Imagine you could give someone a locked box containing a computation that they could run it and see the output, but they’d learn nothing about what went into it.

That’s the promise of garbled circuits, a powerful cryptographic tool that’s reshaping how we think about privacy in collaborative computing.

What is a circuit?

To boil it down simply, a circuit represents a computation of bits.

Let’s look at a binary circuit. A Binary circuit is the simplest form of circuits where 2 inputs, a and b, are combined into an output z based on an operation.

In the case of an OR circuit, when input a or input b contains 1, the output z will be 1. To illustrate all possible values, we typically represent them in a truth table like below.

a	b	z
0	0	0
0	1	1
1	0	1
1	1	1

There are other operations such as AND, XOR, and etc. that have their own truth table. These operations always produce a fixed result given the same output.

For two parties to compute a result, they both have to reveal their inputs to produce the output. This is not ideal when the inputs are sensitive information.

So, what’s a Garbled Circuit?

Unlike these simple circuits, Garbled circuits perform operations such that only the outputs are visible and no information about the inputs can be inferred.

Why is this property important?

Imagine two parties, Alice and Bob each have sensitive information they want to use in a joint computation, but neither wants to reveal their input to the other.

Garbled circuits ensure that each party learns only the final result and nothing about the other party’s input.

Garbling process (high-level)

A garbling scheme hides all information about the original inputs. It consists of three main steps:

• Garble: Conversion of plain circuit $K$ into garbled circuit $\hat{K}$
• Encode: Conversion of the inputs $I$ into encrypted inputs $\hat{I}$
• Evaluate: Computing the output from the plain circuit $K$ through garbled circuit, $\hat{K}$, and encrypted inputs $\hat{I}$.

Here’s how it works in practice with Alice and Bob:

1. Alice and Bob agrees on a simple circuit $G$ that represents their computation.
2. Alice becomes the Garbler and converts $G$ into $\hat{G}$.
3. Alice creates an encoding to convert any inputs $I$ into encrypted inputs $\hat{I}$, using the secret in the garbled circuits.
4. Alice converts her own input, $a$ into $\hat{a}$
5. Bob converts his input $b$ into $\hat{b}$ through the encoding without Alice knowing $b$ through oblivious transfer (another topic).
6. Bob evaluates the output of $G(x,y)$ with $\hat{a}$, $\hat{b}$ and $\hat{G}$

The result is Alice and Bob each know only their own input and the final output.
Neither learns anything about the other’s input.

What’s the practical use?

We trust centralized institutions (banks, governments) with our private information because of their reputation.
Garbled circuits and multi-party computation remove this requirement by enabling secure collaboration without trust.

This is particularly valuable for blockchain applications, enabling trust-minimized bridges.
The most practical implementation I’ve seen is BitVM v3 by Robin Linus.

References

• Foundations of Garbled Circuits
• Garbled Circuits - Computerphile - I recommend this for visual learner