Close Menu
    DeFi

    Implementation of MEV Safeguards Using Shutter’s Threshold Encryption

    Ethan CarterBy No Comments5 Mins Read
    1759414398

    Grasping MEV and its effects on blockchain users

    Transparency is a core characteristic of blockchains, yet it facilitates value extraction by manipulating the order and inclusion of transactions within a block, referred to as MEV, or maximal extractable value.

    This issue is prevalent across most blockchains and originates from the public nature of mempools, which store data on pending transactions. This transparency enables block producers and other participants to gain from frontrunning transactions.

    MEV is particularly infamous on Ethereum, where it continues to be extracted at a rate approximating 11% of block rewards. Data indicates that nearly $300,000 was lost in sandwich attacks in September, highlighting that MEV represents a recurring hidden fee rather than a minor inefficiency, disproportionately affecting large trades in volatile markets.

    Shutter’s threshold encryption as a solution to MEV

    Among various MEV mitigation strategies, several cryptographic solutions have been suggested, including threshold encryption and homomorphic encryption. These methods encrypt transaction details before they enter the mempool, keeping them hidden until the transaction order is finalized, thus preventing block producers from extracting MEV through transaction sequencing manipulation. Nonetheless, most encrypted mempool designs are still in the research phase.

    Shutter was the first protocol employing threshold encryption specifically to address MEV. It currently distinguishes itself as the only threshold-based method with an actual deployment, live on the Gnosis Chain mainnet.

    Threshold encryption is a cryptographic strategy that divides the decryption key among a committee of keyholders, ensuring that no single entity can independently decrypt a transaction. In most threshold encrypted mempools, the committee first performs a Distributed Key Generation (DKG) process to produce a public key along with private key shares for each member. Users can then encrypt their transactions using this public key and submit the encrypted data to the network.

    Block proposers then organize these ciphertexts into a block, and once the block is finalized or a reveal condition is fulfilled, each committee member publishes a decryption share. The necessary number of valid shares from the committee is combined to restore the plaintext transaction. Similar to a multisig arrangement, a qualified majority of committee members suffices for this. After transaction sequencing and decryption, they are executed by the network’s virtual machine.

    0199a47d 40f6 7bbe b37f 182b1cd1d666

    The threshold committee functions as an off-chain service that operates in tandem with the blockchain. This design makes it consensus-agnostic, meaning it can be utilized across multiple blockchains without modifying consensus rules. Nevertheless, it’s essential to recognize that, unlike the validator set, the committee typically has a strictly permissioned structure that must be trusted. In Shutter, committee members, referred to as Keypers, are chosen through the protocol’s governance.

    The initial Shutter design utilized per-epoch encryption, wherein users encrypt transactions based on the current epoch of the underlying chain. This approach aimed to enhance efficiency and reduce latency by spreading the computationally intensive decryption process across numerous transactions. However, this design had a significant flaw. Once the epoch key was reconstructed, all transactions from that epoch became public, including those not yet included in blocks, which could expose some network users to MEV.

    This problem was resolved in the actual deployment on Gnosis Chain, where Shutter adopted per-transaction encryption. The Shutterized Beacon Chain on Gnosis Chain currently operates as an alternative RPC endpoint, which encrypts transactions and sends the ciphertexts to the sequencing contract. Following the standard threshold encryption protocol, once the transactions are included in a block and validated, they are decrypted and executed.

    0199a49a ee6f 7447 afb7 7dbf7e709c4a

    Per-transaction encryption sacrifices efficiency for simplicity as the committee’s workload increases linearly with transaction throughput rather than remaining relatively constant, as seen in a per-epoch model. Future advancements in mempool threshold encryption could enhance this balance.

    The Shutter team believes that batched threshold encryption (BTE) may provide a solution to the limitations of both per-epoch and per-transaction schemes. BTE keeps the committee’s load nearly constant while ensuring privacy for transactions not included in a block.

    In addition to the Shutterized Gnosis Chain, the Shutter team is developing the encrypted mempool module for the OP Stack, which is currently live on an Optimism testnet. This module supports per-epoch encryption and resolves the initial design issue of Shutter, as the transactions are linked to a specific block. Each transaction contains target block details, and the contract verifies the current block during execution, ensuring it only succeeds if it is included in that block. If it misses the target block, the check fails, causing the transaction to revert, after which it can be resubmitted for a new block.

    Although promising for MEV mitigation, Shutter is not entirely trustless at this time, as users depend on a permissioned keyper set. Another limitation is the elevated latency in the current deployment on Gnosis, which means that Shutter, in its present state, has limited effectiveness. While Gnosis blocks are created every five seconds, Shutter transactions currently average around three minutes for inclusion, primarily due to the restricted number of Shutterized validators and Keypers. The Shutter team is outlining a realistic strategy and an out-of-protocol roadmap toward a fully encrypted and more trust-minimized mempool on Ethereum. Achieving this goal will require coordinated efforts across wallets, RPCs, relays, builders, and validator incentives, followed by support within the protocol, after which the same components can extend to other EVM chains.

    This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.

    This article is for general information purposes and is not intended to be and should not be taken as legal or investment advice. The views, thoughts, and opinions expressed here are the author’s alone and do not necessarily reflect or represent the views and opinions of Cointelegraph.

    Cointelegraph does not endorse the content of this article nor any product mentioned herein. Readers should do their own research before taking any action related to any product or company mentioned and carry full responsibility for their decisions.

    Share.
    Avatar photo

    Ethan is a seasoned cryptocurrency writer with extensive experience contributing to leading U.S.-based blockchain and fintech publications. His work blends in-depth market analysis with accessible explanations, making complex crypto topics understandable for a broad audience. Over the years, he has covered Bitcoin, Ethereum, DeFi, NFTs, and emerging blockchain trends, always with a focus on accuracy and insight. Ethan's articles have appeared on major crypto portals, where his expertise in market trends and investment strategies has earned him a loyal readership.

    Related Posts