Fairgate Labs Shares Findings on BitVM3 RSA-based Garbling Security
Ariel Futoransky, Gabriel Larotonda, and Fadi Barbàra, from Fairgate Labs, analyze RSA-based garbling in BitVM3 and show that even tiny circuits allow evaluators to forge wire labels, breaking authenticity.
🔗Paper : A note on the security of the BitVM3 garbling scheme:
 | FairgateLabs |
fairgate.io/publications
🔗
A note on the security of the BitVM3 garbling scheme
Research shows that using a very small circuit malicious evaluators can forge wire labels and break the security of the system.
fairgate.io/blog
🔗
On the security of RSA-based garbling schemes
Our research shows that, even with a very small circuit, malicious evaluators can forge wire labels and break the security of the system.
This affects both the original scheme and the alternative proposed by Alva Fu, Stephen Duan, and Ethan Zhu.
A minimal example demonstrates how a malicious evaluator can exploit the scheme. The attack uses a small circuit consisting of two AND gates and three inputs, and doesn’t depend on reblinding nor sub-circuit reuse.