https://github.com/kayabaNerve/fcmp-ringct/blob/divisor-paper/divisors.pdf posits a 7-multiplicative-constraint proof of scaling with a k-bit scalar. This technique can be used to prove a Pedersen Commitment opens to a value within a i-bit range more efficiently than traditional bit commitments.
- Perform a proof of scaling for a
k-bit scalar and the blinding generatorH(7 multiplicative constraints). - Perform a proof of scaling for an
i-bit scalar and the binding generatorG(7 multiplicative constraints). - Perform an incomplete addition (3 multiplicative constraints).
This makes the proof in total use 17 multiplicative constraints, not the traditional i. It does require commiting to 2(k+i) values however, where a vector commitment can have as many items as rows in the IPA multiplied by two, and each vector commitment grows the proof by 4 elements and itself.
This does not actually prove the commitment has an i-bit value. The divisor may interpolate any of the i-powers of 2 up to i times. Accordingly, it could be a proof the commitment has a value of size i * 2**(i-1) (where this is a complete proof for the range 0 .. 2**i and only an incomplete range for 2**i ..= i * 2**(i-1)). Hence the "Fuzzy".