We appreciate the thoughtful perspectives of the analysts at a16z Crypto on the limitations and potential of encrypted mempools in addressing MEV (Maximal Extractable Value). Their recent blog post raises valid points and highlights genuine challenges.
That said, we see several key issues differently and offer a perspective informed by real-world experience and recent technical progress.
In the spirit of constructive dialogue, we’d like to share where our views diverge.
Encrypted Mempools: Not Universal, But Still Highly Effective
We agree with a16z Cryptos’s analysts that encrypted mempools are not a "silver bullet" for eliminating all malicious MEV. However, encrypted mempools don't need to be universally perfect to provide substantial value:
- Encrypted mempools have the potential to significantly reduce sandwich attacks and front-running at the protocol level, while minimizing trust assumptions.
- In doing so, they can also significantly reduce centralization risks by distributing the power of transaction ordering.
- And when encrypted mempools are implemented on Ethereum in combination with ePBS and FOCIL integrations, they can dramatically strengthen (real-time) censorship resistance on Ethereum.
Our threshold-encrypted mempool, live on Gnosis Chain since July 2024, alongside a collaboratively authored whitepaper outlining Ethereum integration, demonstrates their significant real-world viability.
Encrypted mempools aren’t a new concept. Researchers and industry leaders - Vitalik Buterin, Martin Koppelman, Marc Harvey-Hill - have long advocated for their adoption due to benefits that go well beyond just malicious MEV protection. Projects like Arbitrum and Espresso have announced plans to implement their own versions.
Addressing Key Arguments:
1. Collusion in Committees
A16z Crypto analysts point: “a malicious committee privately decrypting transactions early will generate no public evidence… assumption that a committee won’t collude more tenuous.” (a16z Crypto)
Our View: New “traitor-tracing” threshold schemes, “snitching solutions” and SGX-attested SUAVE kettles add cryptographic tracing or hardware attestation plus automatic slashing - making early decryption economically irrational. (eprint, Medium, The Flashbots Collective
2. Metadata Leakage Risks
A16z Crypto analysts point: “the biggest problem is metadata … searchers can use this metadata to guess the intent of a transaction.” (a16z Crypto)
Our View: We agree with a16z Crypto that searchers could use metadata to attempt speculative MEV. But meaningful work is already underway to address this. For IP-level privacy, anonymity layers like Hopr (Gnosis VPN) or Tor-style relays are essential. For transaction-level metadata and fees, zero-knowledge proofs offer strong protections. Active R&D is padding, batching, Tor-style relays and MPC-based bundle scoring. Flashbots’ FRP-18 already prototypes full metadata-hiding bundles. These solutions significantly reduce metadata-based vulnerabilities. (The Flashbots Collective)
3. Transaction Fee and Spam Problems
A16z Crypto analysts point: “transaction fee … The first problem is spam.” (a16z Crypto)
Our View: Batched-threshold designs embed a cheap zk-proof that the encrypted tx is funded, cutting spam without revealing gas data, and early BEAT-MEV benchmarks hit <2 ms encrypt / <440 ms decrypt for 512 tx. (BEAT-MEV)
4. Latency and Computational Overheads
A16z Crypto analysts point: “Encryption adds latency, computational and bandwidth overhead to the chain.” (a16z Crypto)
Our View: Batched decryption compresses committee traffic to O(n) and decrypts a full Ethereum-sized block in ≈3 second single-threaded - well inside the 12 second slot time - so throughput targets remain intact. (BEAT-MEV)
5. Incentivized Decryption Concerns
A16z Crypto analysts point: “Users might be induced to give up their decryption keys… incentivized decryption.” (a16z Crypto)
Our View: All viable encrypted mempool designs do not encrypt with the users key, as this would present users with “free option” and break the system. So users can't give up their decryption keys because they're managed by a decentralized committee or hardware based encryption system.
In addition to that, MEV-Share style programmable-privacy auctions let users sell just hints while keeping keys sealed, turning order-flow deals into transparent, competitive markets instead of one-sided bargaining. (The Flashbots Collective)
6. Encrypted Transaction Censorship Risks
A16z Crypto analysts point: “proposers and/or builders…they may refuse to sequence any encrypted transactions.” (a16z Crypto)
Our View: Inclusion-list and smart-account encrypted-mempools enforce ordering/inclusion on-chain and slash proposers/encrypted mempool providers that censor, giving encrypted flow first-class status - this guarantees encrypted transactions equitable treatment (Shutter blog, Ethereum Research)
7. Timing and Computational Delay Concerns
A16z Crypto analysts point: “it is more difficult to ensure precise timing of decryption … the delay is computational in nature.” (a16z Crypto)
Our View: We agree with a16z Crypto that VDF-based time-lock encryption isn’t the right technology. Current designs are now shifting away from computationally intensive VDFs toward threshold keys released by committees or attested TEEs on slot-finality, giving millisecond-precise release without exotic hardware. (ShutterTEE, The Flashbots Collective)
8. Increased Trade Failures Due to Price Uncertainty
A16z Crypto analysts point: “the number of trade failures due to exceeding the price slippage tolerance are likely to increase.” (a16z Crypto)
Our View: Selective, opt-in encryption (only high-MEV / high-value flows) keeps most flow transparent, so price discovery stays tight while sensitive orders gain protection - exactly the hybrid path outlined in FRP-18. (The Flashbots Collective)
Moving Forward
We welcome ongoing dialogue around encrypted mempools. They are a valuable component within a broader set of strategies to combat malicious MEV. While no single solution can solve every problem, encrypted mempools undeniably strengthen the fairness of the transaction supply chain.
Shutter remains committed to advancing these innovations and collaborating with the industry to deploy effective malicious MEV protections.
