We're excited to announce that Shutter and Primev are partnering to bring the first threshold encrypted mempool to Ethereum's out-of-protocol transaction supply chain, PBS (Proposer-Builder Separation). This integration targets the long standing issue of front running, sandwich attacks, and real-time censorship across the PBS pathway, which processes the vast majority of Ethereum transactions today.
Soon Ethereum users can connect a custom RPC to their wallets and gain protection against malicious MEV and real-time censorship on Ethereum.
The encrypted mempool will launch on a new/separate FastRPC endpoint hosted by Primev.
- Coming soon: Proof of concept (PoC)
- December 2025/Jan 2026: Mainnet launch
- Future: Kohaku integration
Quick links:
The Malicious MEV Risk in Ethereum’s PBS Pipeline
Ethereum users lose value every day through front running, sandwich attacks, and censorship. A DEX swap gets sandwiched. An NFT mint gets front run. These attacks work because transactions sit visible in the public mempool before inclusion, giving attackers time to react and profit.
Due to this visibility on the public mempool, it’s estimated that since 2020, more than $1.8 billion has been drained from Ethereum users through MEV, much of it from malicious tactics like front running and sandwich attacks.
PBS is generally considered to be an improvement to Ethereum’s architecture, but it does not eliminate this early-visibility problem. In practice, it can introduce new trust assumptions: builders gain earlier and more structured access to transaction contents, which can unintentionally strengthen informational advantages compared to public searchers. This means the potential still exists for transactions to be reordered, sandwiched, or deprioritized before they ever reach a proposer.
Because block production tends to concentrate among a small number of highly performant builders, this visibility (and the associated responsibility) is held by only a few actors. That concentration can introduce coordination risks, create opportunities for targeted censorship, or allow commitments to be ignored without a built-in enforcement mechanism.
An encrypted mempool removes this visibility and cuts off the data that malicious MEV depends on.
Note: An encrypted mempool is different from a private mempool. Private mempools send your transaction to a trusted group that can still see its contents, while encrypted mempools keep transactions unreadable for everyone until the ordering is fixed.
The Solution: An Encrypted Mempool That Encrypts Transactions
The solution is to implement an out-of-protocol threshold encrypted mempool that hides transaction contents until the execution order is fixed. This removes the early visibility that attackers rely on and prevents builders and searchers from reacting to user intent.
We achieve this by combining Shutter's threshold encryption with Primev’s mev-commit:
- Shutter’s threshold encryption distributes trust across multiple parties called Keypers. A transaction encrypted under this scheme can only be decrypted when a threshold number of keypers (t out of n) cooperate to release their key shares. This prevents any single party from decrypting early and extracting MEV.
- Primev’s mev-commit adds economic enforcement through its preconfirmation infrastructure. Builders commit blind to encrypted transactions using cryptographic commitments backed by slashable stake. This ensures builders cannot break their commitments without facing penalties.
- Validators can participate seamlessly using Commit-Boost, mev-boost, or any other sidecar that supports relays, requiring only a simple relay configuration to start earning preconfirmation rewards without operational overhead.
What the Encrypted Mempool Looks Like in Practice:
- Users submit encrypted transactions that hides their transactions’ contents
- Builders commit blind before seeing contents
- Keypers release decryption keys only after sufficient commitments
- Oracle verifies inclusion and slashes builders who break commitments
At launch, there is still a short window where the RPC can see transactions before encryption. This will be resolved through a planned Kohaku and/or dApp integration.
When is the Full Launch?
- Coming soon: Proof of concept (PoC)
- December 2025/Jan 2026: Mainnet launch
- Future: Kohaku integration
The Next Step Toward Protocol-Level Protection
Encrypted mempools have steadily gained recognition as one of the best ways to tackle malicious MEV and real-time censorship on Ethereum. Challenges around latency, complexity, and collusion remain, but newer models and technologies are now addressing these issues directly, and the progress is clear.
This integration in Primev is part of an active roadmap led by Shutter and ecosystem partners to finally confront malicious MEV and real-time censorship at scale on Ethereum. The long term plan is to implement an encrypted mempool at the protocol level so all users are protected by default without needing to take any action.
The out-of-protocol threshold encrypted mempool on PBS marks decisive progress toward that goal. It is Shutter’s second mainnet deployment after Gnosis Chain and further evidence that a protocol-level encrypted mempool on Ethereum is not only viable, but firmly underway.
