From mboxrd@z Thu Jan 1 00:00:00 1970 Delivery-date: Thu, 21 Aug 2025 15:54:46 -0700 Received: from mail-oo1-f63.google.com ([209.85.161.63]) by mail.fairlystable.org with esmtps (TLS1.3) tls TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 (Exim 4.94.2) (envelope-from ) id 1upEBC-0001HL-EI for bitcoindev@gnusha.org; Thu, 21 Aug 2025 15:54:46 -0700 Received: by mail-oo1-f63.google.com with SMTP id 006d021491bc7-61bd6d7c149sf941075eaf.0 for ; Thu, 21 Aug 2025 15:54:45 -0700 (PDT) ARC-Seal: i=2; a=rsa-sha256; t=1755816880; cv=pass; d=google.com; s=arc-20240605; b=cAvF6EIDsM1tDy1IlfTYwqOJ3fFqA2vf0k56mw5/RxBOkIgWWM8agycA2M9mwTkZ/m g8s55ftUCsEIarS8NAlY5Lba19bokWiiYhlM0RUrkJvnCDi1sZfOvNI84llhV0KQ3z0p KvNKENk4KaVvfHsgEd/J9nR6ERitLgGrFL2jT6l/KsiULiR/jo48t0cHbGzjgguHEp+I UhtAZrW/G6K3M3niBn/kSLLoxppbxwRwXYfFMpjhdQ4b63DfTxEWpy9A3Bd05SXJDmZ2 70FC2PURToxO2uz+4uDWxWaqY6ujT5XT1x6pdkPYdiLKqauNxfUeyxms8O9upmwgFh4s 67iA== ARC-Message-Signature: i=2; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to:content-transfer-encoding :mime-version:feedback-id:message-id:subject:from:to:date :dkim-signature; bh=sGypaIbnVRtQng2NmAuf3u+iVfSOqQKPNHkUe/Kpt2o=; fh=E/H/ynSdQ4/wr8R9D/J9CElwsyYNVN/SnKydOlMWYx4=; b=gIRxFwq34jDMqej15XbVm/xkol6tPQB9hqSw/KAz8+v2uZ7IBf0cAIjQrRMWIyobmA WGz/oeUaVLf0pqSudszPIw4M6a4n140wh+/FN9w9J2R4sD5TFmdQ6kybNB5hxce0Tq7C 9Awwe9TYXBGCChsVtZ5HV+P4R/LxQNWqKxhS86mvUXLJR1bwjzyWSGncb9arRv33IhsU seIj57v0+RiJuGAe9uJgjY3g6n2pK+E0QgNUMALYMyay3ng/s5RcRtIUwtgBQPW19/+v zfmxUB1W+gPG6mO/nYP7LfAYCLu6/wPrznm/2YB6zxiuZRlZkTQoWhYZlRFgqFt7fycS /COQ==; darn=gnusha.org ARC-Authentication-Results: i=2; gmr-mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=yY5lGjj0; spf=pass (google.com: domain of liameagen@protonmail.com designates 79.135.106.28 as permitted sender) smtp.mailfrom=liameagen@protonmail.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlegroups.com; s=20230601; t=1755816880; x=1756421680; darn=gnusha.org; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender :content-transfer-encoding:mime-version:feedback-id:message-id :subject:from:to:date:from:to:cc:subject:date:message-id:reply-to; bh=sGypaIbnVRtQng2NmAuf3u+iVfSOqQKPNHkUe/Kpt2o=; b=cW3GphLiPMNxs/727eZn3HoyT4+/N5krOEooZb3ldvfBjSJMAaTaHhZM/fMrEUDTnm FZo7oIcSq3gGGu4eKf8aWFCPm3rTdqhvVi+rQ7lUvr+vMHwS9iYfIg1qISt4uS4uIBOF XlV6mYzGIRjkTyIqJeil+2ldPEIoR+mqk1SEkK14hGq6jwKMt0k6UvwuiNKwjD1+fF+b nAMpkH2e75RHMPnb8UceRkkhquxiKAzSN6EzX19L0CbEIICr7UKJ5astthdhUn2s7vJU vfBov+yFEh/OJYRg0iSMqhp76eqmbuA0puIfRr1NS9AYcz58mKdVPkXmW07gfqjxbnYI OvnQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1755816880; x=1756421680; h=list-unsubscribe:list-subscribe:list-archive:list-help:list-post :list-id:mailing-list:precedence:reply-to :x-original-authentication-results:x-original-sender :content-transfer-encoding:mime-version:feedback-id:message-id :subject:from:to:date:x-beenthere:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=sGypaIbnVRtQng2NmAuf3u+iVfSOqQKPNHkUe/Kpt2o=; b=ayFmYnDpAi7PL72xSaCx85mh6tmOQS7k3K12vtDQBfFSa21xTI84O80jv+aHv5qMp6 u9Yb9LsFj++jqmQRrdSBAoLZmVwi+2npqcmetW+PlYOi/59ELsaQIpenoqGQC8d/gXpC ZyuROA1jQhWE+6FTf9bMZ/CH9cvgfNA3GI3WNC38OZgwHbsJNhd0/Nx+FLWsDvEORaNI eaOYV0xgA2x2j67TTC5stLT5NvUnHzSmX2PkHFZNqsTZVREOUE8PoD1XQN5IObgAHZ9m woPSKKlV5DF2Uwqp6jf4HHNSz+RJLwKjX0OXPm/Qhl/jJqloMzMaLKRfGX+BnIUuSqUq Bt6g== X-Forwarded-Encrypted: i=2; AJvYcCU3XBIA4zzmhe/TAkCsFt0GjdQRZbe1YpAmzpgen0hmN3RPJtzmR6Ao8eKqe6wJnKM5E/SEFlgx8OkH@gnusha.org X-Gm-Message-State: AOJu0Yy/gIRpjHFUluoni9pBZc+uGrxGeedjox29ybj1WYyoXZm46EvN u07SBVIfNghRZ2bezxWbVVTZ5wCpJ/6qhqyjwUBE6yoG9hDCqOGrvdYB X-Google-Smtp-Source: AGHT+IGPa4fIS9wW5eGJf9QKVODTTn6PdcMmmh6bPsP8V5BbqCHqwpsRzvy+4eaaLklQ06TsfrObbQ== X-Received: by 2002:a05:6820:850a:b0:61b:5f26:7059 with SMTP id 006d021491bc7-61dab29cb0emr880350eaf.4.1755816879570; Thu, 21 Aug 2025 15:54:39 -0700 (PDT) X-BeenThere: bitcoindev@googlegroups.com; h=AZMbMZfffPAj4CdohPSAQjUWhrMURWuTLL0tbEfhMagKRw7S7Q== Received: by 2002:a05:6820:2223:b0:613:e97f:5883 with SMTP id 006d021491bc7-61d9aee3f37ls414447eaf.0.-pod-prod-00-us-canary; Thu, 21 Aug 2025 15:54:35 -0700 (PDT) X-Received: by 2002:a05:6808:344b:b0:407:9d24:af03 with SMTP id 5614622812f47-43785cd0764mr492039b6e.14.1755816875222; Thu, 21 Aug 2025 15:54:35 -0700 (PDT) Received: by 2002:a05:600c:c16f:b0:456:11e5:963 with SMTP id 5b1f17b1804b1-45b51067e6ems5e9; Thu, 21 Aug 2025 15:48:19 -0700 (PDT) X-Received: by 2002:a05:6000:2f82:b0:3c5:adc6:dc67 with SMTP id ffacd0b85a97d-3c5daa276c9mr323416f8f.8.1755816496500; Thu, 21 Aug 2025 15:48:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1755816496; cv=none; d=google.com; s=arc-20240605; b=dxStrxbkAQ2WKB8DLJ8v/Fbx9kZWiGQYnPQzcUwz3YSVJ84l1oBUYYe0QFqm3PtQRt mQeY/pzaTC5rGBQZnGVJnoWlcx6YlF/964Q0cKRuWyqxXOE4u7qxtN7m1Luce58Q03Ct pYDm6TYtYbrRnQSoZaPDCN67jpr1KdicR7Kjw9HAq4dnG9OAS5kK+e2A/3+we9o9pp1M lin9jcbGvQV4QScjNrCRvbkiDVMDw8pdh8ru1u3WF14+8OL10UFsdvThWNCz00er/4TV CRdegsyem/2K0PKFRip+6Eep3gyz5+15CI3U7mlhTi2zAlHlyUcfBj2PxE1dDiNKxPSG kJvQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=content-transfer-encoding:mime-version:feedback-id:message-id :subject:from:to:date:dkim-signature; bh=3G/InH+MEWsuCSlxf44yYe0amX3eHvevvSGK8uHIRLI=; fh=lhFSo2W/mHC0QoJ9oNg3A35n0DTltt3CQl1/0RggJlk=; b=eTeqA9vKLVlKetg+hoR/jip8mmOogAVkLGnSgvtLbVu/ZZahmxkcrV77d6Hlt9f486 lihw/ZsWnEUg3hxhLvYm3saH+LDHbJGiTwlCx+TiNNOt2Fp27fQ9N5lDAuVJOpmoYO4h jcNUPUwrH6ksy/2IBRhlZ+KSqyqV6zR0TtQAnq7eb2ksK7GxAcHcnUARBcdfmUdLSvyT pTUBg6XVZ3G/v5varqFhsHOUSHqrQb4bwz7oioHghv+Yh809MBUnQea7pVubYAPM1Iep K3FdKJITOxCU5AFdw0eJulSQHnzOryWkXCym5QACtz90vBgWt1gOqdnY2lOPFeoREC3a yfIA==; dara=google.com ARC-Authentication-Results: i=1; gmr-mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=yY5lGjj0; spf=pass (google.com: domain of liameagen@protonmail.com designates 79.135.106.28 as permitted sender) smtp.mailfrom=liameagen@protonmail.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com Received: from mail-10628.protonmail.ch (mail-10628.protonmail.ch. [79.135.106.28]) by gmr-mx.google.com with ESMTPS id 5b1f17b1804b1-45b4f3705c3si370955e9.0.2025.08.21.15.48.16 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Thu, 21 Aug 2025 15:48:16 -0700 (PDT) Received-SPF: pass (google.com: domain of liameagen@protonmail.com designates 79.135.106.28 as permitted sender) client-ip=79.135.106.28; Date: Thu, 21 Aug 2025 22:48:11 +0000 To: "bitcoindev@googlegroups.com" From: "'Liam Eagen' via Bitcoin Development Mailing List" Subject: [bitcoindev] Glock: Garbled Locks for Bitcoin Message-ID: Feedback-ID: 12385552:user:proton X-Pm-Message-ID: 66731a165e1051960bd921d70022dfb5844171a4 MIME-Version: 1.0 Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable X-Original-Sender: liameagen@protonmail.com X-Original-Authentication-Results: gmr-mx.google.com; dkim=pass header.i=@protonmail.com header.s=protonmail3 header.b=yY5lGjj0; spf=pass (google.com: domain of liameagen@protonmail.com designates 79.135.106.28 as permitted sender) smtp.mailfrom=liameagen@protonmail.com; dmarc=pass (p=QUARANTINE sp=QUARANTINE dis=NONE) header.from=protonmail.com X-Original-From: Liam Eagen Reply-To: Liam Eagen Precedence: list Mailing-list: list bitcoindev@googlegroups.com; contact bitcoindev+owners@googlegroups.com List-ID: X-Google-Group-Id: 786775582512 List-Post: , List-Help: , List-Archive: , List-Unsubscribe: , X-Spam-Score: -1.0 (-) Hey everyone, Wanted to share our recent work on "Glock" (Garbled Locks) for optimistic s= mart contract verification on bitcoin. This is pretty similar in concept to= Jeremy Rubin's work on Delbrag [0] and Robin Linus' work on BitVM3(RSA/s) = [1,2], but uses different techniques to make a practical scheme. We have (l= inked below) a preprint that describes the scheme in detail and a research = implementation under active development. We've been working on this for a l= ong time, and I think some of techniques might be of independent interest. A "Glock" is a protocol for optimistic smart contract verification using Ga= rbled Circuits. The "Garbler" signs the input (and proof) using a kind of L= amport-like signature and then the "Evaluator" can derive a secret if the s= mart contract fails, which they can use to sign a slashing transaction. Thi= s works with bitcoin today with no soft forks and is nice because it moves = essentially all of the cost and complexity of verification off chain. In theory, the fraud proof can literally be a Schnorr signature. Previous c= onstructions either used something like Rubin's Grug tehcnique, which requi= res a larger slashing script, or had impractical costs for garbling. We pro= pose the first (imo) practical Glock whose fraud proof is a single signatur= e, which represents over a 550x reduction [4] of on-chain data compared to = BitVM2 [3]. Our protocol, Glock25, uses a bunch of interesting cryptography to make all= the costs of the scheme manageable. We propose a new SNARK, which is curre= ntly the smallest known SNARK, make it designated verifier, and instantiate= it with binary elliptic curves. These curves have some really nice synergi= es with the GC scheme. We also have some neat tricks to use adaptor signatu= res and verifiable secret sharing for efficient malicious security. Paper here: https://eprint.iacr.org/2025/1485 Code here: * Rust implementation of DV-Pari: github.com/alpenlabs/dv-pari * Binary circuit generator for DV-Pari: github.com/alpenlabs/dv-pari-circui= t * Generic garbling & evaluation tool: github.com/alpenlabs/garbled-circuits Paper Abstract: Bitcoin [Nak09] is a decentralized, permissionless network for digital paym= ents. Bitcoin also supports a limited set of smart contracts, which restric= t how bitcoin can be spent, through bitcoin script. In order to support mor= e expressive scripting functionality, Robin Linus introduced the BitVM fami= ly of protocols [Lin23a, LAZ+24]. These implement a weaker form of =E2=80= =9Coptimistic=E2=80=9D smart contracts, and for the first time allowed bitc= oin to verify arbitrary computation. BitVM allows a challenger to publish a= "fraud proof" that the computation was carried out incorrectly which can b= e verified on chain, even when the entire computation cannot. Jermey Rubin = introduced an alternative optimistic smart contract protocol called Delbrag= . This protocol uses Garbled Circuits (GC) to replace the BitVM fraud proof= by simply revealing a secret. He also introduced the Grug technique for ma= licious security. We introduce a new formalization of GC based optimistic techniques called G= arbled Locks or Glocks. Much like Delbrag, we use the GC to leak a secret a= nd produce a signature as a fraud proof. We further propose the first concr= etely practical construction that does not require Grug. Like BitVM2 and De= lbrag, Glock25 reduces verification of arbitrary bounded computation to ver= ification of a SNARK. In Glock25, we use a designated verifier version of a= modified SNARK Pari [DMS24] with smaller proof size. We make Glock25 malic= iously secure using a combination of Cut-and-Choose, Verifiable Secret Shar= ing (VSS), and Adaptor Sig- natures. These techniques reduce the communicat= ion, computational, and on-chain complexity of the protocol compared to oth= er approaches to construct a Glock, e.g. based on Groth16. [0] https://rubin.io/public/pdfs/delbrag.pdf [1] https://bitvm.org/bitvm3-rsa.pdf [2] https://bitvm.org/bitvm3.pdf [3] https://bitvm.org/bitvm_bridge.pdf [4] This cost calculation includes the entire BitVM2 game, not just the fra= ud proof/disprove transaction. --=20 You received this message because you are subscribed to the Google Groups "= Bitcoin Development Mailing List" group. To unsubscribe from this group and stop receiving emails from it, send an e= mail to bitcoindev+unsubscribe@googlegroups.com. To view this discussion visit https://groups.google.com/d/msgid/bitcoindev/= Aq_-LHZtVdSN5nODCryicX2u_X1yAQYurf9UDZXDILq6s4grUOYienc4HH2xFnAohA69I_BzgRC= SKdW9OSVlSU9d1HYZLrK7MS_7wdNsLmo%3D%40protonmail.com.