In order to support more expressive scripting functionality, Robin Linus introduced the BitVM family of protocols [Lin23a, LAZ+24]. These implement a weaker form of “optimistic” smart contracts, and for the first time allowed bitcoin to verify arbitrary computation. BitVM allows a challenger to publish a “fraud proof” that the computation was carried out incorrectly which can be verified on chain, even when the entire computation cannot. Jeremey Rubin introduced an alternative optimistic smart contract protocol called Delbrag. This protocol uses Garbled Circuits (GC) to replace the BitVM fraud proof with by simply revealing a secret. He also introduced the Grug technique for malicious security.

We introduce a new formalization of GC based optimistic techniques called Garbled Locks or Glocks. Much like Delbrag, we use the GC to leak a secret and produce a signature as a fraud proof. We further propose the first concretely practical construction that does not require Grug. Like BitVM2 and Delbrag, Glock25 reduces verification of arbitrary bounded computation to verification of a SNARK. In Glock25, we use a designated verifier version of a modified of the SNARK Pari [DMS24] with smaller proof size. We make Glock25 maliciously secure using a combination of Cut-and-Choose, Verifiable Secret Sharing (VSS), and Adaptor Signatures. These techniques reduce the communication, computational, and on-chain complexity of the protocol compared to other approaches to construct a Glock, e.g.based on Groth16.