encrypted mempools

1. "what" basics
2. "why" motivation
3. "how" metadata

• "what" basics
• "why" motivation
• "how" metadata

simple framework

encrypt

off-chain

simple framework

commit

encrypt

off-chain

simple framework

decrypt

commit

encrypt

off-chain

simple framework

decrypt

commit

encrypt

execute

off-chain

simple framework

decrypt

commit

encrypt

execute

on-chain

(1 slot)

off-chain

guaranteed decryption

sophistication

in-flight

enclave

threshold

delay

witness

guaranteed decryption

sophistication

in-flight

enclave

threshold

delay

witness

Protect

guaranteed decryption

sophistication

in-flight

enclave

threshold

delay

witness

Protect

SUAVE

guaranteed decryption

sophistication

in-flight

enclave

threshold

delay

witness

Protect

SUAVE

guaranteed decryption

sophistication

in-flight

enclave

threshold

delay

witness

Protect

SUAVE

VeeDo

readiness

readiness

readiness

homomorphism

encryption(m₁), encryption(m₂)

homomorphism

encryption(m₁), encryption(m₂)

​

encryption(f(m₁, m₂))

homomorphism

encryption(m₁), encryption(m₂)

​

encryption(f(m₁, m₂))

• "what" basics
• "why" motivation
• "how" metadata

problem 1—frontrunning

problem 1—frontrunning

problem 1b—centralisation

edge

no edge

problem 1b—centralisation

edge

edge

encryption

no edge

no edge

problem 2—censorship

edge

handicap

neutral

problem 2—censorship

/

edge

handicap

edge

handicap

encryption

neutral

• "what" basics
• "why" motivation
• "how" metadata

transaction metadata

IP address

size

sender

tip

transaction metadata

IP address

size

sender

tip

gas price

gas limit

nonce

signature

IP address

private broadcast

(e.g. Tor)

signature

public input:

private witness:

zk statement:

tx ciphertext

tx plaintext

tx ciphertext valid

signature

public input:

private witness:

zk statement:

tx ciphertext + state root

tx plaintext + sender pubkey Merkle proof

tx ciphertext valid + Merkle proof valid

signature

public input:

private witness:

zk statement:

tx ciphertext + state root

tx plaintext + sender pubkey Merkle proof

tx ciphertext valid + Merkle proof valid

signature valid

gas payment

public input:

private witness:

zk statement:

tx ciphertext + state root

tx plaintext + sender balance Merkle proof

tx ciphertext valid + Merkle proof valid

gas payment

public input:

private witness:

zk statement:

tx ciphertext + state root

tx plaintext + sender balance Merkle proof

tx ciphertext valid + Merkle proof valid

sufficient sender balance

nonce

public input:

private witness:

zk statement:

tx ciphertext + state root

tx plaintext + nonce Merkle proof

tx ciphertext valid + Merkle proof valid

new nonce valid

nonce

public input:

private witness:

zk statement:

tx ciphertext + state root + replay tag

tx plaintext + nonce Merkle proof

tx ciphertext valid + Merkle proof valid

new nonce valid

replay tag = H(nonce, private key)

nonce

public input:

private witness:

zk statement:

tx ciphertext + state root + replay tag + slot

tx plaintext + nonce Merkle proof

tx ciphertext valid + Merkle proof valid

new nonce valid

replay tag = H(nonce, private key, slot)

size

size

idea 1—pad to power of two

size

idea 1—pad to power of two

size

idea 1—pad to power of two

problem 1: imperfect packing

problem 2: imperfect privacy

size

idea 2—use homomorphism

size

idea 2—use homomorphism

ordering by fee

1 Gwei

3 Gwei

2 Gwei

ordering by fee

1 Gwei

3 Gwei

2 Gwei

ordering by fee

1 Gwei

3 Gwei

2 Gwei

optional access lists

timestamp

timestamp

dummy transactions

timestamp

thank you :)

justin@ethereum.org

commitment strength

on-chain

stronger

finality

off-chain

weaker