Batched Threshold Encryption (BTE) is a revolutionary concept that has the potential to transform the world of decentralized ledgers. Based on fundamental concepts such as threshold cryptography, BTE enables secure collaboration between multiple parties without exposing sensitive data to a single participant. This technology is an evolution of the earliest Threshold Encryption (TE) encrypted mempool systems, and its development has been a topic of interest in recent years.
The importance of BTE lies in its ability to prevent extractive practices known as Maximum Extractable Value (MEV). MEV leverages the block applicant’s ability to rearrange, include, or omit transactions for financial gain, resulting in significant losses for users. Typical forms of MEV exploitation, such as front-running and sandwich attacks, remain ubiquitous, particularly on Ethereum. In fact, an estimated $2.9 million was withdrawn during the October 10 flash crash, highlighting the need for a solution to prevent such extractive practices.
Researchers have attempted to prevent MEV with mempool designs that keep pending transactions encrypted until the block is completed. Many encrypted mempool proposals use a form of threshold encryption (TE) to achieve this. TE shares a secret key that can reveal the transaction data across multiple servers, similar to a multisig, where a minimum number of signatories must work together to combine their key shares and release the data.
However, standard TE has difficulty scaling efficiently because each server must decrypt each transaction separately and transmit a partial decryption share for it. These individual shares are recorded on-chain for aggregation and verification, creating a server communication load that slows down the network and increases chain congestion. BTE solves this limitation by allowing each server to share a single constant-size decryption share that unlocks an entire batch regardless of size.
The first functional version of BTE, developed by Arka Rai Choudhur, Sanjam Garg, Julien Pet, and Guru-Vamsi Policharla (2024), used the so-called kzg commitment scheme. This allows the server committee to bind a polynomial function to a public key while initially keeping this function hidden from both users and committee members. To decrypt transactions encrypted with the public key, it must be proven that they fit into the polynomial. Since a fixed degree polynomial can be determined entirely from a fixed number of points, the servers only need to exchange a small amount of data together for this proof.
Current TE implementations, such as Ferveo and MEVade, could integrate BTE to maintain privacy for non-batch transactions. BTE also naturally fits with Layer 2 rollups like Metis, Espresso, and Radius, which already strive for fairness and privacy through time-delayed encryption or trusted sequencers. By using BTE, these rollups could achieve a trustworthy ordering process that prevents anyone from exploiting transaction transparency for arbitrage or liquidation profits.
However, the first version of BTE had two major drawbacks: it required a complete re-initialization of the system, including a new round of key generation and parameter setup every time a new transaction batch was encrypted, and decryption consumed a lot of memory and computing power. Both factors limited the practicality of BTE, making it virtually prohibitive for medium-sized permissioned committees, let alone any attempt to scale it to a permissionless network.
Upgrades to BTE have been made to improve server communication and reduce the limitations of the original design. Choudhuri, Garg, Policharla, and Wang (2025) performed the first upgrade to BTE, introducing a scheme called one-time setup BTE. This scheme required only a single initial distributed key generation (DKG) ceremony to be run once on all decryption servers. Later, a paper titled BEAT-MEV introduced a single, one-time initialization that could support all future batches, using advanced tools such as puncturable pseudo-random functions and homomorphic threshold encryption.
Another paper, BEAST-MEV, introduced the concept of Silent Batched Threshold Encryption (SBTE), which eliminated the need for an interactive setup between servers. It replaced repeated coordination with a non-interactive, universal one-time setup that allows nodes to work independently. The subsequent combination of all partial decryptions still required extensive interactive calculations, but BEAST-MEV leveraged BEAT-MEV’s sub-batching technique and parallel processing to enable the system to decrypt large batches (up to 512 transactions) in less than a second.
The potential of BTE also applies to protocols like CoW Swap, which already mitigate MEV through batch auctions and intent-based matching, but still expose portions of order flow in public mempools. Integrating BTE before solver submission would close this gap and ensure end-to-end transaction protection. For now, Shutter Network remains the most promising candidate for early adoption. Additional protocols are likely to follow as implementation frameworks mature.
This article does not contain any investment advice or recommendations. Every investment and trading activity involves risks, and readers should conduct their own research when making their decision. This article is for general information purposes and is not intended to constitute, and should not be construed as, legal or investment advice. The views, thoughts, and opinions expressed herein are those of the author alone and do not necessarily reflect the views and opinions of Cointelegraph. Cointelegraph does not endorse the content of this article or the products mentioned in it. Readers should conduct their own research before taking any action regarding any of the products or companies mentioned and should take full responsibility for their decisions. For more information, visit https://cointelegraph.com/news/how-batched-threshold-encryption-could-end-extractive-mev-and-make-defi-fair-again?utm_source=rss_feed&utm_medium=rss_category_analysis&utm_campaign=rss_partner_inbound
