That's very interesting, it would indeed be very useful for mints not having to reveal their UTXOs for a proof of reserves. Thanks for noting that.
I haven't been able to look at your protocol yet so I have a rather basic bunch of questions that come to mind:
- The ~55 Mb keyset file you load seems to have information up to a certain block height. Is this file generic for the entire chain or custom to the prover?
- The processing of the file takes quite some time and you mention this can be done once and proofs can be checked faster after that. Does the client need to do the processing or could someone else do it for them?
- Does it require processing custom to the prover or can it be used to prove anyone's claim?
- Is there a window for cheating when the file is for a lower block height than the current one? Since I don't know the UTXOs, is there a way to make sure the coins haven't been moved since the proof was made?
- The range was from 100k to a power of two, you say it's just the way you set it up. Can the range be arbitrarily precise?