Sealed transactions

Proof-of-Stake
14

Thanks for your feedback @and882 (and once again thanks to @Marchhill).

Generalizing Sealed transactions

I do believe there are benefits and drawbacks of all decryption schemes. However, to better understand the contributions of this proposal, it can be interesting to first take a step back and look at the similarities that exist between Sealed transactions and the Shutterized beacon chain:

  1. Some form of sealed tx is broadcasted acting as a commitment
  2. …and included in a block.
  3. Within a defined time period, an unsealed tx is broadcasted
  4. …and subsequently included top-of-block.

Sealed transactions however differ in that:

  • the protocol does not provide the means for decryption,
  • the protocol does provide enshrined oversight of the release of the unsealed tx, relieving the proposer of its duties if this tx is not provided. This is ensured by the fork-choice enforcement mechanism.

This distinction is particularly useful in the context of generalizing encrypted mempools. Given some standardized format for the commit–reveal scheme, there would be nothing stopping a transactor from independently using threshold decryption for unsealing the tx in (3). They could for example engage a restaking service such as EigenLayer to this end. Some users may prioritize broad staker coverage for Sybil resistance, others may prefer a diverse set of identifiable parties, and some will ultimately favor a fully trustless solution. Delay encryption could also be leveraged in various setups—it is hard to predict beforehand which among these that will be the most favorable. The consensus layer does not need to have an opinion on this matter and does not need to enshrine one specific decryption scheme. It can merely provide a framework that can be used by any scheme, including the proposed trustless variant.

Re-reading your recent roadmap post, it seems you are indeed looking to a future where the encryption mechanism can be generalized.

Importantly, fork-choice enforcement as in Sealed transaction does away with the requirement:

With in-protocol oversight of unsealed txs, the protocol can afford to be more permissive, allowing users to manage decryption themselves. My reading of the shutterized beacon chain is that there is no such oversight, but happy to be corrected.

In conclusion, in-protocol oversight of the decryption step seems like an important component of a fully generalized encrypted mempool, and the Sealed transactions mechanism can be leveraged to this end.

Answers to other questions

Given that the protocol does not permit a tx to be included several times, the sealed tx cannot be used after having being included. If the user needs to know beforehand in which slot the sealed tx will be included, UX is degraded or protocol complexity increases.

Assuming no delay, the protocol will insist that any unsealed txs go into the next block, if the previous block contained the sealed tx. This is the point of the fork-choice enforcement illustrated in Figure 1 in the post, where attesters make observations at T_3 and enforce these observations at T_5.

1 Like