A type of zero-knowledge proof in Bitcoin-related systems that enable confidentiality without revealing transaction amounts.

For example, Bulletproofs enhance Confidential Transactions on the Liquid Network, with Bulletproofs++ serving as a further refined version that is faster and more cost-efficient.

Specifically, Bulletproofs++ are O(log(n)) to create and O(n) to verify (where n is the number of bits necessary to express the value). With Bulletproofs++, a typical Confidential Transactions would go from being ~10x as expensive as unblinded transactions to being ~2x as expensive as unblinded transactions.

Smaller Bulletproofs++ also mean that transactions add new weight to the blockchain more slowly, which slows the rate at which the initial-block-download burden grows. That is particularly important if Bulletproofs++ are to be used on Bitcoin eventually.

Because Bulletproofs++ generalize to any mathematical computation, in principle, any Simplicity covenant could also be expressed as a Bulletproof. Theoretically, this would make complicated smart contracts and options logic cheaper and more private.

For more information on Bulletproofs, read the latest version of the “Bulletproofs++: Next Generation Confidential Transactions via Reciprocal Set Membership Arguments” paper, currently hosted and freely available on the IACR eprint archive. You can also review the work-in-progress implementation on GitHub.

Additionally, the visual explainer below may also be valuable.