COTI’s V2 Cutting-Edge Garbled Circuits Compared to Other Privacy-Preserving Smart Contracts Solutions

Published in

COTI

4 min readJan 30, 2024

In the world of secure multi-party computation (MPC), garbled circuits have been around for a while. Predating most modern solutions, it had the benefit of extremely low latency and low storage requirements for maintaining private state. Traditionally, it was overlooked for blockchain applications due to a communication inefficiency in the computation layer, but what if that could be solved?

A recent breakthrough in garbled circuit research for the application of privacy-preserving smart contracts has eliminated this inefficiency; reducing real-time round-trip communication, speeding up computation times and enabling the protocol to be used on the blockchain for the very first time. With such a dramatic improvement in performance, garbled circuits emerged as the clear option for privacy solutions on COTI V2.

If we consider the metrics that define a well-performing L2, how does COTI V2’s garbled circuits compare against the other privacy smart contracts solutions available on the market today?

Latency (time from a block’s approval to the updated state)

Latency is commonly defined as the time between sending a transaction to the network and the network’s first acceptance confirmation (also known as finality). Low latency typically results in a better user experience while also reducing the risk of exploits.

COTI V2 enjoys a breakthrough with garbled circuits, with a latency boost that will shorten latency by up to 100 times faster than current solutions.

Multi-Party Application

The ability for a system to manage transactions involving the private information of several entities is surprisingly complex. Garbled Circuits can handle such transactions, enabling multi-party applications (in contrast to single-party applications like identity-based ones). It effectively allows six strangers with six puzzle pieces to collaboratively complete a puzzle without revealing their identity or which piece they initially held.

Scaling solutions like ZK rollups are limited in this way and are only able to obscure the information of a single party at a time. In the above metaphor — this means that the six parties could not complete the puzzle as they could not verify that the pieces match. This limitation makes ZK rollups unsuitable for privacy-centric features and dApps like confidential voting systems and privacy DEXs.

Computation

In simple terms, computation is measured by the computational effort taken by a system’s components to perform its task; in the finest resolution, this is measured by the number of CPU cycles the component is performing, which directly affects computational time. In a system for privacy-preserving smart contracts, this affects both end-users (clients) and servers (network’s nodes). Clients need to encrypt their private information on their low-power devices, and servers need to store and perform computation on those encrypted values without ever opening them.

Garbled circuits enjoy a better (lower) computational complexity than other privacy-preserving smart contracts solutions. For instance, additively or fully homomorphic (AHE/FHE) based solutions require extremely heavy computation from both clients and servers, which may reach up to 1000 times slower computation than garbled circuits. While a server’s performance may improve over time by utilizing expensive special hardware, this is not achievable for clients with low-power devices, and its user experience remains poor.

Storage Requirements

Similar to computation, the storage required by the protocol to maintain the system’s private state has a distinct impact on both its performance and the hardware needed to drive the system.

If we again consider fully homomorphic encryption (FHE), current systems require a minimum of 8,000 bytes per ciphertext. At more than 250 times smaller, garbled circuits require only 32 bytes per ciphertext.

Redundancies (No Single Point of Failure)

In any system, resilience is measured by the system’s ability to recover after a critical failure. Not all failures can cause a complete shutdown of the entire system, but those that do, are considered an SPOF or “single point of failure”. The more SPOFs in a system, the less stable and/or reliable the system is.

Conversely, systems that have inbuilt redundancies and backup contingencies are considered more stable, and less prone to catastrophic failures.

TEE based solutions are fast and have light storage, but the discovery of vulnerabilities exposed that their privacy component has a single point of failure, making it unsuitable for privacy applications.

In this video, Shahaf and Avishay discuss Privacy over Blockchain, Garbled Circuits, and how GC is different than other privacy preserving solutions. Watch here:

COTI V2’s Garbled Circuits

Garbled circuits have always demonstrated their strength when it comes to computation and storage requirements. Up until now, the only thing preventing their adoption as a privacy solution on the blockchain was the speed of communication, a challenge that we have since overcome.

Details of our breakthrough with garbled circuits will be released along with the COTI V2 whitepaper. Stay tuned for further updates on our road to COTI V2.