# A Privacy-enhanced Ethereum client
The fact that Ethereum transactions are public before being finalized in a block allows for undesirable properties:
* censorship: where block builders are bribed to *not* include specific transactions
* frontrunning/sandwich: where block builders are bribed to include additional transaction(s) *before* a target transaction, in order to steal opportunities or otherwise change the conditions in which the target transactions will be executed.
To help combat these issues, services have appeared which promise to keep transactions private until they are sent to a block builder, such as [Flashbots Protect](https://medium.com/flashbots/announcing-flashbots-protect-9e039e9f0aa3) and [Eden Rocket RPC](https://medium.com/edennetwork/introducing-eden-rocket-rpc-beta-e8c1ce0e8afb). These solutions provide partial transaction privacy, but come with their share of drawbacks.
* **centralisation**: where the private transaction flow depends on a couple of providers, creating attack or regulatory targets.
* **limited privacy**: service providers have access to full transaction data. Compounding the issue, there is an obvious financial incentive for service providers to sell this transaction flow for profit, which further erodes privacy.
* **censorship**: private transaction providers and/or block builders can still censor transactions
* **trust required**: users need to trust service providers guarantees that their transactions will not be censored or frontrun.
Here is our view of a better system, which augments the current, open Ethereum p2p network with an additional private, encrypted p2p network between enhanced Ethereum nodes.
The enhanced nodes would be full ethereum execution clients, and for regular nodes behave exactly like normal ethereum nodes, but would additionally include a verified TEE (Trusted Execution Environment) enclave, where all private information would reside before being published on the blockchain.
In addition to the classip gossip of transactions and blocks between nodes via the regular p2p network, enhanced nodes establish a second, encrypted p2p network which allows secure communication between the TEEs of enhanced nodes.
New functionality supported by enhanced nodes within the TEE enclave would include:
1. **Private transaction acceptance and gossip**
Transactions can be public when sent to a classic ethereum node, or private when sent to an enhanced ethereum node. Private transactions are encrypted when entering the TEE, gossipped between TEE nodes as encrypted blobs, and merged into blocks within the TEE enclaves. Full privacy (until inclusion in a public block) is guaranteed as long as the TEE is not broken.
2. **MEV searching**
Searchers submit bots to the TEE within an enhanced ethereum node, as well as a (small) payment for future bot execution and storage cost. Each bot includes a "filter" function whose purpose is to rapidly determine transactions of interest, and a "process" function which makes a deeper analysis of transactions passing the filter. The "process" function may produce a bundle of "post" transactions to be included after the target transaction.
The VM keeps track (and possibly limits) the time and space used by the bots, as well as the persistent storage, and bills them accordingly. The income (reward) paid to the operator of the TEE enhanced node is computed on a sliding scale, dependent on the number of enhanced nodes, and designed to incentivize running such TEE enhanced nodes.
In effect, a part of the income generated from backrunning MEV is used to subsidize the network of nodes supporting private transactions and fair block building.
3. **Block building**
Block payloads are assembled from public and private transactions, as well as bot generated bundles, within the TEE enclave, and do not exit the enclave until a block has been signed for this specific payload.
The block building algorithm is fair and predetermined, sorting all candidates for inclusion according to the (priority fee + coinbase transfer) paid per unit of gas.
When a MEV bundle is a candidate to be included during the block building process, it is first simulated within the TEE to verify that it executes successfuly, a necessary condition for its inclusion. Regardless of the result of the simulation, a simulation fee is charged to the bot operator.
4. **Bundle gossip**
When an enhanced node generates MEV bundles within its TEE (by running searcher's bots), these bundles are first simulated locally to verify that they would execute correctly on the current chain state, and if valid they are gossipped on the encrypted p2p network to other enhanced nodes, so that they will be candidates for inclusion into blocks payloads built by any enhanced node. Similarly bundles received from peers are gossipped on the encrypted p2p network to ensure they will be considered by all enhanced nodes (no new simulation is required since the original simulation can be trusted).
5. **Block payload gossip**
As it receives new gossipped transactions and bundles, and it generates new bundles internally by running searcher's bots, the enhanced node keeps trying to build increasingly profitable block payloads. Block payloads are build from mev bundles (both generated locally or gossipped from other nodes), and transactions (both from the private and public mempools). Regardless of the source, the order is determined by the coinbase profit per unit of gas used, so bundles are not necessarily added on the top of the block. Every block payload built within the TEE is fully simulated to guarantee that no included transaction reverts, and that the stated profit to the `block.coinbase` address is accurate.
It might be desirable to redirect part of the MEV block profit as reward for the enhanced node which created the finalized block payload, hereby incentivizing the existence of such nodes.
Whenever a more profitable block payload is built, it is gossipped on the encrypted p2p network, so that other nodes can consider it for proposal (or gossip) if it is currently the most profitable known.
We observe that this system, assuming a secure trusted enclave system, provides the following properties unconditionally:
* **censorship resistance** private transaction never leave the TEE (unless encrypted) and are included into block payloads using a predetermined and verifiable algorithm.
* **frontrunning protection**, by construction, bundles cannot include frontunning transactions, while still allowing an open market for *desirable* backrunning MEV.
* **complete privacy guarantee** (until the transaction is finalized in a block or included in an uncle): as soon as a transaction enters a TEE, all further processes (transaction gossip, MEV searching, block payload building) are executed within TEEs or gossipped via encrypted p2p links.
* **permissionless**: anyone can run a privacy-enhanced node (cost around $2000 for a Intel Xeon 4309Y server supporting large SGX TEEs). Possible users could be searchers wanting to submit and run MEV bots, Ethereum services wanting to submit private transactions to the network, or staking pools wanting to run MEV-enabled execution clients.
* **decentralized**: No centralized actor is needed for relaying searcher's bundles, assembling bundles and transactions into block payloads, or private transaction acceptance and distribution.
> For efficient evaluation within the TEE, a state witness is generated and attached to private transactions upon entry in the TEE system. Similarly, when a MEV bundle is generated within a TEE, a state witness is generated and attached to the bundle. These state witnesses are propagated along with the private transactions and MEV bundles on the encrypted p2p network. The presence of these state witnesses alongside transactions and bundles helps speed up the simulations required for block building within the TEE.