Why is the entire Ethereum community discussing TEE?

Author: Jason Chaskin Source: paragraph Translation: Shan Oppa, Golden Finance

If you are not following the progress of Ethereum research, a Trusted Execution Environment (TEE) may make you feel strange. But at the infrastructure level, TEE development has been underway for more than two years . Flashbots first proposed the concept of TEE in its December 2022 article " The Future of MEV is SUAVE ", with the aim of democratizing MEV access and enhancing censorship resistance . After years of research, they launched BuilderNet to put this vision into practice.

While studying TEE for MEVs, Flashbots saw their broader potential in Ethereum, resulting in Rollup-Boost, a TEE-powered sidecar that enables rollup to innovate on its VMs while remaining current There is framework compatibility. Other L2 teams are also integrating TEE. Taiko uses them as primary proofs in its bridges, and Scroll is adding TEE-based proofs to its multi-proof system. The idea of ​​using TEE in a bridge proof system is not out of thin air. The same month after Flashbots published the article, Justin Drake explored TEE as a “2FA” mechanism for rollups in an ethresear.ch article. This article will introduce what TEEs are, how they work, and their increasingly important role in Ethereum infrastructure.

TEE provides secure hardware-based computing by isolating code and data while allowing external verification of integrity. They evolved from early trust models that rely on operating systems and virtual machines for isolation. TEE comes in different forms: the iPhone’s secure zone handles encryption tasks, Intel SGX enables secure zones for applications that handle sensitive data, and Intel TDX extends this model to protect the entire virtual machine. While they provide more security than trusting centralized operators, especially in cloud environments, they are closed source and require trust manufacturers. This usually creates a 1-to-1 trust model where hardware intrusions can undermine security, although the level of trust required depends on implementation. TEE is also vulnerable to sidewalk attacks, physical tampering, and supply chain risks, so each use case must be carefully evaluated.

TEE is not the perfect solution, but in the right case, the benefits outweigh the risks, especially if existing systems fail by default. The pace of promoting the development of secure hardware is not limited to encryption. OpenAI advocates improving TEE, and Apple is developing a private cloud based on hardware. Just as Ethereum is committed to reducing the trust assumption, Flashbots is doing the same for TEE. They published research on why this approach is worth exploring and how to build trustless supply chains. If you are a hardware security expert, please contact Flashbots to contribute.

The existence of MEV is the result of network design where those who provide services for adding new blocks (or initially miners) can influence the order of transactions to make a profit. If left uncontrolled, this will lead to centralization and the dominant validators will gain excessive influence. To prevent this from happening, Flashbots set out to democratize MEV extraction. A key driver of MEV is that validators running in low-latency environments can observe and reorder pending transactions and/or add new transactions to profit. One way to limit MEV extraction is to set transaction details to private. This requires a privacy tool, but zk-SNARK and other encryption technologies, while promising, are too slow to be flexible enough for real- time block building, or are not ready to go into production. Due to insufficient software solutions, Flashbots turned to TEE.

Flashbots first built blocks with Intel's SGX in March 2023, and later expanded to build and search in Intel's TDX. TEE brings privacy advantages by allowing order flow to be selectively confidential. For example, a transaction can show that the user wants to swap USDC to ETH without revealing his identity or transaction size. This prevents mezzanine transactions while still allowing repurchase arbitrage. TEE can implement verifiable block building on private transactions, ensuring efficient block building without compromising user privacy.

PBS prevents validator centralization, but today only two builders generate 92% of Ethereum blocks, reducing censorship resistance and activity. To address this issue, Flashbots launched BuilderNet in November 2024, with Beaverbuild, Flashbots and Nethermind being the first to participate. BuilderNet allows multiple operators to share order flows and build blocks together, freeing MEVs from exclusive transactions and making block building more open and decentralized.

Beaverbuild’s involvement is particularly striking as they are currently the largest builders and have been looking for exclusive order flow deals for years. Their decision to join BuilderNet marks a shift from private MEV protocols to a more transparent and competitive market. While it seems surprising that the dominant builders abandon their strengths, the economic benefits of exclusive order flow are not as profitable as they seem. Suppliers usually negotiate high refund percentages, retaining 90-95% of the MEV value, while builders have weak profits. Additionally, Beaverbuild’s team started as a searcher, operating builders primarily to maximize their own order flow. With BuilderNet's transparent refund system, they no longer need vertical integration to acquire value, allowing them to regain their searcher's strengths. In addition to economic incentives, they also see it as the right move for Ethereum’s long-term health, and they are more willing to contribute to the positive and ecological system than to compete for exclusive order flow transactions.

However, as of now, Beaverbuild is still running its centralized setup in parallel with BuilderNet, and all its order flows are currently flowing to the former. This is not a deviation from the plan, but a phased transition.

I asked Shea Ketsdever of Flashbots this question, and she said they are working closely with Beaverbuild to benchmark performance and run tests to ensure a smooth transition, and the order flow is expected to be transferred to BuilderNet in the first quarter of 2025. This is something worth paying attention to.

TEE does this by ensuring that MEVs are transparently redistributed and allowing untrusted builders to collaborate without giving either party an advantage. Each operator runs an open source builder within TEE, encrypting and fairly handling all order flows. Unlike today’s decentralized systems, BuilderNet ensures that no builder has privileged access, making it trustless and verifiable.

This transfers MEV capture from private protocols to open systems where wallets, apps and searchers can receive fair refunds. Even searchers who usually keep order flows private are incentivized to use BuilderNet for transparent payments. Currently, a single operator submits the final block, similar to MEV-Boost relay, but future upgrades will allow multiple operators to collaborate on building blocks, making MEV extractions more decentralized and fair.

For more information about BuilderNet, Robert has discussed it in the Uncommon Core and the Infinite Jungle podcast.

Flashbots also uses TEE in Rollup-Boost, a sidecar system for L2 sorters that enables faster confirmation, verifiable sorting, and higher programmability. TEE prevents the sorter from manipulating transactions while allowing private memory pools and trustless execution. Since Rollup-Boost is a sidecar, rollup can retain its existing frameworks (such as OP Stack or ZK Stack) while adding new features. This solves a key problem in the rollup-centric roadmap, that most L2s simply forked Geth and followed L1 upgrades rather than driving real innovation. Rollup-Boost supports experimentation without rollup maintenance of a separate client.

Uniswap's upcoming L2 Unichain will be the first to use Rollup-Boost, with Flashblocks and verifiable priority sorting. Flashblocks enables 250ms confirmation time, native recovery protection, and higher gas throughput, while verified priority sort allows applications to internalize their MEVs. Sidecar uses an extension to process transactions and then returns the finalized blocks to the sorter for publication on Ethereum L1. Future extensions include encrypted memory pools, TEE validity proofs and TEE collaborative processing.

For more information about Rollup-Boost, Robert also discussed it in another episode of Uncommon Core and Infinite Jungle.

TEE is being integrated into the L2 bridging proof system to complement the ZK proof, which, while providing strong security, is complex and error-prone. If problems arise, relying on a single prover increases the risk of catastrophic failure. To mitigate this, the team is exploring the addition of TEE-based proof as an additional layer of verification to reduce the possibility that invalid states are finalized.

TEE and ZK prove to run independently, ensuring redundancy. If one system encounters an error or security vulnerability, another system can provide a backup solution to prevent invalid state transitions from finally completing. In this case, the Safety Committee can intervene before the problem escalates.

Scroll has collaborated with Automata to develop an open source TEE proofer based on SGX, which has been used to verify testnet blocks. Scroll's next steps include integrating a dual proof system, implementing a dispute resolution mechanism, and forming a TEE Proof Committee. As part of this process, Scroll is exploring ways to further decentralize TEE proofs, similar to Ethereum’s distributed validator technology, ensuring that no hardware manufacturer is the center of trust.

Taiko uses a hierarchical proof system. Initially, TEE provides fast verification by running a lightweight execution client that verifies state transitions and signs results with ECDSA for on-chain verification. During the cooling period, the ZK proof can challenge the TEE proof. To ensure correctness, the proofor must pledge the margin, and if their proof is invalid, the margin will be forfeited. While centralized security backup options exist in the early stages, Taiko plans to phase out it and transition completely to ZK-based verification.

While zkEVM is still improving, TEE proof implements this multiple proof system by providing an additional layer of security. They provide a fast, cost-effective way to verify state transitions without relying entirely on ZK proofs, ensuring that the system remains secure and active even if the ZK proofs fail.

TEE is rapidly becoming an important part of Ethereum infrastructure, addressing security, privacy and decentralization challenges in MEV, rollup, and bridge. As these systems mature, they can redefine Ethereum’s trust model while bridging the gap until the encryption solution fully expands.