How Garbled Circuits Are Emerging As A Leading Web3 Privacy Technology

Amid a flurry of interest in decentralized confidential computing (DeCC), garbled circuits are gaining traction in the blockchain space in applications from private Ethereum transactions to Web2 data bridges and even Bitcoin scaling solutions – quietly redefining the future of privacy in Web3.

Garbled Circuits (GCs) are a cryptographic technique that enables secure computation on encrypted data, allowing parties to jointly compute a function without revealing their private inputs.

First introduced by computer scientist Andrew Yao in the 1980s, GCs enable two or more users to submit information to any computational operation, without leaking any sensitive data at any point in the process. The logic for the computation is encrypted, and only the output is revealed.

The classic example of an application of a garbled circuit is the Millionaires’ Problem, also articulated by Yao. Two people want to know who is richer, without revealing their actual wealth to each other. A garbled circuit can be designed that takes encrypted inputs from both parties, and outputs a simple result – 1 or 0 – that indicates who is wealthier.

Any mathematical operation can be represented as a garbled circuit, enabling secure multi-party computation (MPC) for any number of inputs. This makes GC a promising technology for DeFi and Web3 applications, where interactions between multiple users and smart contracts are often required.

Combining Efficiency And Flexibility

Garbled circuits join a number of other approaches to privacy used in the Web3 space. Newer approaches often steal the spotlight. Two examples are zero-knowledge proofs (ZKPs), which were developed in the late 1980s and early 1990s, and fully homomorphic encryption (FHE), which wasn’t practically possible until 2009.

GCs have significant advantages over both of these technologies. ZKPs are a powerful cryptographic tool that enables one party to prove to another that a statement is true without revealing any additional information beyond the statement’s validity. However, unlike GCs, they are not suited to computation with multiple inputs.

While FHE does support computation on shared state, it is slow and inefficient. GCs offer performance that is three to four orders of magnitude better than FHE – roughly the equivalent of reducing a process from an entire day to a single minute or even a second, or from a minute to just milliseconds.

Importantly, GCs can be implemented using NIST-standard cryptography such as AES, rather than employing untested schemes. This makes garbled circuits an underappreciated workhorse for privacy-preserving and verifiability tech.

Garbled Circuits In The Web3 Space

As a result of this set of properties, garbled circuits are gaining traction in the Web3 space and seeing real-world adoption across a range of different privacy-focused use cases. Below, we explore three key areas in which GCs are already making a difference.

gcVM: Encrypted Smart Contracts

Soda Labs has developed a secure computation engine, powered by garbled circuits, that integrates into existing blockchain networks. That engine is run by multiple parties and allows performing computation on standardized encrypted data without revealing it, unless the application level demands that.

One example of it is the gcEVM, which is the integration of the secure computation engine into a layer 2, resulting in a layer 2 that is inherently privacy preserving. In the gcEVM, any contract variable marked as “private” remains encrypted during execution. The network’s nodes can still apply the contract’s functionality to the private variables, without ever decrypting the value, effectively bringing on-chain privacy to Ethereum transactions.

This provides an all-purpose Ethereum-compatible platform, enabling confidential smart contracts for any use case. Theoretically, any DeFi or Web3 application can be run on the gcEVM, including confidential token transfers and DEX trades, private auctions and prediction markets, NFT mints, and more.

zkTLS: Web2-3 Bridge

zkTLS is a cryptographic protocol that combines Transport Layer Security (TLS), the standard protocol for secure data transmission over the internet, with Zero-Knowledge Proofs (ZKPs), to enable secure and private data communication while allowing verification of information without revealing any sensitive details.

zkTLS acts as a bridge between Web2 and Web3. It brings off-chain data from conventional internet sources and applications into blockchain systems in a trustless and privacy-preserving manner.

This allows a user to extract a piece of information from a TLS-encrypted web session, like their banking app, and provide a proof to a Web3 application or any other third party. For example, they may want to prove that their balance is greater than $80,000 to a smart contract, without revealing their actual balance or any other details. zkTLS is useful for Web3 applications like DeFi lending, identity verification, privacy-preserving oracles, and more. Another (non-financial) example is zk Email, which lets users create proofs of selected information from regular emails – allowing users to prove identity and organization membership, recover a smart wallet using an email address, and more.

In practice, many zkTLS protocols and real-world deployments (like DECO) are powered by GC cryptography, which allows a 3rd party to verify information retrieved from a web server through HTTPS.

BitVM: Scaling Bitcoin

Garbled circuits are being used to unlock smart contracts and scaling on Bitcoin. The BitVM framework can be used to express Turing-complete Bitcoin contracts without requiring any changes to the network’s consensus rules. Similar to the way Optimistic rollups operate on Ethereum, computations are verified rather than being executed on Bitcoin itself. GCs are used to perform complex calculations off-chain, which are then verified on-chain with minimal data, essentially using Bitcoin’s base layer only for fraud proofs.

A recent BitVM prototype demonstrated that replacing an expensive on-chain SNARK verification with a garbled circuit can shrink Bitcoin transaction data from megabytes to just tens of kilobytes, cutting verification costs by a factor of around 1,000 compared to earlier methods.

This approach could be used to enable more expressive smart contracts (e.g. EVM) or cross-chain bridges between Bitcoin and EVM chains without a protocol change, by pre-committing to computations that can later be proven correct via tiny on-chain commitments.

GCs: A Promising Technology In Its Early Days

These examples show how garbled circuits have already found multiple niches in the Web3 space, powering applications where other privacy technologies are either too inefficient and expensive, or else lack the flexibility to provide the necessary functionality.

As Soda Labs continues to develop and deploy its gcVM solutions, we will start to see more and more real-world applications across a wide range of use cases.