>Since XOR is its own inverse, if we wish to encrypt an input before piping it through this gate, we just XOR it with the relevant input key. If we wish to decrypt the output, we again XOR it with the output key. The XOR gates being applied will just cancel out with the internal encryption gates. In other words, encryption and decryption are done with the same operation!
So, there are 3 encryption keys for each encrypted-and-gate? I think I follow this, but I don't follow how in the first sentence, "XOR is its own inverse" logically leads to "if we wish to encrypt an input before piping it through this gate, we just XOR it with the relevant input key".
Isn't the fact that XOR is its own inverse only pertinent to the second sentence? I think it makes sense to me that since XOR is its own inverse, then if we wish to encrypt an output, we'd XOR it with that encryption key, and then to decrypt that output, we'd XOR it again. But how is the fact that XOR is its own inverse relevant to the AND gate's inputs?
I think I know where your confusion is coming from.
This _entire_ box is an encrypted AND gate. http://manishearth.github.io/images/post/and-encr-xor.png .
The input wires outside the box are "encrypted inputs". They get internally decrypted via XOR and stuffed into a regular Joe AND gate. To create an encrypted input, we must encrypt a regular input, by XORing again (due to the inverse thing).
Similarly, the output wire outside the box is an encrypted output. The output of a regular Joe AND gate is encrypted internally (via XOR) to obtain this. To decrypt this encrypted output, we must similarly XOR again.
Does this address your confusion? Let me know if you need more explanation!