Maximal extractable value (MEV) is a prominent issue in Ethereum after DeFi prospered. Many existing proposals aimed at how miners (validators) and searchers can better extract MEV but few focused on the detriment of MEV attacks on users transactions which can affect the users and stakeholders in Ethereum and they are more deterministic for the development and future of Ethereum in the long run. Therefore in this proposal we try to regulate MEV and mitigate MEV attacks via privacy-preserving techniques. We also optimize Proposer Builder Separation (PBS) to achieve such malicious MEV prevention in a more usable, efficient and low-cost way, which will promote Ethereum to become more user-friendly, sustainable and equitable for public.
We appreciate the generous support of Ethereum Foundation and we will use the Ethereum Ecosystem Grant to encourage every member in the Ethereum community to join and contribute to our project and fairly reward them corresponding returns according to their actual contribution. Everyone in the community can freely leave any valuable comments in this page to contribute in different ways and all kinds of contribution will be accepted equally such as giving golden critiques, undertaking any actual work like development and evaluation, or promoting it to others for more support. Thanks a lot and look forward to your participation and collaboration!
Below is our proposal supported by the funding of Ethereum Ecosystem Grant and you can also access it here and leave comments there.
As described in Flash Boys, centralization makes trading in the real world unfair and somebody can earn from arbitrage. Blockchain aims at building a more decentralized order and environment to achieve equal and inclusive trading for everyone. However the actuality is that on-chain service providers like miners can still have privileges for arbitrage called Maximal Extractable Value (MEV) because they can self-determine the content and sequence of transactions within the block.
In 2021 the amount of MEV is more than $730 million, which becomes a major issue in DeFi and blockchain. There are different kinds of MEV. Besides normal arbitrage opportunities like price differences, one kind of MEV is on users’ transactions that miners can arbitrarily view, censor, and reorder users' transactions before putting them on chain to earn extra profits from them at the expense of users' interests.
Such kind of MEV is detrimental to users and to protect users from such MEV, different privacy-preserving techniques have been proposed to hide the details of users' transactions like the commit-reveal scheme, which allows users to submit an encrypted transaction to the chain, and reveal the content later only after it is confirmed with immutability. Compared with other full privacy-preserving techniques like zero-knowledge proof, it doesn't provide so strong privacy protection but is already enough for protecting users' transactions from MEV at lower cost and better efficiency, which is more practical and economical for most users.
However, the current commit-reveal scheme still has unsolved problems for practical and widespread use. For each transaction, commit-reveal requires users to submit twice on chain including one encrypted and one revealed, which is not so efficient and reliable. For a better commit-reveal scheme, we design a new commit-reveal scheme with improved Proposer Builder Separation (PBS) that optimizes the whole on-chain process. Proposers reach consensus together on the encrypted transactions users commit first, then decrypt and reveal them for the builder to verify, execute and append on chain. With corresponding technical evaluation and economic analysis, we will prove that it will resist MEV better and benefit users, proposers, and builders.
Some malicious MEV previews users' transactions in advance and then censors and reorders them like front-running and sandwich attacks. To prevent such MEV, different solutions have been proposed including PBS and privacy-preserving techniques. Based on the PoS consensus used by Ethereum 2.0, miners working on PoW will be replaced by validators, and PBS separates validators into builders constructing new blocks and proposers, especially accepting and putting new blocks on chain. In this way, MEV profits could be shared with builders, and proposers can transfer the workload of sophisticated block construction and MEV execution while maintaining the stability and decentralization of blockchain consensus.
However, PBS does not prevent malicious MEV from users' transactions. To protect the transactions of users from MEV, privacy-preserving techniques like cryptography and zero-knowledge proof can make the details of transactions fully private except for users themselves, so builders and proposers have no chance to know the transaction content to launch MEV attacks on them.
However, the additional cost and delay caused by many privacy-persevering MEV resistance techniques are too high to be used in reality. Achieving full privacy-preservation like the zero-knowledge proof is too costly and inefficient, and there is no need to make transactions fully private for MEV resistance. Also, full privacy-preserving will inevitably compromise usability and transparency to some degree, which is not so applicable in practice like meeting requirements of the financial regulation. Full privacy also doesn't work in many DeFi applications like AMM, which needs to reveal the latest public states timely for usability and transparency. Other proposed solutions either need centralized third-party or strong security assumptions, which are not reliable and realistic under many situations.
To address the issues above, in our research, we will look into different kinds of privacy-preserving techniques like commit-reveal and optimize them to enhance their usability, efficiency, and reliability. On the other hand, by improving PBS and combining it with optimized privacy-preserving techniques, we make PBS MEV resistible, and improved PBS can better implement optimized privacy-preserving techniques.
In our commit-reveal design, users send encrypted transactions to proposers. Based on the improved PBS, proposers will first accept and reach consensus on them. They can't do any MEV attacks because the content of transactions is hidden. After proposers confirm which transactions will be put on chain, those transactions can be revealed and sent to the builder for validation and execution. Knowing the details of transactions after being revealed, builders can process them at lower cost and better efficiency, but they can't extract MEV because their ordering and content have already been determined by proposers during the commit phase. In this way, users could be protected from MEV attacks when proposers commit their transactions first for consensus, and maintain transparency and usability when builders reveal their transactions to process and put them on chain.