Rename buletproof_pp* to bppp*

2023-02-06 13:53:02 -08:00 · 2023-02-06 13:53:02 -08:00 · e5a01d12c6
commit e5a01d12c6
parent c983186872
18 changed files with 180 additions and 180 deletions
--- a/.cirrus.yml
+++ b/.cirrus.yml
@ -23,7 +23,7 @@ env:
  WHITELIST: no
  MUSIG: no
  ECDSAADAPTOR: no
-  BULLETPROOFS: no
+  BPPP: no
  ### test options
  SECP256K1_TEST_ITERS:
  BENCH: yes
@ -73,12 +73,12 @@ task:
  << : *LINUX_CONTAINER
  matrix: &ENV_MATRIX
    - env: {WIDEMUL:  int64,  RECOVERY: yes}
-    - env: {WIDEMUL:  int64,                 ECDH: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes,  RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BULLETPROOFS: yes}
+    - env: {WIDEMUL:  int64,                 ECDH: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes,  RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BPPP: yes}
    - env: {WIDEMUL: int128}
    - env: {WIDEMUL: int128,  RECOVERY: yes,            SCHNORRSIG: yes}
-    - env: {WIDEMUL: int128,                 ECDH: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BULLETPROOFS: yes}
+    - env: {WIDEMUL: int128,                 ECDH: yes, SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BPPP: yes}
    - env: {WIDEMUL: int128,  ASM: x86_64}
-    - env: {                  RECOVERY: yes,            SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BULLETPROOFS: yes}
+    - env: {                  RECOVERY: yes,            SCHNORRSIG: yes, EXPERIMENTAL: yes, ECDSA_S2C: yes, RANGEPROOF: yes, WHITELIST: yes, GENERATOR: yes, MUSIG: yes, ECDSAADAPTOR: yes, BPPP: yes}
    - env: {BUILD: distcheck, WITH_VALGRIND: no, CTIMETEST: no, BENCH: no}
    - env: {CPPFLAGS: -DDETERMINISTIC}
    - env: {CFLAGS: -O0, CTIMETEST: no}
@ -109,7 +109,7 @@ task:
    GENERATOR: yes
    MUSIG: yes
    ECDSAADAPTOR: yes
-    BULLETPROOFS: yes
+    BPPP: yes
  matrix:
    - env:
        CC: i686-linux-gnu-gcc
@ -167,7 +167,7 @@ task:
    GENERATOR: yes
    MUSIG: yes
    ECDSAADAPTOR: yes
-    BULLETPROOFS: yes
+    BPPP: yes
    CTIMETEST: no
  << : *MERGE_BASE
  test_script:
@ -262,7 +262,7 @@ task:
    GENERATOR: yes
    MUSIG: yes
    ECDSAADAPTOR: yes
-    BULLETPROOFS: yes
+    BPPP: yes
    CTIMETEST: no
  matrix:
    - name: "Valgrind (memcheck)"
--- a/.gitignore
+++ b/.gitignore
@ -1,5 +1,5 @@
 bench
-bench_bulletproofs
+bench_bppp
 bench_ecmult
 bench_generator
 bench_rangeproof
--- a/Makefile.am
+++ b/Makefile.am
@ -226,8 +226,8 @@ clean-precomp:
 EXTRA_DIST = autogen.sh SECURITY.md
-if ENABLE_MODULE_BULLETPROOFS
+if ENABLE_MODULE_BPPP
-include src/modules/bulletproofs/Makefile.am.include
+include src/modules/bppp/Makefile.am.include
 endif
 if ENABLE_MODULE_ECDH
--- a/ci/cirrus.sh
+++ b/ci/cirrus.sh
@ -19,7 +19,7 @@ valgrind --version || true
    --with-ecmult-gen-precision="$ECMULTGENPRECISION" \
    --enable-module-ecdh="$ECDH" --enable-module-recovery="$RECOVERY" \
    --enable-module-ecdsa-s2c="$ECDSA_S2C" \
-    --enable-module-bulletproofs="$BULLETPROOFS" \
+    --enable-module-bppp="$BPPP" \
    --enable-module-rangeproof="$RANGEPROOF" --enable-module-whitelist="$WHITELIST" --enable-module-generator="$GENERATOR" \
    --enable-module-schnorrsig="$SCHNORRSIG"  --enable-module-musig="$MUSIG" --enable-module-ecdsa-adaptor="$ECDSAADAPTOR" \
    --enable-module-schnorrsig="$SCHNORRSIG" \
@ -52,9 +52,9 @@ then
        $EXEC ./bench_ecmult
        $EXEC ./bench_internal
        $EXEC ./bench
-        if [ "$BULLETPROOFS" = "yes" ]
+        if [ "$BPPP" = "yes" ]
        then
-            $EXEC ./bench_bulletproofs
+            $EXEC ./bench_bppp
        fi
    } >> bench.log 2>&1
 fi
--- a/configure.ac
+++ b/configure.ac
@ -140,10 +140,10 @@ AC_ARG_ENABLE(examples,
    AS_HELP_STRING([--enable-examples],[compile the examples [default=no]]), [],
    [SECP_SET_DEFAULT([enable_examples], [no], [yes])])
-AC_ARG_ENABLE(module_bulletproofs,
+AC_ARG_ENABLE(module_bppp,
-    AS_HELP_STRING([--enable-module-bulletproofs],[enable Bulletproofs module (experimental)]),
+    AS_HELP_STRING([--enable-module-bppp],[enable Bulletproofs++ module (experimental)]),
    [],
-    [SECP_SET_DEFAULT([enable_module_bulletproofs], [no], [yes])])
+    [SECP_SET_DEFAULT([enable_module_bppp], [no], [yes])])
 AC_ARG_ENABLE(module_ecdh,
    AS_HELP_STRING([--enable-module-ecdh],[enable ECDH module [default=no]]), [],
@ -422,9 +422,9 @@ if test x"$enable_module_rangeproof" = x"yes"; then
  AC_DEFINE(ENABLE_MODULE_RANGEPROOF, 1, [Define this symbol to enable the Pedersen / zero knowledge range proof module])
 fi
-if test x"$enable_module_bulletproofs" = x"yes"; then
+if test x"$enable_module_bppp" = x"yes"; then
  enable_module_generator=yes
-  AC_DEFINE(ENABLE_MODULE_BULLETPROOFS, 1, [Define this symbol to enable the Bulletproofs module])
+  AC_DEFINE(ENABLE_MODULE_BPPP, 1, [Define this symbol to enable the Bulletproofs++ module])
 fi
 if test x"$enable_module_generator" = x"yes"; then
@ -470,8 +470,8 @@ else
  # module (which automatically enables the module dependencies) we want to
  # print an error for the dependent module, not the module dependency. Hence,
  # we first test dependent modules.
-  if test x"$enable_module_bulletproofs" = x"yes"; then
+  if test x"$enable_module_bppp" = x"yes"; then
-    AC_MSG_ERROR([Bulletproofs module is experimental. Use --enable-experimental to allow.])
+    AC_MSG_ERROR([Bulletproofs++ module is experimental. Use --enable-experimental to allow.])
  fi
  if test x"$enable_module_whitelist" = x"yes"; then
    AC_MSG_ERROR([Key whitelisting module is experimental. Use --enable-experimental to allow.])
@ -515,7 +515,7 @@ AM_CONDITIONAL([USE_TESTS], [test x"$enable_tests" != x"no"])
 AM_CONDITIONAL([USE_EXHAUSTIVE_TESTS], [test x"$enable_exhaustive_tests" != x"no"])
 AM_CONDITIONAL([USE_EXAMPLES], [test x"$enable_examples" != x"no"])
 AM_CONDITIONAL([USE_BENCHMARK], [test x"$enable_benchmark" = x"yes"])
-AM_CONDITIONAL([ENABLE_MODULE_BULLETPROOFS], [test x"$enable_module_bulletproofs" = x"yes"])
+AM_CONDITIONAL([ENABLE_MODULE_BPPP], [test x"$enable_module_bppp" = x"yes"])
 AM_CONDITIONAL([ENABLE_MODULE_ECDH], [test x"$enable_module_ecdh" = x"yes"])
 AM_CONDITIONAL([ENABLE_MODULE_MUSIG], [test x"$enable_module_musig" = x"yes"])
 AM_CONDITIONAL([ENABLE_MODULE_RECOVERY], [test x"$enable_module_recovery" = x"yes"])
@ -555,7 +555,7 @@ echo "  module whitelist        = $enable_module_whitelist"
 echo "  module musig            = $enable_module_musig"
 echo "  module ecdsa-s2c        = $enable_module_ecdsa_s2c"
 echo "  module ecdsa-adaptor    = $enable_module_ecdsa_adaptor"
-echo "  module bulletproofs     = $enable_module_bulletproofs"
+echo "  module bppp             = $enable_module_bppp"
 echo
 echo "  asm                     = $set_asm"
 echo "  ecmult window size      = $set_ecmult_window"
--- a/include/secp256k1_bulletproofs.h
+++ b/include/secp256k1_bulletproofs.h
@ -1,5 +1,5 @@
-#ifndef _SECP256K1_BULLETPROOFS_
+#ifndef _SECP256K1_BPPP_
-# define _SECP256K1_BULLETPROOFS_
+# define _SECP256K1_BPPP_
 # include "secp256k1.h"
@ -10,7 +10,7 @@ extern "C" {
 #include <stdint.h>
 /** Opaque structure representing a large number of NUMS generators */
-typedef struct secp256k1_bulletproofs_generators secp256k1_bulletproofs_generators;
+typedef struct secp256k1_bppp_generators secp256k1_bppp_generators;
 /** Allocates and initializes a list of NUMS generators.
 *  Returns a list of generators, or calls the error callback if the allocation fails.
@ -21,7 +21,7 @@ typedef struct secp256k1_bulletproofs_generators secp256k1_bulletproofs_generato
 * points. We will later use G = H0(required for compatibility with pedersen_commitment DS)
 * in a separate commit to make review easier.
 */
-SECP256K1_API secp256k1_bulletproofs_generators *secp256k1_bulletproofs_generators_create(
+SECP256K1_API secp256k1_bppp_generators *secp256k1_bppp_generators_create(
    const secp256k1_context* ctx,
    size_t n
 ) SECP256K1_ARG_NONNULL(1);
@ -29,10 +29,10 @@ SECP256K1_API secp256k1_bulletproofs_generators *secp256k1_bulletproofs_generato
 /** Allocates a list of generators from a static array
 *  Returns a list of generators or NULL in case of failure.
 *  Args:      ctx: pointer to a context object
- *  In:       data: data that came from `secp256k1_bulletproofs_generators_serialize`
+ *  In:       data: data that came from `secp256k1_bppp_generators_serialize`
 *        data_len: the length of the `data` buffer
 */
-SECP256K1_API secp256k1_bulletproofs_generators* secp256k1_bulletproofs_generators_parse(
+SECP256K1_API secp256k1_bppp_generators* secp256k1_bppp_generators_parse(
    const secp256k1_context* ctx,
    const unsigned char* data,
    size_t data_len
@ -49,9 +49,9 @@ SECP256K1_API secp256k1_bulletproofs_generators* secp256k1_bulletproofs_generato
 * TODO: For ease of review, this setting G = H0 is not included in this commit. We will
 * add it in the follow-up rangeproof PR.
 */
-SECP256K1_API int secp256k1_bulletproofs_generators_serialize(
+SECP256K1_API int secp256k1_bppp_generators_serialize(
    const secp256k1_context* ctx,
-    const secp256k1_bulletproofs_generators* gen,
+    const secp256k1_bppp_generators* gen,
    unsigned char* data,
    size_t *data_len
 ) SECP256K1_ARG_NONNULL(1) SECP256K1_ARG_NONNULL(2) SECP256K1_ARG_NONNULL(3) SECP256K1_ARG_NONNULL(4);
@ -61,9 +61,9 @@ SECP256K1_API int secp256k1_bulletproofs_generators_serialize(
 *          gen: pointer to the generator set to be destroyed
 *               (can be NULL, in which case this function is a no-op)
 */
-SECP256K1_API void secp256k1_bulletproofs_generators_destroy(
+SECP256K1_API void secp256k1_bppp_generators_destroy(
    const secp256k1_context* ctx,
-    secp256k1_bulletproofs_generators* gen
+    secp256k1_bppp_generators* gen
 ) SECP256K1_ARG_NONNULL(1);
 # ifdef __cplusplus
--- a/src/bench_bulletproofs.c
+++ b/src/bench_bulletproofs.c
@ -6,32 +6,32 @@
 #include <stdint.h>
-#include "include/secp256k1_bulletproofs.h"
+#include "include/secp256k1_bppp.h"
 #include "util.h"
 #include "bench.h"
 typedef struct {
    secp256k1_context* ctx;
-} bench_bulletproofs_data;
+} bench_bppp_data;
-static void bench_bulletproofs_setup(void* arg) {
+static void bench_bppp_setup(void* arg) {
    (void) arg;
 }
-static void bench_bulletproofs(void* arg, int iters) {
+static void bench_bppp(void* arg, int iters) {
-    bench_bulletproofs_data *data = (bench_bulletproofs_data*)arg;
+    bench_bppp_data *data = (bench_bppp_data*)arg;
    (void) data;
    (void) iters;
 }
 int main(void) {
-    bench_bulletproofs_data data;
+    bench_bppp_data data;
    int iters = get_iters(32);
    data.ctx = secp256k1_context_create(SECP256K1_CONTEXT_SIGN | SECP256K1_CONTEXT_VERIFY);
-    run_benchmark("bulletproofs_verify_bit", bench_bulletproofs, bench_bulletproofs_setup, NULL, &data, 10, iters);
+    run_benchmark("bppp_verify_bit", bench_bppp, bench_bppp_setup, NULL, &data, 10, iters);
    secp256k1_context_destroy(data.ctx);
    return 0;
--- a/src/modules/bppp/Makefile.am.include
+++ b/src/modules/bppp/Makefile.am.include
@ -0,0 +1,13 @@
 include_HEADERS += include/secp256k1_bppp.h
 noinst_HEADERS += src/modules/bppp/bppp_util.h
 noinst_HEADERS += src/modules/bppp/main_impl.h
 noinst_HEADERS += src/modules/bppp/bppp_transcript_impl.h
 noinst_HEADERS += src/modules/bppp/bppp_norm_product_impl.h
 noinst_HEADERS += src/modules/bppp/tests_impl.h
 if USE_BENCHMARK
 noinst_PROGRAMS += bench_bppp
 bench_bppp_SOURCES = src/bench_bppp.c
 bench_bppp_LDADD = libsecp256k1.la $(SECP_LIBS)
 bench_bppp_LDFLAGS = -static
 endif
--- a/src/modules/bulletproofs/bulletproofs_pp_norm_product_impl.h
+++ b/src/modules/bulletproofs/bulletproofs_pp_norm_product_impl.h
@ -4,8 +4,8 @@
 * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
 **********************************************************************/
-#ifndef _SECP256K1_MODULE_BULLETPROOFS_PP_NORM_PRODUCT_
+#ifndef _SECP256K1_MODULE_BPPP_PP_NORM_PRODUCT_
-#define _SECP256K1_MODULE_BULLETPROOFS_PP_NORM_PRODUCT_
+#define _SECP256K1_MODULE_BPPP_PP_NORM_PRODUCT_
 #include "group.h"
 #include "scalar.h"
@ -13,9 +13,9 @@
 #include "ecmult_gen.h"
 #include "hash.h"
-#include "modules/bulletproofs/main.h"
+#include "modules/bppp/main.h"
-#include "modules/bulletproofs/bulletproofs_util.h"
+#include "modules/bppp/bppp_util.h"
-#include "modules/bulletproofs/bulletproofs_pp_transcript_impl.h"
+#include "modules/bppp/bppp_transcript_impl.h"
 /* Computes the inner product of two vectors of scalars
 * with elements starting from offset a and offset b
@ -69,7 +69,7 @@ static int secp256k1_weighted_scalar_inner_product(
 }
 /* Compute the powers of r as r, r^2, r^4 ... r^(2^(n-1)) */
-static void secp256k1_bulletproofs_powers_of_r(secp256k1_scalar *powers, const secp256k1_scalar *r, size_t n) {
+static void secp256k1_bppp_powers_of_r(secp256k1_scalar *powers, const secp256k1_scalar *r, size_t n) {
    size_t i;
    if (n == 0) {
        return;
@ -102,11 +102,11 @@ static int ecmult_bp_commit_cb(secp256k1_scalar *sc, secp256k1_ge *pt, size_t id
   v = |n_vec*n_vec|_q + <l_vec, c_vec>. |w|_q denotes q-weighted norm of w and
   <l, r> denotes inner product of l and r.
 */
-static int secp256k1_bulletproofs_commit(
+static int secp256k1_bppp_commit(
    const secp256k1_context* ctx,
    secp256k1_scratch_space* scratch,
    secp256k1_ge* commit,
-    const secp256k1_bulletproofs_generators* g_vec,
+    const secp256k1_bppp_generators* g_vec,
    const secp256k1_scalar* n_vec,
    size_t n_vec_len,
    const secp256k1_scalar* l_vec,
@ -216,7 +216,7 @@ static int ecmult_r_cb(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx, void
 * some parent protocol. To use this norm protocol in a standalone manner, the user
 * should add the commitment, generators and initial public data to the transcript hash.
 */
-static int secp256k1_bulletproofs_pp_rangeproof_norm_product_prove(
+static int secp256k1_bppp_rangeproof_norm_product_prove(
    const secp256k1_context* ctx,
    secp256k1_scratch_space* scratch,
    unsigned char* proof,
@ -238,7 +238,7 @@ static int secp256k1_bulletproofs_pp_rangeproof_norm_product_prove(
    ecmult_r_cb_data r_cb_data;
    size_t g_len = n_vec_len, h_len = l_vec_len;
    const size_t G_GENS_LEN = g_len;
-    size_t log_g_len = secp256k1_bulletproofs_pp_log2(g_len), log_h_len = secp256k1_bulletproofs_pp_log2(h_len);
+    size_t log_g_len = secp256k1_bppp_log2(g_len), log_h_len = secp256k1_bppp_log2(h_len);
    size_t num_rounds = log_g_len > log_h_len ? log_g_len : log_h_len;
    /* Check proof sizes.*/
@ -307,12 +307,12 @@ static int secp256k1_bulletproofs_pp_rangeproof_norm_product_prove(
        secp256k1_ge_set_gej_var(&r_ge, &rj);
        secp256k1_fe_normalize_var(&r_ge.x);
        secp256k1_fe_normalize_var(&r_ge.y);
-        secp256k1_bulletproofs_serialize_points(&proof[proof_idx], &x_ge, &r_ge);
+        secp256k1_bppp_serialize_points(&proof[proof_idx], &x_ge, &r_ge);
        proof_idx += 65;
        /* Obtain challenge e for the the next round */
        secp256k1_sha256_write(transcript, &proof[proof_idx - 65], 65);
-        secp256k1_bulletproofs_challenge_scalar(&e, transcript, 0);
+        secp256k1_bppp_challenge_scalar(&e, transcript, 0);
        if (g_len > 1) {
            for (i = 0; i < g_len; i = i + 2) {
@ -422,14 +422,14 @@ static int ec_mult_verify_cb2(secp256k1_scalar *sc, secp256k1_ge *pt, size_t idx
 /* Verify the proof. This function modifies the generators, c_vec and the challenge r. The
   caller should make sure to back them up if they need to be reused.
 */
-static int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(
+static int secp256k1_bppp_rangeproof_norm_product_verify(
    const secp256k1_context* ctx,
    secp256k1_scratch_space* scratch,
    const unsigned char* proof,
    size_t proof_len,
    secp256k1_sha256* transcript,
    const secp256k1_scalar* r,
-    const secp256k1_bulletproofs_generators* g_vec,
+    const secp256k1_bppp_generators* g_vec,
    size_t g_len,
    const secp256k1_scalar* c_vec,
    size_t c_vec_len,
@ -440,7 +440,7 @@ static int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(
    secp256k1_gej res1, res2;
    size_t i = 0, scratch_checkpoint;
    int overflow;
-    size_t log_g_len = secp256k1_bulletproofs_pp_log2(g_len), log_h_len = secp256k1_bulletproofs_pp_log2(c_vec_len);
+    size_t log_g_len = secp256k1_bppp_log2(g_len), log_h_len = secp256k1_bppp_log2(c_vec_len);
    size_t n_rounds = log_g_len > log_h_len ? log_g_len : log_h_len;
    size_t h_len = c_vec_len;
@ -471,7 +471,7 @@ static int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(
    /* Compute powers of r_inv. Later used in g_factor computations*/
    secp256k1_scalar_inverse_var(&r_inv, r);
-    secp256k1_bulletproofs_powers_of_r(r_inv_pows, &r_inv, log_g_len);
+    secp256k1_bppp_powers_of_r(r_inv_pows, &r_inv, log_g_len);
    /* Compute r_f = r^(2^log_g_len) */
    r_f = *r;
@ -482,7 +482,7 @@ static int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(
    for (i = 0; i < n_rounds; i++) {
        secp256k1_scalar e;
        secp256k1_sha256_write(transcript, &proof[i * 65], 65);
-        secp256k1_bulletproofs_challenge_scalar(&e, transcript, 0);
+        secp256k1_bppp_challenge_scalar(&e, transcript, 0);
        es[i] = e;
    }
    /* s_g[0] = n * \prod_{j=0}^{log_g_len - 1} r^(2^j)
@ -491,7 +491,7 @@ static int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(
    secp256k1_scalar_mul(&s_g[0], &n, &r_f);
    secp256k1_scalar_mul(&s_g[0], &s_g[0], &r_inv);
    for (i = 1; i < g_len; i++) {
-        size_t log_i = secp256k1_bulletproofs_pp_log2(i);
+        size_t log_i = secp256k1_bppp_log2(i);
        size_t nearest_pow_of_two = (size_t)1 << log_i;
        /* This combines the two multiplications of challenges and r_invs in a
         * single loop.
@ -503,7 +503,7 @@ static int secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(
    s_h[0] = l;
    secp256k1_scalar_set_int(&h_c, 0);
    for (i = 1; i < h_len; i++) {
-        size_t log_i = secp256k1_bulletproofs_pp_log2(i);
+        size_t log_i = secp256k1_bppp_log2(i);
        size_t nearest_pow_of_two = (size_t)1 << log_i;
        secp256k1_scalar_mul(&s_h[i], &s_h[i - nearest_pow_of_two], &es[log_i]);
    }
--- a/src/modules/bulletproofs/bulletproofs_pp_transcript_impl.h
+++ b/src/modules/bulletproofs/bulletproofs_pp_transcript_impl.h
@ -3,17 +3,17 @@
 * Distributed under the MIT software license, see the accompanying   *
 * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
 **********************************************************************/
-#ifndef _SECP256K1_MODULE_BULLETPROOFS_PP_TRANSCRIPT_IMPL_
+#ifndef _SECP256K1_MODULE_BPPP_PP_TRANSCRIPT_IMPL_
-#define _SECP256K1_MODULE_BULLETPROOFS_PP_TRANSCRIPT_IMPL_
+#define _SECP256K1_MODULE_BPPP_PP_TRANSCRIPT_IMPL_
 #include "group.h"
 #include "scalar.h"
-#include "bulletproofs_util.h"
+#include "bppp_util.h"
 /* Initializes SHA256 with fixed midstate. This midstate was computed by applying
 * SHA256 to SHA256("Bulletproofs_pp/v0/commitment")||SHA256("Bulletproofs_pp/v0/commitment").
 */
-static void secp256k1_bulletproofs_pp_sha256_tagged_commitment_init(secp256k1_sha256 *sha) {
+static void secp256k1_bppp_sha256_tagged_commitment_init(secp256k1_sha256 *sha) {
    secp256k1_sha256_initialize(sha);
    sha->s[0] = 0x52fc8185ul;
    sha->s[1] = 0x0e7debf0ul;
@ -28,10 +28,10 @@ static void secp256k1_bulletproofs_pp_sha256_tagged_commitment_init(secp256k1_sh
 }
 /* Obtain a challenge scalar from the current transcript.*/
-static void secp256k1_bulletproofs_challenge_scalar(secp256k1_scalar* ch, const secp256k1_sha256 *transcript, uint64_t idx) {
+static void secp256k1_bppp_challenge_scalar(secp256k1_scalar* ch, const secp256k1_sha256 *transcript, uint64_t idx) {
    unsigned char buf[32];
    secp256k1_sha256 sha = *transcript;
-    secp256k1_bulletproofs_le64(buf, idx);
+    secp256k1_bppp_le64(buf, idx);
    secp256k1_sha256_write(&sha, buf, 8);
    secp256k1_sha256_finalize(&sha, buf);
    secp256k1_scalar_set_b32(ch, buf, NULL);
--- a/src/modules/bulletproofs/bulletproofs_util.h
+++ b/src/modules/bulletproofs/bulletproofs_util.h
@ -4,8 +4,8 @@
 * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
 **********************************************************************/
-#ifndef _SECP256K1_MODULE_BULLETPROOFS_UTIL_
+#ifndef _SECP256K1_MODULE_BPPP_UTIL_
-#define _SECP256K1_MODULE_BULLETPROOFS_UTIL_
+#define _SECP256K1_MODULE_BPPP_UTIL_
 #include "field.h"
 #include "group.h"
@ -15,7 +15,7 @@
 /* Outputs a pair of points, amortizing the parity byte between them
 * Assumes both points' coordinates have been normalized.
 */
-static void secp256k1_bulletproofs_serialize_points(unsigned char *output, const secp256k1_ge *lpt, const secp256k1_ge *rpt) {
+static void secp256k1_bppp_serialize_points(unsigned char *output, const secp256k1_ge *lpt, const secp256k1_ge *rpt) {
    output[0] = (secp256k1_fe_is_odd(&lpt->y) << 1) + secp256k1_fe_is_odd(&rpt->y);
    secp256k1_fe_get_b32(&output[1], &lpt->x);
    secp256k1_fe_get_b32(&output[33], &rpt->x);
@ -23,13 +23,13 @@ static void secp256k1_bulletproofs_serialize_points(unsigned char *output, const
 /* Outputs a serialized point in compressed form. Returns 0 at point at infinity.
 */
-static int secp256k1_bulletproofs_serialize_pt(unsigned char *output, secp256k1_ge *lpt) {
+static int secp256k1_bppp_serialize_pt(unsigned char *output, secp256k1_ge *lpt) {
    size_t size;
    return secp256k1_eckey_pubkey_serialize(lpt, output, &size, 1 /*compressed*/);
 }
 /* little-endian encodes a uint64 */
-static void secp256k1_bulletproofs_le64(unsigned char *output, const uint64_t n) {
+static void secp256k1_bppp_le64(unsigned char *output, const uint64_t n) {
    output[0] = n;
    output[1] = n >> 8;
    output[2] = n >> 16;
@ -49,7 +49,7 @@ static int secp256k1_is_power_of_two(size_t n) {
 * `k` such that 2^k <= n. Assumes n < 2^64. In Bulletproofs, this is bounded
 * by len of input vectors which can be safely assumed to be less than 2^64.
 */
-static size_t secp256k1_bulletproofs_pp_log2(size_t n) {
+static size_t secp256k1_bppp_log2(size_t n) {
    return 64 - 1 - secp256k1_clz64_var((uint64_t)n);
 }
--- a/src/modules/bulletproofs/main.h
+++ b/src/modules/bulletproofs/main.h
@ -1,8 +1,8 @@
-#ifndef SECP256K1_MODULE_BULLETPROOFS_MAIN_H
+#ifndef SECP256K1_MODULE_BPPP_MAIN_H
-#define SECP256K1_MODULE_BULLETPROOFS_MAIN_H
+#define SECP256K1_MODULE_BPPP_MAIN_H
-/* this type must be completed before any of the modules/bulletproofs includes */
+/* this type must be completed before any of the modules/bppp includes */
-struct secp256k1_bulletproofs_generators {
+struct secp256k1_bppp_generators {
    size_t n;
    /* n total generators; includes both G_i and H_i */
    /* For BP++, the generators are G_i from [0..(n - 8)] and the last 8 values
--- a/src/modules/bulletproofs/main_impl.h
+++ b/src/modules/bulletproofs/main_impl.h
@ -4,26 +4,26 @@
 * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
 **********************************************************************/
-#ifndef _SECP256K1_MODULE_BULLETPROOFS_MAIN_
+#ifndef _SECP256K1_MODULE_BPPP_MAIN_
-#define _SECP256K1_MODULE_BULLETPROOFS_MAIN_
+#define _SECP256K1_MODULE_BPPP_MAIN_
-#include "include/secp256k1_bulletproofs.h"
+#include "include/secp256k1_bppp.h"
 #include "include/secp256k1_generator.h"
 #include "modules/generator/main_impl.h" /* for generator_{load, save} */
 #include "hash.h"
 #include "util.h"
-#include "modules/bulletproofs/main.h"
+#include "modules/bppp/main.h"
-#include "modules/bulletproofs/bulletproofs_pp_norm_product_impl.h"
+#include "modules/bppp/bppp_norm_product_impl.h"
-secp256k1_bulletproofs_generators *secp256k1_bulletproofs_generators_create(const secp256k1_context *ctx, size_t n) {
+secp256k1_bppp_generators *secp256k1_bppp_generators_create(const secp256k1_context *ctx, size_t n) {
-    secp256k1_bulletproofs_generators *ret;
+    secp256k1_bppp_generators *ret;
    secp256k1_rfc6979_hmac_sha256 rng;
    unsigned char seed[64];
    size_t i;
    VERIFY_CHECK(ctx != NULL);
-    ret = (secp256k1_bulletproofs_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret));
+    ret = (secp256k1_bppp_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret));
    if (ret == NULL) {
        return NULL;
    }
@ -49,9 +49,9 @@ secp256k1_bulletproofs_generators *secp256k1_bulletproofs_generators_create(cons
    return ret;
 }
-secp256k1_bulletproofs_generators* secp256k1_bulletproofs_generators_parse(const secp256k1_context* ctx, const unsigned char* data, size_t data_len) {
+secp256k1_bppp_generators* secp256k1_bppp_generators_parse(const secp256k1_context* ctx, const unsigned char* data, size_t data_len) {
    size_t n = data_len / 33;
-    secp256k1_bulletproofs_generators* ret;
+    secp256k1_bppp_generators* ret;
    VERIFY_CHECK(ctx != NULL);
    ARG_CHECK(data != NULL);
@ -60,7 +60,7 @@ secp256k1_bulletproofs_generators* secp256k1_bulletproofs_generators_parse(const
        return NULL;
    }
-    ret = (secp256k1_bulletproofs_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret));
+    ret = (secp256k1_bppp_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret));
    if (ret == NULL) {
        return NULL;
    }
@ -83,7 +83,7 @@ secp256k1_bulletproofs_generators* secp256k1_bulletproofs_generators_parse(const
    return ret;
 }
-int secp256k1_bulletproofs_generators_serialize(const secp256k1_context* ctx, const secp256k1_bulletproofs_generators* gens, unsigned char* data, size_t *data_len) {
+int secp256k1_bppp_generators_serialize(const secp256k1_context* ctx, const secp256k1_bppp_generators* gens, unsigned char* data, size_t *data_len) {
    size_t i;
    VERIFY_CHECK(ctx != NULL);
@ -103,7 +103,7 @@ int secp256k1_bulletproofs_generators_serialize(const secp256k1_context* ctx, co
    return 1;
 }
-void secp256k1_bulletproofs_generators_destroy(const secp256k1_context* ctx, secp256k1_bulletproofs_generators *gens) {
+void secp256k1_bppp_generators_destroy(const secp256k1_context* ctx, secp256k1_bppp_generators *gens) {
    VERIFY_CHECK(ctx != NULL);
    (void) ctx;
    if (gens != NULL) {
--- a/src/modules/bulletproofs/test_vectors/verify.h
+++ b/src/modules/bulletproofs/test_vectors/verify.h
--- a/src/modules/bulletproofs/tests_impl.h
+++ b/src/modules/bulletproofs/tests_impl.h
@ -4,23 +4,23 @@
 * file COPYING or http://www.opensource.org/licenses/mit-license.php.*
 **********************************************************************/
-#ifndef _SECP256K1_MODULE_BULLETPROOFS_TEST_
+#ifndef _SECP256K1_MODULE_BPPP_TEST_
-#define _SECP256K1_MODULE_BULLETPROOFS_TEST_
+#define _SECP256K1_MODULE_BPPP_TEST_
 #include <stdint.h>
-#include "include/secp256k1_bulletproofs.h"
+#include "include/secp256k1_bppp.h"
-#include "bulletproofs_pp_norm_product_impl.h"
+#include "bppp_norm_product_impl.h"
-#include "bulletproofs_util.h"
+#include "bppp_util.h"
-#include "bulletproofs_pp_transcript_impl.h"
+#include "bppp_transcript_impl.h"
 #include "test_vectors/verify.h"
-static void test_bulletproofs_generators_api(void) {
+static void test_bppp_generators_api(void) {
    /* The BP generator API requires no precomp */
    secp256k1_context *none = secp256k1_context_create(SECP256K1_CONTEXT_NONE);
-    secp256k1_bulletproofs_generators *gens;
+    secp256k1_bppp_generators *gens;
-    secp256k1_bulletproofs_generators *gens_orig;
+    secp256k1_bppp_generators *gens_orig;
    unsigned char gens_ser[330];
    size_t len = sizeof(gens_ser);
@ -30,47 +30,47 @@ static void test_bulletproofs_generators_api(void) {
    secp256k1_context_set_illegal_callback(none, counting_illegal_callback_fn, &ecount);
    /* Create */
-    gens = secp256k1_bulletproofs_generators_create(none, 10);
+    gens = secp256k1_bppp_generators_create(none, 10);
    CHECK(gens != NULL && ecount == 0);
    gens_orig = gens; /* Preserve for round-trip test */
    /* Serialize */
    ecount = 0;
-    CHECK(!secp256k1_bulletproofs_generators_serialize(none, NULL, gens_ser, &len));
+    CHECK(!secp256k1_bppp_generators_serialize(none, NULL, gens_ser, &len));
    CHECK(ecount == 1);
-    CHECK(!secp256k1_bulletproofs_generators_serialize(none, gens, NULL, &len));
+    CHECK(!secp256k1_bppp_generators_serialize(none, gens, NULL, &len));
    CHECK(ecount == 2);
-    CHECK(!secp256k1_bulletproofs_generators_serialize(none, gens, gens_ser, NULL));
+    CHECK(!secp256k1_bppp_generators_serialize(none, gens, gens_ser, NULL));
    CHECK(ecount == 3);
    len = 0;
-    CHECK(!secp256k1_bulletproofs_generators_serialize(none, gens, gens_ser, &len));
+    CHECK(!secp256k1_bppp_generators_serialize(none, gens, gens_ser, &len));
    CHECK(ecount == 4);
    len = sizeof(gens_ser) - 1;
-    CHECK(!secp256k1_bulletproofs_generators_serialize(none, gens, gens_ser, &len));
+    CHECK(!secp256k1_bppp_generators_serialize(none, gens, gens_ser, &len));
    CHECK(ecount == 5);
    len = sizeof(gens_ser);
    {
        /* Output buffer can be greater than minimum needed */
        unsigned char gens_ser_tmp[331];
        size_t len_tmp = sizeof(gens_ser_tmp);
-        CHECK(secp256k1_bulletproofs_generators_serialize(none, gens, gens_ser_tmp, &len_tmp));
+        CHECK(secp256k1_bppp_generators_serialize(none, gens, gens_ser_tmp, &len_tmp));
        CHECK(len_tmp == sizeof(gens_ser_tmp) - 1);
        CHECK(ecount == 5);
    }
    /* Parse */
-    CHECK(secp256k1_bulletproofs_generators_serialize(none, gens, gens_ser, &len));
+    CHECK(secp256k1_bppp_generators_serialize(none, gens, gens_ser, &len));
    ecount = 0;
-    gens = secp256k1_bulletproofs_generators_parse(none, NULL, sizeof(gens_ser));
+    gens = secp256k1_bppp_generators_parse(none, NULL, sizeof(gens_ser));
    CHECK(gens == NULL && ecount == 1);
    /* Not a multiple of 33 */
-    gens = secp256k1_bulletproofs_generators_parse(none, gens_ser, sizeof(gens_ser) - 1);
+    gens = secp256k1_bppp_generators_parse(none, gens_ser, sizeof(gens_ser) - 1);
    CHECK(gens == NULL && ecount == 1);
-    gens = secp256k1_bulletproofs_generators_parse(none, gens_ser, sizeof(gens_ser));
+    gens = secp256k1_bppp_generators_parse(none, gens_ser, sizeof(gens_ser));
    CHECK(gens != NULL && ecount == 1);
    /* Not valid generators */
    memset(gens_ser, 1, sizeof(gens_ser));
-    CHECK(secp256k1_bulletproofs_generators_parse(none, gens_ser, sizeof(gens_ser)) == NULL);
+    CHECK(secp256k1_bppp_generators_parse(none, gens_ser, sizeof(gens_ser)) == NULL);
    CHECK(ecount == 1);
    /* Check that round-trip succeeded */
@ -81,16 +81,16 @@ static void test_bulletproofs_generators_api(void) {
    /* Destroy (we allow destroying a NULL context, it's just a noop. like free().) */
    ecount = 0;
-    secp256k1_bulletproofs_generators_destroy(none, NULL);
+    secp256k1_bppp_generators_destroy(none, NULL);
-    secp256k1_bulletproofs_generators_destroy(none, gens);
+    secp256k1_bppp_generators_destroy(none, gens);
-    secp256k1_bulletproofs_generators_destroy(none, gens_orig);
+    secp256k1_bppp_generators_destroy(none, gens_orig);
    CHECK(ecount == 0);
    secp256k1_context_destroy(none);
 }
-static void test_bulletproofs_generators_fixed(void) {
+static void test_bppp_generators_fixed(void) {
-    secp256k1_bulletproofs_generators *gens = secp256k1_bulletproofs_generators_create(ctx, 3);
+    secp256k1_bppp_generators *gens = secp256k1_bppp_generators_create(ctx, 3);
    unsigned char gens_ser[330];
    const unsigned char fixed_first_3[99] = {
        0x0b,
@ -112,17 +112,17 @@ static void test_bulletproofs_generators_fixed(void) {
    size_t len;
    len = 99;
-    CHECK(secp256k1_bulletproofs_generators_serialize(ctx, gens, gens_ser, &len));
+    CHECK(secp256k1_bppp_generators_serialize(ctx, gens, gens_ser, &len));
    CHECK(memcmp(gens_ser, fixed_first_3, sizeof(fixed_first_3)) == 0);
    len = sizeof(gens_ser);
-    CHECK(secp256k1_bulletproofs_generators_serialize(ctx, gens, gens_ser, &len));
+    CHECK(secp256k1_bppp_generators_serialize(ctx, gens, gens_ser, &len));
    CHECK(memcmp(gens_ser, fixed_first_3, sizeof(fixed_first_3)) == 0);
-    secp256k1_bulletproofs_generators_destroy(ctx, gens);
+    secp256k1_bppp_generators_destroy(ctx, gens);
 }
-static void test_bulletproofs_pp_tagged_hash(void) {
+static void test_bppp_tagged_hash(void) {
    unsigned char tag_data[29] = "Bulletproofs_pp/v0/commitment";
    secp256k1_sha256 sha;
    secp256k1_sha256 sha_cached;
@ -131,7 +131,7 @@ static void test_bulletproofs_pp_tagged_hash(void) {
    secp256k1_scalar s;
    secp256k1_sha256_initialize_tagged(&sha, tag_data, sizeof(tag_data));
-    secp256k1_bulletproofs_pp_sha256_tagged_commitment_init(&sha_cached);
+    secp256k1_bppp_sha256_tagged_commitment_init(&sha_cached);
    secp256k1_sha256_finalize(&sha, output);
    secp256k1_sha256_finalize(&sha_cached, output_cached);
    CHECK(secp256k1_memcmp_var(output, output_cached, 32) == 0);
@ -141,8 +141,8 @@ static void test_bulletproofs_pp_tagged_hash(void) {
                                       0xF6, 0x91, 0x15, 0xEE, 0x74, 0xF5, 0x12, 0x67,
                                       0x8A, 0x41, 0xC6, 0x85, 0x1A, 0x79, 0x14, 0xFC,
                                       0x48, 0x15, 0xC7, 0x2D, 0xF8, 0x63, 0x8F, 0x1B };
-        secp256k1_bulletproofs_pp_sha256_tagged_commitment_init(&sha);
+        secp256k1_bppp_sha256_tagged_commitment_init(&sha);
-        secp256k1_bulletproofs_challenge_scalar(&s, &sha, 0);
+        secp256k1_bppp_challenge_scalar(&s, &sha, 0);
        secp256k1_scalar_get_b32(output, &s);
        CHECK(memcmp(output, expected, sizeof(output)) == 0);
    }
@ -154,7 +154,7 @@ static void test_bulletproofs_pp_tagged_hash(void) {
                                       0x69, 0x4D, 0xAA, 0x96, 0xCE, 0x98, 0xBB, 0x39,
                                       0x1C, 0x2F, 0x7C, 0x2E, 0x1C, 0x17, 0x78, 0x6D };
        secp256k1_sha256_write(&sha, tmp, sizeof(tmp));
-        secp256k1_bulletproofs_challenge_scalar(&s, &sha, 0);
+        secp256k1_bppp_challenge_scalar(&s, &sha, 0);
        secp256k1_scalar_get_b32(output, &s);
        CHECK(memcmp(output, expected, sizeof(output)) == 0);
    }
@ -168,11 +168,11 @@ void test_log_exp(void) {
    CHECK(secp256k1_is_power_of_two(63) == 0);
    CHECK(secp256k1_is_power_of_two(256) == 1);
-    CHECK(secp256k1_bulletproofs_pp_log2(1) == 0);
+    CHECK(secp256k1_bppp_log2(1) == 0);
-    CHECK(secp256k1_bulletproofs_pp_log2(2) == 1);
+    CHECK(secp256k1_bppp_log2(2) == 1);
-    CHECK(secp256k1_bulletproofs_pp_log2(255) == 7);
+    CHECK(secp256k1_bppp_log2(255) == 7);
-    CHECK(secp256k1_bulletproofs_pp_log2(256) == 8);
+    CHECK(secp256k1_bppp_log2(256) == 8);
-    CHECK(secp256k1_bulletproofs_pp_log2(257) == 8);
+    CHECK(secp256k1_bppp_log2(257) == 8);
 }
 void test_norm_util_helpers(void) {
@ -205,7 +205,7 @@ void test_norm_util_helpers(void) {
    secp256k1_scalar_set_int(&res2, 4740); /*i*i*4^(i+1) */
    CHECK(secp256k1_scalar_eq(&res2, &res) == 1);
-    secp256k1_bulletproofs_powers_of_r(r_pows, &r, 4);
+    secp256k1_bppp_powers_of_r(r_pows, &r, 4);
    secp256k1_scalar_set_int(&res, 2); CHECK(secp256k1_scalar_eq(&res, &r_pows[0]));
    secp256k1_scalar_set_int(&res, 4); CHECK(secp256k1_scalar_eq(&res, &r_pows[1]));
    secp256k1_scalar_set_int(&res, 16); CHECK(secp256k1_scalar_eq(&res, &r_pows[2]));
@ -215,7 +215,7 @@ void test_norm_util_helpers(void) {
 static void secp256k1_norm_arg_commit_initial_data(
    secp256k1_sha256* transcript,
    const secp256k1_scalar* r,
-    const secp256k1_bulletproofs_generators* gens_vec,
+    const secp256k1_bppp_generators* gens_vec,
    size_t g_len, /* Same as n_vec_len, g_len + c_vec_len = gens->n */
    const secp256k1_scalar* c_vec,
    size_t c_vec_len,
@ -225,25 +225,25 @@ static void secp256k1_norm_arg_commit_initial_data(
    unsigned char ser_commit[33], ser_scalar[32], ser_le64[8];
    size_t i;
    secp256k1_ge comm = *commit;
-    secp256k1_bulletproofs_pp_sha256_tagged_commitment_init(transcript);
+    secp256k1_bppp_sha256_tagged_commitment_init(transcript);
    secp256k1_fe_normalize(&comm.x);
    secp256k1_fe_normalize(&comm.y);
    CHECK(secp256k1_ge_is_infinity(&comm) == 0);
-    CHECK(secp256k1_bulletproofs_serialize_pt(&ser_commit[0], &comm));
+    CHECK(secp256k1_bppp_serialize_pt(&ser_commit[0], &comm));
    secp256k1_sha256_write(transcript, ser_commit, 33);
    secp256k1_scalar_get_b32(ser_scalar, r);
    secp256k1_sha256_write(transcript, ser_scalar, 32);
-    secp256k1_bulletproofs_le64(ser_le64, g_len);
+    secp256k1_bppp_le64(ser_le64, g_len);
    secp256k1_sha256_write(transcript, ser_le64, 8);
-    secp256k1_bulletproofs_le64(ser_le64, gens_vec->n);
+    secp256k1_bppp_le64(ser_le64, gens_vec->n);
    secp256k1_sha256_write(transcript, ser_le64, 8);
    for (i = 0; i < gens_vec->n; i++) {
        secp256k1_fe_normalize(&gens_vec->gens[i].x);
        secp256k1_fe_normalize(&gens_vec->gens[i].y);
-        CHECK(secp256k1_bulletproofs_serialize_pt(&ser_commit[0], &gens_vec->gens[i]));
+        CHECK(secp256k1_bppp_serialize_pt(&ser_commit[0], &gens_vec->gens[i]));
        secp256k1_sha256_write(transcript, ser_commit, 33);
    }
-    secp256k1_bulletproofs_le64(ser_le64, c_vec_len);
+    secp256k1_bppp_le64(ser_le64, c_vec_len);
    secp256k1_sha256_write(transcript, ser_le64, 8);
    for (i = 0; i < c_vec_len; i++) {
        secp256k1_scalar_get_b32(ser_scalar, &c_vec[i]);
@ -273,9 +273,9 @@ static void copy_vectors_into_scratch(secp256k1_scratch_space* scratch,
    memcpy(*gs, gens_vec, (g_len + h_len) * sizeof(secp256k1_ge));
 }
-/* A complete norm argument. In contrast to secp256k1_bulletproofs_pp_rangeproof_norm_product_prove, this is meant
+/* A complete norm argument. In contrast to secp256k1_bppp_rangeproof_norm_product_prove, this is meant
   to be used as a standalone norm argument.
-   This is a simple wrapper around secp256k1_bulletproofs_pp_rangeproof_norm_product_prove
+   This is a simple wrapper around secp256k1_bppp_rangeproof_norm_product_prove
   that also commits to the initial public values used in the protocol. In this case, these public
   values are commitment.
 */
@ -284,7 +284,7 @@ static int secp256k1_norm_arg_prove(
    unsigned char* proof,
    size_t *proof_len,
    const secp256k1_scalar* r,
-    const secp256k1_bulletproofs_generators* gens_vec,
+    const secp256k1_bppp_generators* gens_vec,
    const secp256k1_scalar* n_vec,
    size_t n_vec_len,
    const secp256k1_scalar* l_vec,
@ -307,7 +307,7 @@ static int secp256k1_norm_arg_prove(
    /* Commit to the initial public values */
    secp256k1_norm_arg_commit_initial_data(&transcript, r, gens_vec, g_len, c_vec, c_vec_len, &comm);
-    res = secp256k1_bulletproofs_pp_rangeproof_norm_product_prove(
+    res = secp256k1_bppp_rangeproof_norm_product_prove(
        ctx,
        scratch,
        proof,
@ -333,7 +333,7 @@ static int secp256k1_norm_arg_verify(
    const unsigned char* proof,
    size_t proof_len,
    const secp256k1_scalar* r,
-    const secp256k1_bulletproofs_generators* gens_vec,
+    const secp256k1_bppp_generators* gens_vec,
    size_t g_len,
    const secp256k1_scalar* c_vec,
    size_t c_vec_len,
@ -346,7 +346,7 @@ static int secp256k1_norm_arg_verify(
    /* Commit to the initial public values */
    secp256k1_norm_arg_commit_initial_data(&transcript, r, gens_vec, g_len, c_vec, c_vec_len, &comm);
-    res = secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(
+    res = secp256k1_bppp_rangeproof_norm_product_verify(
        ctx,
        scratch,
        proof,
@ -379,26 +379,26 @@ void norm_arg_zero(void) {
        size_t plen = sizeof(proof);
        unsigned int n_vec_len = 1;
        unsigned int c_vec_len = 1;
-        secp256k1_bulletproofs_generators *gens = secp256k1_bulletproofs_generators_create(ctx, n_vec_len + c_vec_len);
+        secp256k1_bppp_generators *gens = secp256k1_bppp_generators_create(ctx, n_vec_len + c_vec_len);
        secp256k1_scalar_set_int(&n_vec[0], 0);
        secp256k1_scalar_set_int(&l_vec[0], 0);
        random_scalar_order(&c_vec[0]);
        secp256k1_sha256_initialize(&transcript); /* No challenges used in n = 1, l = 1, but we set transcript as a good practice*/
-        CHECK(secp256k1_bulletproofs_commit(ctx, scratch, &commit, gens, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &q));
+        CHECK(secp256k1_bppp_commit(ctx, scratch, &commit, gens, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &q));
        {
            secp256k1_scalar *ns, *ls, *cs;
            secp256k1_ge *gs;
            size_t scratch_checkpoint = secp256k1_scratch_checkpoint(&ctx->error_callback, scratch);
            copy_vectors_into_scratch(scratch, &ns, &ls, &cs, &gs, n_vec, l_vec, c_vec, gens->gens, n_vec_len, c_vec_len);
-            CHECK(secp256k1_bulletproofs_pp_rangeproof_norm_product_prove(ctx, scratch, proof, &plen, &transcript, &r, gs, gens->n, ns, n_vec_len, ls, c_vec_len, cs, c_vec_len));
+            CHECK(secp256k1_bppp_rangeproof_norm_product_prove(ctx, scratch, proof, &plen, &transcript, &r, gs, gens->n, ns, n_vec_len, ls, c_vec_len, cs, c_vec_len));
            secp256k1_scratch_apply_checkpoint(&ctx->error_callback, scratch, scratch_checkpoint);
        }
        secp256k1_sha256_initialize(&transcript);
-        CHECK(secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &r, gens, c_vec_len, c_vec, c_vec_len, &commit));
+        CHECK(secp256k1_bppp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &r, gens, c_vec_len, c_vec, c_vec_len, &commit));
-        secp256k1_bulletproofs_generators_destroy(ctx, gens);
+        secp256k1_bppp_generators_destroy(ctx, gens);
    }
    /* l is the zero vector and longer than n. This results in one of the
@ -406,7 +406,7 @@ void norm_arg_zero(void) {
    {
        unsigned int n_vec_len = 1;
        unsigned int c_vec_len = 2;
-        secp256k1_bulletproofs_generators *gs = secp256k1_bulletproofs_generators_create(ctx, n_vec_len + c_vec_len);
+        secp256k1_bppp_generators *gs = secp256k1_bppp_generators_create(ctx, n_vec_len + c_vec_len);
        size_t plen = sizeof(proof);
        for (i = 0; i < n_vec_len; i++) {
            random_scalar_order(&n_vec[i]);
@ -415,9 +415,9 @@ void norm_arg_zero(void) {
            secp256k1_scalar_set_int(&l_vec[i], 0);
            random_scalar_order(&c_vec[i]);
        }
-        CHECK(secp256k1_bulletproofs_commit(ctx, scratch, &commit, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &q));
+        CHECK(secp256k1_bppp_commit(ctx, scratch, &commit, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &q));
        CHECK(!secp256k1_norm_arg_prove(scratch, proof, &plen, &r, gs, n_vec, n_vec_len, l_vec, c_vec_len, c_vec, c_vec_len, &commit));
-        secp256k1_bulletproofs_generators_destroy(ctx, gs);
+        secp256k1_bppp_generators_destroy(ctx, gs);
    }
    secp256k1_scratch_space_destroy(ctx, scratch);
@ -429,7 +429,7 @@ void norm_arg_test(unsigned int n, unsigned int m) {
    secp256k1_ge commit;
    size_t i, plen;
    int res;
-    secp256k1_bulletproofs_generators *gs = secp256k1_bulletproofs_generators_create(ctx, n + m);
+    secp256k1_bppp_generators *gs = secp256k1_bppp_generators_create(ctx, n + m);
    secp256k1_scratch *scratch = secp256k1_scratch_space_create(ctx, 1000*1000); /* shouldn't need much */
    unsigned char proof[1000];
    plen = 1000;
@ -445,7 +445,7 @@ void norm_arg_test(unsigned int n, unsigned int m) {
        random_scalar_order(&c_vec[i]);
    }
-    res = secp256k1_bulletproofs_commit(ctx, scratch, &commit, gs, n_vec, n, l_vec, m, c_vec, m, &q);
+    res = secp256k1_bppp_commit(ctx, scratch, &commit, gs, n_vec, n, l_vec, m, c_vec, m, &q);
    CHECK(res == 1);
    res = secp256k1_norm_arg_prove(scratch, proof, &plen, &r, gs, n_vec, n, l_vec, m, c_vec, m, &commit);
    CHECK(res == 1);
@ -462,13 +462,13 @@ void norm_arg_test(unsigned int n, unsigned int m) {
    CHECK(res == 0);
    secp256k1_scratch_space_destroy(ctx, scratch);
-    secp256k1_bulletproofs_generators_destroy(ctx, gs);
+    secp256k1_bppp_generators_destroy(ctx, gs);
 }
 /* Parses generators from points compressed as pubkeys */
-secp256k1_bulletproofs_generators* bulletproofs_generators_parse_regular(const unsigned char* data, size_t data_len) {
+secp256k1_bppp_generators* bppp_generators_parse_regular(const unsigned char* data, size_t data_len) {
    size_t n = data_len / 33;
-    secp256k1_bulletproofs_generators* ret;
+    secp256k1_bppp_generators* ret;
    VERIFY_CHECK(ctx != NULL);
    ARG_CHECK(data != NULL);
@ -477,7 +477,7 @@ secp256k1_bulletproofs_generators* bulletproofs_generators_parse_regular(const u
        return NULL;
    }
-    ret = (secp256k1_bulletproofs_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret));
+    ret = (secp256k1_bppp_generators *)checked_malloc(&ctx->error_callback, sizeof(*ret));
    if (ret == NULL) {
        return NULL;
    }
@ -500,7 +500,7 @@ secp256k1_bulletproofs_generators* bulletproofs_generators_parse_regular(const u
 int norm_arg_verify_vectors_helper(secp256k1_scratch *scratch, const unsigned char *gens, const unsigned char *proof, size_t plen, const unsigned char *r32, size_t n_vec_len, const unsigned char c_vec32[][32], secp256k1_scalar *c_vec, size_t c_vec_len, const unsigned char *commit33) {
    secp256k1_sha256 transcript;
-    secp256k1_bulletproofs_generators *gs = bulletproofs_generators_parse_regular(gens, 33*(n_vec_len + c_vec_len));
+    secp256k1_bppp_generators *gs = bppp_generators_parse_regular(gens, 33*(n_vec_len + c_vec_len));
    secp256k1_scalar r;
    secp256k1_ge commit;
    int overflow;
@ -518,9 +518,9 @@ int norm_arg_verify_vectors_helper(secp256k1_scratch *scratch, const unsigned ch
        CHECK(!overflow);
    }
    CHECK(secp256k1_eckey_pubkey_parse(&commit, commit33, 33));
-    ret = secp256k1_bulletproofs_pp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &r, gs, n_vec_len, c_vec, c_vec_len, &commit);
+    ret = secp256k1_bppp_rangeproof_norm_product_verify(ctx, scratch, proof, plen, &transcript, &r, gs, n_vec_len, c_vec, c_vec_len, &commit);
-    secp256k1_bulletproofs_generators_destroy(ctx, gs);
+    secp256k1_bppp_generators_destroy(ctx, gs);
    return ret;
 }
@ -545,12 +545,12 @@ void norm_arg_verify_vectors(void) {
 }
 #undef IDX_TO_TEST
-void run_bulletproofs_tests(void) {
+void run_bppp_tests(void) {
    test_log_exp();
    test_norm_util_helpers();
-    test_bulletproofs_generators_api();
+    test_bppp_generators_api();
-    test_bulletproofs_generators_fixed();
+    test_bppp_generators_fixed();
-    test_bulletproofs_pp_tagged_hash();
+    test_bppp_tagged_hash();
    norm_arg_zero();
    norm_arg_test(1, 1);
--- a/src/modules/bulletproofs/Makefile.am.include
+++ b/src/modules/bulletproofs/Makefile.am.include
@ -1,13 +0,0 @@
 include_HEADERS += include/secp256k1_bulletproofs.h
 noinst_HEADERS += src/modules/bulletproofs/bulletproofs_util.h
 noinst_HEADERS += src/modules/bulletproofs/main_impl.h
 noinst_HEADERS += src/modules/bulletproofs/bulletproofs_pp_transcript_impl.h
 noinst_HEADERS += src/modules/bulletproofs/bulletproofs_pp_norm_product_impl.h
 noinst_HEADERS += src/modules/bulletproofs/tests_impl.h
 if USE_BENCHMARK
 noinst_PROGRAMS += bench_bulletproofs
 bench_bulletproofs_SOURCES = src/bench_bulletproofs.c
 bench_bulletproofs_LDADD = libsecp256k1.la $(SECP_LIBS)
 bench_bulletproofs_LDFLAGS = -static
 endif
--- a/src/secp256k1.c
+++ b/src/secp256k1.c
@ -800,8 +800,8 @@ int secp256k1_tagged_sha256(const secp256k1_context* ctx, unsigned char *hash32,
    return 1;
 }
-#ifdef ENABLE_MODULE_BULLETPROOFS
+#ifdef ENABLE_MODULE_BPPP
-# include "modules/bulletproofs/main_impl.h"
+# include "modules/bppp/main_impl.h"
 #endif
 #ifdef ENABLE_MODULE_ECDH
--- a/src/tests.c
+++ b/src/tests.c
@ -7132,8 +7132,8 @@ void run_ecdsa_edge_cases(void) {
    test_ecdsa_edge_cases();
 }
-#ifdef ENABLE_MODULE_BULLETPROOFS
+#ifdef ENABLE_MODULE_BPPP
-# include "modules/bulletproofs/tests_impl.h"
+# include "modules/bppp/tests_impl.h"
 #endif
 #ifdef ENABLE_MODULE_ECDH
@ -7456,8 +7456,8 @@ int main(int argc, char **argv) {
    /* EC key arithmetic test */
    run_eckey_negate_test();
-#ifdef ENABLE_MODULE_BULLETPROOFS
+#ifdef ENABLE_MODULE_BPPP
-    run_bulletproofs_tests();
+    run_bppp_tests();
 #endif
 #ifdef ENABLE_MODULE_ECDH