Introducing Encrypted Mempool: MEV protection native to Aptos

By Rex Fernando, Guru-Vamsi Policharla, Andrei Tonkikh, and Zhuolun Xiang

If approved by governance, Aptos will be the first L1 to offer users the option to send transactions via a native Encrypted Mempool. The new feature will deliver full transaction intent confidentiality without impacting speed/performance or transparency onchain. Users can submit encrypted transactions with one click, fully protected from frontrunning and orderflow leakage.

In 2025, DEX spot volumes regularly exceeded $200B per month (averaging ~$476B/month in Q3), surpassing leading regional CEXs.

DEXs revolutionized trading by removing two fragile points of trust in CEXs: custody and settlement. Traders no longer need to surrender control of their assets or rely on a central intermediary to finalize transactions. Every order, execution, and settlement can happen transparently and trustlessly onchain.

But for all their transparency, DEXs still expose trader strategies to potential exploitation. Between when you submit a transaction and when it’s recorded onchain, the details of what you plan to trade, and how, is visible to the entire network; this allows others to anticipate, copy, or exploit it before it becomes part of a block.

A new proposal on Aptos aims to solve this new frontier of trading efficiency.

With Aptos Encrypted Mempool, transaction details remain confidential until execution, protecting user intent from frontrunning, censorship, or orderflow manipulation, all without sacrificing speed or trust assumptions. The transactions are completely revealed to all validators after the block is confirmed, and all transaction information is recorded onchain as normal.

Encrypted Mempool secures intent at the protocol layer and makes it safe for large values to move freely without fear of censorship or frontrunning; This confidentiality is the precondition for true internet scale.

Why Protecting Intent Matters

In most blockchains today, transactions are first sent to full nodes, and then broadcast to validators. All of these entities can delay, reorder, or even censor these transactions before they are confirmed. Every pending transaction is visible to all validators before execution. Nothing stops participating validators from profiting off that visibility by selling orderflow or front-running trades.

This intent visibility has fuelled a multibillion-dollar shadow market, collectively known as maximal extractable value (MEV).

The Encrypted Mempool on Aptos is designed to help address this issue. It enables users to submit transactions whose payloads remain confidential while the block is ordered, only revealing details just before execution without impacting network transparency.

However, this is a difficult feat. Decrypting transactions directly on validators is the only way to avoid extra trust assumptions, but doing so efficiently across a live, high-throughput network is a tough ask.

To address this challenge, the Aptos Labs research team has developed a new batched threshold encryption scheme, extending a recent and rapidly evolving line of work in this area. This construction enables validators to collectively decrypt entire batches of transactions in a single operation, dramatically reducing both communication and computation overhead by orders of magnitude.

The system will integrate seamlessly into the Aptos consensus protocol, allowing validators to pipeline most of the computation while maintaining full security guarantees.

The result: Anyone can submit transactions to the encrypted mempool with the flip of a button, no impact to latency, and with the same trust assumptions as the security of the network.

Further details will be shared in an upcoming academic paper.

How It Works: Background

Aptos is a proof-of-stake blockchain with decoupled execution and a leader-based consensus. In each round, a designated leader proposes a block of transactions to the network. Validators then vote in two phases to order the block. Once ordered, the block is executed and written to storage.

The Encrypted Mempool allows users to submit transactions as ciphertexts, payloads encrypted so that their details remain hidden until execution.

To perform this, at least in theory, we can rely on threshold cryptography. As explained in the Aptos Roll blog post, the network operates in intervals known as epochs, under which the set of validators is constant. Before each epoch starts, the validators can run a distributed key generation (DKG) protocol to share a decryption key among themselves, so that any transaction payload ciphertext encrypted using the corresponding encryption key can only be decrypted if a majority of the stake decide to decrypt.

When voting on a block, each validator can produce a partial decryption (its cryptographic vote) for every encrypted transaction in the block to reveal the encrypted payloads. Once a threshold of votes is reached, the plaintexts can be reconstructed. Thus, finalizing a block naturally aligns with decrypting its transactions.

This process works in theory, but it creates major performance challenges at scale:

• Communication overhead: To reconstruct the plaintext payload for a block, each validator must individually broadcast a partial decryption to every other validator, for each encrypted transaction. This means a large communication overhead during voting. Specifically, the communication blowup per validator is O(nB), where n is the number of validators in the network, and B is the number of encrypted transactions in the block.
• Computation overhead: As with the communication load, the computation load of payload reconstruction scales both with the number of validators and the number of encrypted transactions in a block. Again, specifically, the computation is O(nB) per validator.
• Latency: Because privacy must hold until after ordering, reconstruction happens between ordering and execution, directly increasing block latency.

At network scale, these costs make encrypted transactions impractical.

Batched Threshold Decryption

The Aptos Labs research team solved this with a new variant of batched threshold decryption. Instead of decrypting every transaction individually, validators can compute a single partial decryption for an entire batch of ciphertexts. This partial decryption is constant in size (independent of batch size) reducing both computation and communication from O(nB) to O(n + B) and O(n), respectively.

Once a threshold of partial decryptions is collected, validators can derive a batch-specific decryption key that can decrypt only the ciphertexts in that batch. This reconstruction also takes O(n) time, making the process efficient enough for real-world throughput.

Our scheme further improves usability and security:

• Most computation can be done upfront, as soon as the batch is known. Validators can pre-compute while voting occurs, leaving only a lightweight online phase (less than 20ms per batch).
• Clients only need the per-epoch validator encryption key, independent of consensus round or slot. There’s no need to resubmit transactions or compete for encryption slots, eliminating usability bottlenecks and denial-of-service risks.
• Partial decryptions from one round cannot be reused in another, preventing replay attacks and ensuring cryptographic soundness.

By integrating this system directly into the Aptos consensus protocol, encrypted transactions can now be processed securely and efficiently, with minimal impact on end-to-end latency.

Conclusion

The Aptos Encrypted Mempool ensures that what you trade, when you trade, and how you trade, remain confidential information until execution.

No frontrunning. No information leakage. No trade-offs in speed or trust.

For decentralized exchanges like Decibel, this changes the game. Every order submitted through Decibel can now move through the network with complete confidentiality until it is recorded in a block, protected at the protocol level.

References

[1]: Mempool Privacy via Batched Threshold Encryption: Attacks and Defenses, by Arka Rai Choudhuri, Sanjam Garg, Julien Piet, Guru-Vamsi Policharla.

[2]: TrX: Encrypted Mempools in High Performance BFT Protocols, by Rex Fernando, Guru-Vamsi Policharla, Andrei Tonkikh, and Zhuolun Xiang.