed06692c81215873ca22bbfb70c30c474ee1cefd56657",
  "pubkey": "675b84fe75e216ab947c7438ee519ca7775376ddf05dadfba6278bd012e1d728",
  "created_at": 1775309653,
  "tags": [
    [
      "alt",
      "A short note: Meh, that's mostly a mischaracterization I think. ..."
    ],
    [
      "e",
      "8ab0045d57f1dae9551de48ecfc69ce012d2bda69d6e05bb4c0a6f2453914f2c",
      "wss://nostr.mom/",
      "root",
      "5a82c8af0f4c1d5d3abc09b3aa8b15759106749ba42868b0f1870aaf9c021a18"
    ],
    [
      "e",
      "0d678450426b445f95ba47ecf62491f0e98fdaeb6e2ba893353e511d9e5c775a",
      "wss://relay.towardsliberty.com/",
      "",
      "b7ed68b062de6b4a12e51fd5285c1e1e0ed0e5128cda93ab11b4150b55ed32fc"
    ],
    [
      "e",
      "47d2e351e2f85440bcd7f1098ba42b3686a7495190a84fe9fdb1e4e0c4eadd73",
      "wss://relay.damus.io/",
      "",
      "d28413712171c33e117d4bd0930ac05b2c51b30eb3021ef8d4f1233f02c90a2b"
    ],
    [
      "e",
      "5a4ef0c1b023fe0ac612408ee13867e8eba501622e37a34b4a59ace556582380",
      "wss://nos.lol/",
      "reply",
      "b7ed68b062de6b4a12e51fd5285c1e1e0ed0e5128cda93ab11b4150b55ed32fc"
    ],
    [
      "p",
      "b7ed68b062de6b4a12e51fd5285c1e1e0ed0e5128cda93ab11b4150b55ed32fc",
      "wss://nos.lol/"
    ],
    [
      "p",
      "5a82c8af0f4c1d5d3abc09b3aa8b15759106749ba42868b0f1870aaf9c021a18",
      "wss://nostr.mom/"
    ],
    [
      "p",
      "d28413712171c33e117d4bd0930ac05b2c51b30eb3021ef8d4f1233f02c90a2b",
      "wss://relay.damus.io/"
    ]
  ],
  "content": "Meh, that's mostly a mischaracterization I think. Bulletproofs as originally conceived was a valuable addition to the mix; it didn't have succinct verification so it couldn't *directly* compete with Groth16 and other pairing based schemes but it did have: no trusted setup and no assumptions outside of ECDLP. The other option was STARKs but the proof sizes were large. The verification scaling being bad was addressed in HALO and HALO2 with some rather clever tweaks, keeping the no-trusted-setup property while getting succinct verification. So nowadays it's a general class of algorithms see \"folding schemes\", \"inner product arguments\" and those can be flavours of zkSNARK; bulletproofs literally purely as originally written, yes, is rarely used, although perhaps occasionally still finds a use - an example is Curve Trees, which you mention. But it's also a paradigm which continues to be used in more sophisticated forms. Perhaps a confusion here is  you were thinking about 'bulletproofs for confidential transactions via range proofs' (still used in Monero) as opposed to 'bulletproofs as a general ZKP system' (which was in the original paper).",
  "sig": "ad9e911aa3f180292d02a42702f1125df5afbd7d9f1dd689be6defd84ef62c9033c490417819c4fbb59e7698434d7573174754a32711eded54cd6bbd63c43c1a"
}