DRAFT
The Gateway Virtual Machine (GVM) is a specialized blockchain execution environment designed to enable private computations while maintaining full auditability. Unlike traditional Ethereum-based architectures that execute contracts in plaintext, the GVM integrates Multi-Party Computation (MPC) and ElGamal encryption to facilitate shared private state. This approach allows decentralized applications (dApps) to process encrypted data while ensuring correctness, confidentiality, and scalability.
GVM leverages an Authenticated MPC Circuit Engine to securely execute EVM-compatible smart contracts while protecting user data. This is achieved through a combination of:
- Threshold ElGamal Encryption: Ensuring data confidentiality and controlled decryption.
- Secure MPC Execution: Enabling multiparty evaluation of encrypted smart contracts.
- Auditable Computation: Integrating cryptographic proofs and verifiable execution mechanisms.
- Optimized State Management: Supporting encrypted storage, private memory, and secure contract execution.
By fundamentally rethinking Ethereum’s execution model, GVM offers privacy by default, enabling applications across finance, healthcare, supply chain, and Web3 that require privacy-preserving computation at scale.
Ethereum was designed with transparency in mind; all contract data and state changes are publicly visible. While privacy-focused solutions such as zero-knowledge rollups exist, they remain an add-on rather than a fundamental component of Ethereum’s execution model.
GVM is not a simple Ethereum fork—it embeds MPC and shared private state as core primitives of the execution layer. This necessitates rethinking:
- Opcode execution: Supporting arithmetic and logical operations on encrypted data.
- State transitions: Maintaining contract storage as encrypted ciphertexts.
- Access control: Enforcing fine-grained decryption policies using threshold cryptography.
Traditional blockchains assume contract state variables are publicly readable by all participants. GVM introduces shared private state, enabling multiple contracts and users to collaborate on encrypted data. This allows:
- Multi-party collaboration without revealing raw data.
- Secure computations on encrypted state using MPC circuits.
- Threshold decryption, where no single node can unilaterally decrypt contract data.
By integrating ElGamal encryption over Ristretto curves, GVM ensures that encrypted values can be securely added, stored, and selectively decrypted under strict cryptographic guarantees.
GVM’s architecture is designed to support high-throughput, low-latency private computation on blockchain. Its key components are:
At the heart of GVM is an MPC engine that translates EVM opcodes into secure computation circuits. The engine:
- Transpiles EVM Bytecode: Standard Solidity contracts are compiled into EVM bytecode, which is automatically converted into MPC circuits. Each opcode—whether arithmetic, Boolean, or control flow—is mapped to a corresponding circuit that computes over encrypted inputs.
- Enables Auditable Execution: By integrating protocols (such as those demonstrated in recent research on co-SNARKs) the MPC engine produces succinct proofs that the computations were executed correctly. These proofs are verifiable by any external auditor without revealing private data.
To protect data at rest and during computation, GVM uses ElGamal encryption:
- Encrypted State Storage: Contract state is stored as compact ElGamal ciphertexts organized in a Merkle tree. This design ensures that even though the state is publicly available on-chain, its underlying values remain confidential.
- Threshold Decryption: No single node can decrypt the data alone. Instead, a set of MPC committee nodes—each holding a share of the decryption key via Shamir secret sharing—must collaborate to reveal plaintext data, enforcing strict access control.
- Homomorphic Operations: Thanks to the additive homomorphic property of ElGamal, simple operations (such as transfers) can be executed directly on ciphertexts. This allows for fast, private value transfers without invoking the full MPC machinery for every transaction.
The GVM virtual machine preserves the familiar EVM model by automatically converting opcodes into their MPC circuit equivalents:
- Arithmetic and Boolean Circuits: Standard operations (e.g.,
ADD,SUB,AND,XOR) are implemented as arithmetic or Boolean circuits that operate entirely on encrypted data. - Control Flow via MUX Circuits: Branching operations such as
JUMPandJUMPIare handled by multiplexer circuits, ensuring that program flow is maintained securely without exposing branch conditions. - Memory & Storage Access: Opcodes for memory (
MLOAD,MSTORE) and storage (SLOAD,SSTORE) are mapped to circuits that read from or write to ElGamal-encrypted state, ensuring privacy throughout.
GVM’s consensus layer uses a BFT protocol designed for low latency and high throughput:
- Rapid Finality: Finality is achieved in a few rounds, ensuring fast transaction confirmation.
- Resilience: The protocol is robust against Byzantine faults, making it ideal for permissionless, decentralized networks where privacy and security are paramount.
GVM is designed to provide the best of both worlds—strong privacy guarantees with an experience nearly identical to developing on Ethereum.
Developers can write standard Solidity smart contracts, with GVM automatically handling encryption and transpilation:
- No need for encrypted data types: Developers use standard
uint256,bool,address, etc. - Full compatibility with Ethereum tooling: Supports Hardhat, Remix, Truffle.
- Automatic transpilation to MPC circuits: Opcodes are mapped to privacy-preserving execution paths.
- End-to-End Encryption: All data—inputs, intermediate values, and state updates—remains encrypted using ElGamal from the moment it enters the system until it is decrypted only by an authorized majority.
- Auditable Computation: The MPC engine produces succinct cryptographic proofs that attest to the correctness of each computation without exposing sensitive data.
- Distributed Trust: With threshold key generation and decryption, no single node can compromise private state, eliminating single points of failure.
- Homomorphic Operations for Efficiency: Routine operations like token transfers are executed directly on ciphertexts using ElGamal’s homomorphic properties, reducing overhead and speeding up transactions.
GVM supports EVM compatibility while ensuring privacy-preserving execution. Each opcode is mapped to an equivalent MPC-compatible execution path.
The process involves:
- Opcode Translation: Each EVM opcode is mapped to an equivalent MPC circuit. For example, ADD becomes an arithmetic circuit that securely adds two ElGamal-encrypted values.
- Circuit Composition & Optimization: The circuits are composed to reflect the original smart contract logic, with careful optimization to reduce gate count and circuit depth.
- Distributed Execution: The resulting MPC circuits are executed across an MPC committee, ensuring that no single party sees the decrypted data.
The following is a table mapping the main Ethereum Virtual Machine (EVM) opcodes to the corresponding MPC circuit implementations in the Gateway Virtual Machine (GVM). Each opcode is translated into an equivalent Boolean or arithmetic circuit within the MPC circuit framework, enabling secure and privacy-preserving smart contract execution.
| EVM Opcode | Opcode Category | MPC Circuit Mapping | Description |
|---|---|---|---|
| ADD | Arithmetic | Addition Circuit | Implements binary addition with carry handling in encrypted form. |
| SUB | Arithmetic | Subtraction Circuit | Supports binary subtraction with borrow bits, ensuring encrypted result handling. |
| MUL | Arithmetic | Multiplication Circuit | Maps to a binary multiplication circuit, optimized for partial product and carry propagation. |
| DIV | Arithmetic | Division Circuit | Uses long division algorithm within MPC circuits, outputting encrypted quotient and remainder. |
| MOD | Arithmetic | Modulus Circuit | Similar to division circuit, outputting only the remainder in encrypted form. |
| AND | Boolean | AND Gate Circuit | Bitwise AND operation as a series of Boolean gates for encrypted inputs. |
| OR | Boolean | OR Gate Circuit | Bitwise OR operation implemented as Boolean gates, each bit computed securely. |
| XOR | Boolean | XOR Gate Circuit | XOR operations in MPC circuits for efficient, low-overhead bitwise encryption. |
| NOT | Boolean | NOT Gate Circuit | Unary NOT operation by inverting MPC labels for encrypted bits. |
| EQ | Comparison | Equality Circuit | XORs all bits of two inputs and checks if the result is zero to confirm equality. |
| LT | Comparison | Less-Than Circuit | Comparator circuit evaluates if one encrypted input is less than another. |
| GT | Comparison | Greater-Than Circuit | Comparator circuit to check if one encrypted input is greater than another. |
| JUMP | Control Flow | Unconditional MUX Circuit | MUX circuit selects the next program counter, emulating jumps by encrypted selection. |
| JUMPI | Control Flow | Conditional MUX Circuit | Conditional MUX circuit where input determines if jump target is executed. |
| MLOAD | Memory Management | Memory Load Circuit | Loads encrypted data from memory, keeping it private across the network. |
| MSTORE | Memory Management | Memory Store Circuit | Stores encrypted data to memory with AES-based encryption in the MPC circuit framework. |
| SLOAD | Storage Management | Storage Load Circuit | Reads encrypted state from persistent storage, using threshold ElGamal for data confidentiality. |
| SSTORE | Storage Management | Storage Store Circuit | Writes encrypted data to persistent storage, ensuring state remains secure. |
| PUSH | Stack Operation | Input Loading Circuit | Loads encrypted input values to the MPC circuit stack for further operations. |
| POP | Stack Operation | Output Circuit | Outputs and removes an encrypted value from the stack, emulating the EVM POP behavior. |
| DUP | Stack Operation | Stack Duplication Circuit | Duplicates encrypted values on the stack, allowing multiple access in a secure environment. |
| SWAP | Stack Operation | Stack Swap Circuit | Exchanges two encrypted values on the stack, mapped to a secure swap circuit. |
| SHA3 | Cryptographic | Keccak Hash Circuit (planned) | Currently not mapped but planned to be implemented as a secure hash circuit for Keccak hashing. |
| LOG | Logging | Log Circuit (planned) | Currently planned as a circuit to record encrypted transaction logs, designed to maintain privacy. |
GVM extends the standard Ethereum execution model with private state handling:
- Encrypted State Variables: Contract storage remains encrypted under Threshold ElGamal Encryption, ensuring only authorized access via multiparty threshold decryption.
- Private Memory: Temporary storage during execution remains encrypted, preventing data leaks.
- Threshold Decryption on Demand: Specific contract results can be decrypted only when a quorum of MPC participants approves it.
- Merkle Tree State Commitment: State updates generate cryptographic commitments to ensure consistency and auditability without exposing plaintext values.
A simple token transfer in GVM works as follows:
- Encrypted Inputs: A user submits a transaction with encrypted arguments (e.g., sender, recipient, amount) using ElGamal encryption.
- MPC Circuit Evaluation: The transfer is executed via an arithmetic MPC circuit that subtracts the transfer amount from the sender’s encrypted balance and adds it to the recipient’s encrypted balance.
- Homomorphic Verification: A range proof verifies that the sender’s balance is sufficient—all performed on ciphertexts.
- State Update: The new balances, still encrypted, are stored on-chain. Only an authorized threshold of MPC nodes can decrypt if necessary.
GVM’s design guarantees privacy by default:
- Confidential Computation: Every computation—from input to final state update—is performed on encrypted data, ensuring that sensitive details are never exposed to any individual node.
- Auditable MPC Protocol: Integrated auditability allows third parties to verify that computations were performed correctly. This is achieved without revealing any underlying private data, using techniques such as joint proof generation (e.g., Marlin-based protocols).
- Robust Against Collusion: Since decryption keys are shared among MPC nodes using Shamir secret sharing, an attacker must compromise a majority to access private data, greatly enhancing security.
- Elimination of Trusted Hardware: Unlike TEE-based systems, GVM does not rely on specialized hardware. Its security is purely cryptographic and decentralized.
Key areas for future improvements include:
- Opcode-Level Optimizations: Reducing computation overhead for encrypted arithmetic operations.
- Efficient Key Management: Enhancing threshold cryptography protocols.
- Optimized Secure MPC Execution: Reducing communication overhead for multiparty circuits.
- Integration with Layer 2 Scaling: Exploring rollups and state channels for faster execution.
The Gateway Virtual Machine (GVM) represents a significant step forward in blockchain technology. By integrating auditable MPC with ElGamal encryption for shared private state, GVM offers a secure, privacy-preserving execution environment that remains fully compatible with existing Ethereum smart contract paradigms. Developers can continue to build in Solidity while benefiting from end-to-end encryption and verifiable computation, ensuring that privacy and performance go hand in hand.