✨📅 BitVMX Hackathon 2025 close Nov 15 - Register Here! 👩🏻‍💻 Show us what you can build using BitVMX Platform💰🏆 2M sats! for the winning team 🥇👨‍👨🙋🏻‍♂️ Submit your project now!✨📅 BitVMX Hackathon 2025 close Nov 15 - Register Here! 👩🏻‍💻 Show us what you can build using BitVMX Platform💰🏆 2M sats! for the winning team 🥇👨‍👨🙋🏻‍♂️ Submit your project now!✨📅 BitVMX Hackathon 2025 close Nov 15 - Register Here! 👩🏻‍💻 Show us what you can build using BitVMX Platform💰🏆 2M sats! for the winning team 🥇👨‍👨🙋🏻‍♂️ Submit your project now!✨📅 BitVMX Hackathon 2025 close Nov 15 - Register Here! 👩🏻‍💻 Show us what you can build using BitVMX Platform💰🏆 2M sats! for the winning team 🥇👨‍👨🙋🏻‍♂️ Submit your project now!✨📅 BitVMX Hackathon 2025 close Nov 15 - Register Here! 👩🏻‍💻 Show us what you can build using BitVMX Platform💰🏆 2M sats! for the winning team 🥇👨‍👨🙋🏻‍♂️ Submit your project now!

« Blog

On the security of RSA-based garbling schemes

A. Futoransky, G. Larotonda, F. Barbara

·

July 08, 2025

·

Lately we’ve been analyzing the RSA-based garbling schemes used in BitVM3 and related designs.

Our research shows that, even with a very small circuit, malicious evaluators can forge wire labels and break the security of the system.

This affects both the original scheme and the alternative proposed by Alva Fu, Stephen Duan, and Ethan Zhu.

A minimal example demonstrates how a malicious evaluator can exploit the scheme. The attack uses a small circuit consisting of two AND gates and three inputs, and doesn’t depend on reblinding nor sub-circuit reuse.

Check out our findings in the following links:

Technical description 🔗here: A note on the security of the BitVM3 garbling scheme

Example implementation & demo:

FairgateLabs
🔗BitVM3-garbling-toy

Subscribe to Fairgate Computing on Bitcoin News

Join now and get the latest updates in your inbox.