Writings

Every distributed cryptographic protocol, key management system or wallet runs on opaque hardware. In almost all cases, we do not know with any certainty that our hardware is executing the expected program and that it is not actually acting against us. Many cases of exactly this kind of betrayal have been uncovered. The latest proved deadly. This precedent suggests the likely existence of undetected malicious hardware in use today.

In our first post, we went over the big picture security shortcomings of TEEs and broke up the work that needs to be done into two: securing the completed chip against remote and physical attackers, and securing the chip against actors in the supply chain. While there is a lot of existing work on both categories, the latter is less explored for our purposes and requires more fundamental research so we are dedicating this post to the topic, and address remote and physical attackers in the next post. A verifiable supply chain is within reach. We demonstrate this by pointing out existing and ongoing research that constitutes various pieces of the puzzle. Along the way we also cover a good deal on open hardware which will provide important context for future posts. The post is structured as follows:

In this blog post we introduce a new approach to block building: parallel block building. Instead of treating all transactions as potentially conflicting - as traditional sequential building algorithms do - parallel block building recognizes that most transactions in a block are actually independent. When a user swaps ETH for USDC, it doesn't affect someone minting an NFT - so why process them sequentially?

Flashbots Protect is the longest running and most used private RPC in crypto. Since 2021, Protect has been used by 2.1 million Ethereum accounts to protect $43 billion in DEX volume and earn 313 ETH in refunds. Today, on its third anniversary, we look back on Protect’s journey and where it’s going next:

• More ways to earn and save gas
• Better observability into private mempools
• Enhanced privacy and refunds powered by secure hardware

Recent months have seen an awakening of several large use cases of TEEs, from OpenAI calling for new and improved TEEs and Apple announcing a hardware-based private cloud, to Ethereum transactions being privately processed in TDX and other blockchains leveraging SGX for integrity. Having worked quite closely with several use cases that are at the center of this excitement, we are aware of both the promise which secure hardware holds, and of the current insufficiency of today’s hardware to service these use cases. TEE solutions currently on the market simply do not offer sufficient security guarantees while alternative secure hardware families like TPMs, secure elements and smart cards offer better (although not perfect) security guarantees at the cost of needed performance and functionality. For the first time, there is substantial industry demand for high-power, high-performance hardware that is secure under a comprehensive threat model.

We’ve developed a platform for performance, programmability, and decentralization extensions for Rollups. It is powering the upcoming Unichain.

Today, we are announcing Rollup-Boost, a verifiable block building platform for rollups, enabled by Trusted Execution Environments (TEE) technology. Rollup-Boost was co-designed with Uniswap Labs and OP Labs, and its first deployment powers the upcoming Unichain, enabling fast confirmation times, strong user guarantees, and MEV internalization for the next generation of Defi apps.

Wallets are the gateway to Web3, serving as essential portals for users to send and receive messages, manage funds, and interact with blockchain applications. As a critical piece of blockchain infrastructure, wallets significantly shape users' Web3 experiences.

The wallet ecosystem is diverse, with providers offering varied products and services through different mechanisms. As wallet providers strive for sustainability and diversification, their operational models are evolving, creating new dynamics between users, applications, and the underlying blockchain infrastructure.

Our report aims to illuminate the current state of wallets on Ethereum, building upon the research conducted by orderflow.art.

This article examines the application of Fully Homomorphic Encryption (FHE) in the Maximal Extractable Value (MEV) space. Our approach allows searchers to blindly backrun user transactions using FHE. This prototype demonstrates how a searcher can compute the future price of a UniswapV2 pool over a user transaction, keeping it encrypted throughout the process. Although this method is not currently practical for deployment, it serves as a foundation for future improvement and expansion, which we discuss in the conclusion.

An open and efficient block building ecosystem is essential to Ethereum. In order to catalyze further innovation and collaboration in block building, Flashbots has open sourced rbuilder, our latest and most performant block builder written in Rust, and designed to work with Reth.

We believe that sharing the responsibility and benefits of advancing block building creates a positive sum game for all Ethereum stakeholders. rbuilder is designed to be developed and stewarded by the community, and open sourcing it will accelerate this future.

We encourage developers to contribute to rbuilder, all teams to develop their builders in the open, and the community to only trust builders who follow the norms of transparency and free software.

The Dencun fork is a major Ethereum upgrade planned for over 2 years and recently went live on March 13 at epoch 29696. This upgrade introduces blob transactions, designed to reduce transaction costs for rollups. This post will detail Flashbots’ engineering work in preparation for the upgrade.

This post presents Sirrah, a minimalist demo of extending a blockchain with confidential computing using Trusted Execution Environments (TEEs). We'll cover the development end-to-end: starting from Gramine-SGX and ordinary REVM, and ending with MEV-aware auction application... and a timelock encryption demo that you can try right now.