Paper 2024/1516

Practical Mempool Privacy via One-time Setup Batched Threshold Encryption

Arka Rai Choudhuri, Nexus
Sanjam Garg, University of California, Berkeley
Guru-Vamsi Policharla, University of California, Berkeley
Mingyuan Wang, NYU Shanghai
Abstract

An important consideration with the growth of the DeFi ecosystem is the protection of clients who submit transactions to the system. As it currently stands, the public visibility of these transactions in the memory pool (mempool) makes them susceptible to market manipulations such as frontrunning and backrunning. More broadly, for various reasons—ranging from avoiding market manipulation to including time-sensitive information in their transactions—clients may want the contents of their transactions to remain private until they are executed, i.e. they have *pending transaction privacy*. Therefore, *mempool privacy* is becoming an increasingly important feature as DeFi applications continue to spread. We construct the first *practical* mempool privacy scheme that uses a *one-time* DKG setup for decryption servers. Our scheme ensures the strong privacy requirement by not only hiding the transactions until they are decrypted but also guaranteeing privacy for transactions that were not selected in the epoch (*pending transaction privacy*). For each epoch (or block), clients can encrypt their transactions so that, once (encrypted) transactions are selected for the epoch, they can be decrypted by each decryption server while communicating only information. Our result improves upon the best-known prior works, which either: (i) require an expensive initial setup involving a (special purpose) multiparty computation protocol executed by the decryption servers, along with an additional *per-epoch* setup; (ii) require each decryption server to communicate information; or (iii) do not guarantee pending transaction privacy. We implement our scheme and find that transactions can be encrypted in approximately 8.5 ms, independent of committee size, and the communication required to decrypt an entire batch of transactions is 48 bytes per party, independent of the number of transactions. If deployed on Ethereum, which processes close to 500 transactions per block, it takes close to 3.2 s for each committee member to compute a partial decryption and 3.0 s to decrypt all transactions for a block in single-threaded mode. Compared to prior work, which had an expensive setup phase per epoch, we incur overhead in the worst case. On some metrics such as partial decryptions size, we actually fare better.

Metadata
Available format(s)
PDF
Category
Cryptographic protocols
Publication info
Preprint.
Contact author(s)
arkarai choudhuri @ gmail com
sanjamg @ berkeley edu
guruvamsip @ berkeley edu
mingyuan wang @ nyu edu
History
2024-09-30: approved
2024-09-26: received
See all versions
Short URL
https://ia.cr/2024/1516
License
Creative Commons Attribution
CC BY

BibTeX 

@misc{cryptoeprint:2024/1516,
      author = {Arka Rai Choudhuri and Sanjam Garg and Guru-Vamsi Policharla and Mingyuan Wang},
      title = {Practical Mempool Privacy via One-time Setup Batched Threshold Encryption},
      howpublished = {Cryptology {ePrint} Archive, Paper 2024/1516},
      year = {2024},
      url = {https://eprint.iacr.org/2024/1516}
}
Note: In order to protect the privacy of readers, eprint.iacr.org does not use cookies or embedded third party content.