6 posts tagged with "privacy"

tl;dr: TEE attestations on their own do not provide all the information we need to use them securely. Attacks mounted with physical access or control over privileged software should also be mitigated. We have designed the Data Center Execution Assurance (DCEA) attestation protocol to extend attestation to trusted data center hardware. We do so by combining two roots of trust - one from the chip manufacturer and second from the date center operator. Intel has also announced Platform Ownership Endorsement (POE) that specifically addresses physical attacks. These protocols take a big step in reducing the attack surface area and trust dependencies of TEEs.

This post is part of a Flashbots research series exploring how decentralized blockbuilding connects Ethereum's scaling and privacy roadmap to real-world execution.

tl;dr: this post introduces Flashnet, a new anonymous broadcast protocol with much lower latency than existing alternatives. We plan to deploy Flashnet both (1) as a user-facing censorship resistance and anonymity tool that complements onchain privacy solutions and censorship resistance mechanisms like FOCIL; and (2) as a means to connect actors along the block building pipeline, moving BuilderNet closer to permissionlessness and the SUAVE vision. Flashnet is the event horizon for distributed block building — the signal passes through, the sender disappears.

Mitigating MEV using trusted hardware#

An important problem faced by many cryptocurrencies today is called Maximal Extractable Value (MEV). Transactions are submitted in the clear, and they are prone to front-running and back-running attacks. Such attacks allow the arbitrager to make unfair profit, at the expense of the users who are forced to buy and sell at a less favorable price. Because of such MEV attacks, an offchain ecosystem has developed: block builders now sell favorable positions in the block to both arbitragers and users alike, leading to a centralization effect. Today, 80%-90% of the Ethereum blocks are produced by the largest two block builders [Yang et al.].

This article examines the application of Fully Homomorphic Encryption (FHE) in the Maximal Extractable Value (MEV) space. Our approach allows searchers to blindly backrun user transactions using FHE. This prototype demonstrates how a searcher can compute the future price of a UniswapV2 pool over a user transaction, keeping it encrypted throughout the process. Although this method is not currently practical for deployment, it serves as a foundation for future improvement and expansion, which we discuss in the conclusion.

We are excited to announce that Flashbots is successfully running a block builder inside an SGX enclave, a trusted execution environment (TEE) developed by Intel. The SGX block builder is now live on the Ethereum Sepolia testnet, and soon on mainnet!

Our previous work on running Geth inside SGX demonstrated the technical feasibility of this approach. Now, we’ve made the next step towards block building inside encrypted enclaves, and want to share our key learnings and challenges, as well as the all the code and tooling for running a block builder inside SGX.

At Flashbots, we are exploring trusted execution environments (TEEs) such as SGX, as well as other privacy technologies including Multi-Party Computation and Homomorphic Encryption, as important building blocks for trustless collaboration along the transaction supply chain. This is particularly relevant for applications such as decentralized block building and sharing private orderflow.

Today we are happy to publish our efforts and a number of key learnings about running Geth inside SGX, for others to reuse, experiment with, and build upon.