what are the open challenges in mev privacy?
[ phil daian | flashbots ]
cryptodon.lol/@phil
(codename) SUAVE
… the next step for Flashbots
Full spec coming (very) soon; discuss and build with us today.
The Single Unifying Auction for Value Expression
What is SUAVE?
- Fully decentralized block-builder
- Fully open source, open development
- ETH-Native / EVM-compatible
- Optimal user execution, harnessing MEV
- Full compatibility with Flashbots today
- Cross/multi-chain support
- Maximizes competition and geographic diversity
- Enabling open orderflow for Ethereum's future
- Programmable privacy
Full spec coming (very) soon; discuss and build with us today.
… some trillion $ questions
… some trillion $ questions
We will be talking about privacy in service of two goals.
Privacy goals!
Privacy goals!
informal proposal - proof of private tx (PoTX)
informal proposal - proof of private tx (PoTX)
PoPTX(hash, public_txs, private_txs)
informal proposal - proof of private tx (PoTX)
informal proposal - proof of private tx network (PoTX)
informal proposal - proof of private tx network (PoTX)
We will be talking about privacy in service of two goals.
… definitions
SUAVE is a stateful system.�
SUAVE states are denoted by s1 -> s2 -> s3 ... , where s is the current SUAVE state and S is the set of all historical/past SUAVE states.
A SUAVE bid (preference) maps future states of the world to their utility to the bidder.
A bid is a program (smart contract on SUAVE), such that exec(bid, s) outputs b,e where b is a natural number that is paid to address e (the executor who executed the SUAVE transaction).
… definitions
exec(bid, s) outputs b,e where b is a natural number that is paid to address e
SUAVE contains special oracle contracts that are responsible for importing external events into s. One simple example is an ETHOracle contract, which allows SUAVE bids to query ETH history.
�This oracle may have data as follows (assume in some arbitrary s):
Block 1, hash 0xf, log hash 0xa, transactions [0x1, 0x2, 0x3]
Block 2, hash 0xe, log hash 0xb, transactions [0x3, 0x4, 0x5]
Block 3, hash 0xd, transactions []
Example Bids! exec(bid, s) outputs b,e where b is a natural number that is paid to address e
If in block 2, transaction 0xcafe comes at position 0, pay 3ETH (b) to the sender of the tx (e) at position 1
Or
If in block 3, transaction 0xcafe comes before transaction 0xdeadbeef comes before transaction 0x00 (effective sandwich), pay 3ETH (b) to the sender of the tx following the sandwich (e)
Or
If block 3 is empty, pay the miner (e) 3ETH (b)
Or
If [x] is in the execution logs (w Merkle proof), pay the originator of the transaction corresponding to [x] (e) 3ETH (b)
We will be talking about privacy in service of two goals.
Addressing our first goal: MEV-GETH in SUAVE
TODAY:
Searchers <-> Relay <-> Sequencers
Searchers submit bids to the relay which represent bids to sequencers, which may or may not be valid/lucrative. The relay is trusted to ensure relayers are paid (spam control).
SUAVE:
Searchers <-> SUAVE <-> [ Executor <-> L1 ]
MEV-GETH in SUAVE
Searcher -- I would like [tx1,tx2,tx3] mined
Relay -- Estimate profit to miner for [tx1,tx2,tx3], prune to only send most promising bundles to miner
Sequencer -- Receive relay bundles, re-execute to confirm payment.
----------->
Searcher -- I would like [tx1,tx2,tx3] mined, and if they are, I would like to pay 3ETH (b, unconditional)
SUAVE -- Propagate and aggregate searcher input, ensure payments are valid
Executor -- Ensure validators perform economically optimal action
Case 1: Validator is SUAVE-native
Validator can profit switch b against best known mempool block
Case 2: Validator is SUAVE-unaware
Executor gets miner to mine optimal TX order
We develop native plugins for Case 1 while allowing anyone to develop Case 2.
informal proposal - proof of private tx network (PoTX)
where is mev going?
user
validator
minimize
maximize
We will be talking about privacy in service of two goals.
r
Users must start leveraging their MEV negotiating power.
Two routes –
permissioned execution / futures / “information
auction”��VS.
programmable privacy
Users must start leveraging their MEV negotiating power.
Two routes –
permissioned execution / futures / “information
auction”��VS.
programmable privacy
r
Users decide when their transaction is valid, when it can be decrypted.
Users can partially decrypt transactions to aid in execution; otherwise, arbs are “blind”
User is mined if arb value of their transaction > marginal cost.
Combine with fee escalator�== always optimal execution�(from minimizing MEV perspective)�(best possible user social outcome*)�
mev
subsidy
time
tx mined
BUT, how much to leak (help MEV optimization)�vs. keep private?��Most extreme: searcher learns 0 until block is signed�Can only reorder/merge encrypted blobs (w own arb txs)
Least extreme / 0 privacy: send to mempool
Middle grounds (eg take a Uniswap tx):
mempool
full privacy - inefficient MEV
Help us choose the best point! (and let’s get to privacy already)
let’s reach
the
mountaintop
together <3
this is
a call
to action!
collective.flashbots.net
Users
Wallets
Rollups
Researchers