Key Takeaways
- Maximal Extractable Value (MEV) refers to the profit that can be made by controlling the order and inclusion of transactions within a blockchain block, often exploiting public mempools.
- MEV is a significant issue, particularly on Ethereum, leading to substantial losses for users, especially through attacks like sandwiching.
- Shutter Network offers a solution using threshold encryption to obscure transaction data in the mempool, preventing block producers from extracting MEV.
- Shutter is currently the only deployed threshold-based MEV mitigation solution, live on the Gnosis Chain mainnet.
- While Shutter provides advanced MEV protection, it currently relies on a permissioned Keyper set and faces latency challenges in its current deployment.
Understanding Maximal Extractable Value (MEV)
Blockchains are celebrated for their transparency, but this very openness can be exploited. Maximal Extractable Value (MEV) arises when actors can profit by strategically influencing the order and inclusion of transactions within a block. This practice leverages the visibility of pending transactions in public mempools, essentially turning a blockchain’s transparency into a value extraction opportunity.
This challenge is prevalent across many blockchain networks, originating from the public nature of their mempools—ledgers holding unsent transaction data. This accessibility allows block producers and other sophisticated participants to gain from frontrunning legitimate transactions, executing their own trades before or after them to capture value.
Ethereum, in particular, has become notorious for MEV. It’s estimated that MEV extraction accounts for approximately 11% of block rewards on the network. Data from September highlighted that roughly $300,000 was lost specifically to sandwich attacks, underscoring MEV not as a minor glitch but as a persistent, hidden cost that disproportionately affects large trades during volatile market conditions.
Shutter’s Threshold Encryption as an MEV Mitigation Solution
Various cryptographic methods aim to curb MEV, including threshold encryption and homomorphic encryption. These techniques encrypt transaction details before they enter the mempool, keeping them hidden until their final placement within a block is determined. This prevents block producers from manipulating transaction sequencing for profit.
While many encrypted mempool architectures are still in the research phase, Shutter Network has emerged as a leading solution. It was the first threshold encryption protocol specifically engineered to combat MEV and is now the sole threshold-based approach actively deployed, operating live on the Gnosis Chain mainnet.
Threshold encryption operates by distributing decryption key components among a committee of keyholders. This ensures that no single entity can decrypt a transaction independently. Typically, in threshold-encrypted mempool systems, a Distributed Key Generation (DKG) process is initiated. This process yields a public key for encrypting transactions and individual private key shares for each committee member.
Users encrypt their transactions using the public key and submit these encrypted packages, or ciphertexts, to the network. Block proposers then arrange these ciphertexts into blocks. Once a block is finalized or a specific reveal condition is met, each committee member shares their decryption key component. A predetermined majority of these valid shares are combined to reconstruct the original transaction, much like a multi-signature wallet requires a quorum.
The threshold committee functions as an off-chain service that complements the on-chain operations. This design provides consensus agnosticism, allowing it to integrate with most blockchains without altering core consensus rules. However, it’s important to note that, unlike validator sets, the committee is typically a permissioned group that requires trust. In Shutter’s model, these committee members, known as Keypers, are selected through the protocol’s governance mechanisms.
Shutter’s initial design employed per-epoch encryption, where transactions were encrypted using a key specific to the current epoch of the underlying blockchain. This was intended to enhance efficiency and reduce latency by amortizing decryption costs across numerous transactions. However, this approach introduced a vulnerability: when the epoch key was reconstructed, all transactions from that epoch became visible, potentially exposing some users to MEV before their transactions were even included in a block.
This issue has been addressed in Shutter’s live deployment on Gnosis Chain, which utilizes per-transaction encryption. The Shutterized Beacon Chain on Gnosis Chain acts as an alternative RPC endpoint. It encrypts transactions and forwards the ciphertexts to a sequencing contract. Following the standard threshold encryption process, these transactions are decrypted and executed only after they are included and validated within a block.
Per-transaction encryption prioritizes simplicity over the efficiency of per-epoch systems, as the committee’s computational load scales directly with transaction volume. Future advancements in mempool threshold encryption could potentially improve this trade-off.
The Shutter team is exploring Batched Threshold Encryption (BTE) as a promising avenue to overcome the limitations of both per-epoch and per-transaction schemes. BTE aims to maintain a near-constant load on the committee while ensuring transaction privacy for those not yet included in a block.
Beyond the Shutterized Gnosis Chain, Shutter is developing an encrypted mempool module for the OP Stack, which is currently active on an Optimism testnet. This module supports per-epoch encryption but has resolved the earlier design flaw by linking transactions to specific blocks. A transaction must target a particular block, and the contract verifies this during execution. If the transaction doesn’t land in the intended block, it reverts and can be resubmitted for a new target block.
Despite its significant potential for MEV mitigation, Shutter is not entirely trustless at present, as users depend on a permissioned set of Keypers. Another challenge is the current latency in its Gnosis Chain deployment. While Gnosis blocks are produced every five seconds, Shutter transactions can take an average of three minutes to be included, largely due to a limited number of Shutterized validators and Keypers.
The Shutter team has outlined a phased approach towards achieving a fully encrypted and more trust-minimized mempool on Ethereum. This roadmap involves collaborative efforts across wallets, RPCs, relays, builders, and validator incentives, followed by in-protocol support, which could then be extended to other EVM-compatible chains.
Final Thoughts
MEV presents a complex challenge to blockchain transparency and user security. While cryptographic solutions like threshold encryption offer a promising path forward, projects like Shutter are actively working to balance security, efficiency, and decentralization in their pursuit of a more equitable blockchain ecosystem.