Lack Of Privacy Sidelines Institutions From Web3

Soda Labs’ Garbled Circuits Are Their Gateway

Our implementation of on-chain Garbled Circuits-based MPC offers a fast, flexible approach to decentralized confidential computing – enabling a wide variety of private and compliant Web3 applications.

There is intense institutional interest in blockchain. Amid technological advances and growing regulatory clarity, corporations are recognizing the potential of an immutable, open, programmable ledger of transactions for everything from international payments and financial transactions to supply chain logistics and machine learning. The benefits of security, trustlessness and automation are powerful incentives for adoption.

There is, however, one major hurdle still to overcome: Privacy.

Open public blockchains are transparent by default. Transparency provides the auditability required to allow anyone to verify the contents of the ledger, ensuring its integrity and enabling anyone to secure the network and process transactions. Transparency is therefore necessary for decentralization – and yet unmitigated transparency is a disaster for businesses and end users.

 

Why Full Transparency Is A Dealbreake

The drawbacks of blockchain’s transparency are well-known. For retail users, there are a number of threats:

• MEV attacks. Since transactions waiting in the mempool are visible, bots can exploit the information they contain, paying higher gas fees to ensure their transactions are confirmed first. Trades may be front-run, back-run, or sandwich attacked, and bots can collect liquidation rewards or snipe NFTs ahead of real users. The results are worse slippage, missed opportunities, and higher gas costs across the board.
• Spear phishing. When every blockchain address is transparently visible, users are at greater risk for targeted attacks, including phishing, malware, social engineering, and address poisoning.
• Physical attacks. Where an address can be linked to a real-world identity, there is heightened risk of extortion and kidnapping.

 

For institutions, there are additional concerns around maintaining compliance with AML/KYC laws, and data protection legislation. Transactions must not only be private, but auditable, so that users can provide relevant information to the authorities when it is requested.

At present, these issues have made it impossible for institutions to adopt blockchain at scale. Organizations including JP Morgan, the ECB, Deloitte, and many others have all pointed to privacy as a significant condition for widespread use of blockchain. 

Conversely, once robust, compliant privacy has been solved, billions or even trillions of dollars of capital are set to move on-chain. For example, a recent report by Standard Chartered forecast that tokenized assets (RWAs) could become a $30 trillion market by 2034.

Institutions are waiting for privacy, yet existing solutions have been limited in one way or another. Soda Labs’ work, which is based on a ground-breaking on-chain implementation of garbled circuits-based MPC, is set to change that.

 

What Are Garbled Circuits (GCs)?

Garbled circuits (GCs) were first proposed in the 1980s by cryptographer Andrew Yao to solve the problem of allowing two parties to jointly compute a function without revealing sensitive information, either to each other or to a trusted third party. The classic example is the “Millionaires’ Problem”. Two people want to know who is wealthier, without revealing how much money they actually own to each other. Yao’s solution allows each party to encrypt their inputs (their wealth), and feed them into an encrypted function that outputs a value to indicate only which input is larger.

In simplified terms, a garbled circuit can be thought of a little like an encrypted flow chart:

• Any mathematical or computational function can be described as a Boolean circuit, or a series of arithmetic or logic gates (ADD, SUB, AND, OR, NOT, XOR, etc). This can be implemented as hardware or software.
• Each gate takes one or more inputs, and produces an output.
• The entire circuit is encrypted (garbled) in such a way that each wire (input or output path) in the circuit is associated with random cryptographic keys that represent the possible values that go through that wire. Each gate is encoded so that it can only be correctly evaluated using the right combination of encrypted inputs.
• An entity (or party, or a distributed protocol) called the garbler builds this encrypted version of the circuit and sends it to the execution entity (network nodes), called the evaluator, along with their encrypted input.
• The evaluator network then executes the garbled circuit gate-by-gate, obtaining a final encrypted output. Since all values are encrypted, no information about the intermediate values are leaked. The network can decrypt the output should the result be needed in cleartext for the application.

 

This approach can be applied to any function, including on-chain operations. Any number of parties can jointly compute a function, without learning anything about the others’ inputs, and without revealing any information to external parties.

 

What Makes GCs A Unique Privacy Solution?

There are several technologies that support decentralized confidential computing (DeCC), including Zero-Knowledge Proofs (ZKPs), Fully Homomorphic Encryption (FHE), and Trusted Execution Environments (TEEs). However, garbled circuits offer a combination of advantages that makes them the only viable solution for Web3 currently on the market.

 

Zero-Knowledge Proofs (ZKPs)

ZKPs are powerful cryptographic operations that allow someone to prove a statement is true without revealing any additional information. In the blockchain space they are used for privacy coins like Zcash, and scaling solutions like ZK-rollups, such as zkSync and Scroll. A user can prove they have coins to spend without revealing their balance or address (Zcash), or a ZK-rollup can post a proof to Ethereum mainnet that shows a batch of transactions is valid, without needing to provide detailed information for each transaction.

However, ZKPs have some drawbacks. Unlike garbled circuits, they do not support computation on shared state (using data from multiple participants), so are not suited to DeFi operations like DEX trades or auctions. ZK proofs are also computationally expensive (for the prover side, namely, the end user), while garbled circuits are fast and lightweight.

Fully Homomorphic Encryption (FHE)

FHE is a flexible approach that – like garbled circuits – enables computation on encrypted data, including data from multiple users. FHE is, however, inefficient.

Key sizes and ciphertexts for FHE are very large, which has implications for on-chain storage and bandwidth requirements. FHE also has far more intense computational demands, and is significantly slower than GCs (this can reach 1,000-10,000x slowdown in a lab environment). While hardware acceleration for FHE will help address this, it entails additional operational costs and friction, as with ASIC mining. Lastly, the cryptography underpinning FHE is relatively untested.

Garbled circuits use NIST-standard cryptography. Specifically, ciphertexts are in the AES-CTR format, which is well-established (and quantum-resistant). Such encryption is used to run 99.9% of our internet and databases and so working with a GC-based solution is very natural. GCs are fast enough to support even the most demanding applications, and lightweight enough to run on an ordinary mobile device, with no specialist hardware needed.

Trusted Execution Environments (TEEs)

TEEs are secure hardware devices designed to protect sensitive operations from unauthorized access. They are fast and offer a high degree of flexibility, supporting computation on shared state. However, by nature they are trusted, with single points of failure that can be and have been exploited, including via supply chain attacks. Because they are physical hardware, they also have higher costs than GCs, which is a software-only solution. Soda Labs’ implementation of GCs allows for third-party audits, avoiding the potential problem of collusion.

Use Cases

This unique combination of features means that GCs are suited to the full spectrum of Web3 operations:

• Private payments
• Confidential, compliant DeFi
• Private auctions
• Confidential voting and governance
• Fair gaming and on-chain randomness
• Secure, decentralized KYC
• Encrypted data analysis, including AI and ML
• Any other on-chain activity

Soda Labs’ On-Chain Solutions

Our fast, low-cost implementation of garbled circuits has been designed for on-chain environments, and is available in two forms.

Soda’s solution can be deployed as a standalone L2 network. An example of this is already in production with COTI, a gcEVM L2. Since its mainnet launch in March 2025, COTI has already attracted dozens of partners from DeFi, AI, gaming, and other areas of Web3, and has reached millions of daily transactions.

Alternatively, Soda’s technology can be deployed as a co-processor layer for existing networks, including Ethereum, Base, Polygon, or other EVM L2s. In the future, it will also be available for non-EVM networks like Solana.

This offers a native and seamless way to access compliant privacy features on established chains, via a similar method to the way services like Chainlink provide access to real-world data. No specialist programming languages are needed, beyond Solidity or your blockchain-native programming language, and the solution does not require extensive changes to dApps’ code.

To find out more about Soda Labs’ work on garbled circuits, explore our documentation, join the gcEVM Vanguards Telegram group, or stay up to date with the latest developments by following the project on X.