Batch Threshold Encryption (BTE) is based on basic concepts such as threshold cryptographythat enable secure collaboration between multiple parties without revealing sensitive data to any single participant. BTE is an evolution of the earliest TE encrypted storage schemes, such as Shutter, that we discussed earlier. For now, all existing work on BTE remains at the prototype or research stage, but if successful, it could shape the future of decentralized ledgers. This creates a clear opportunity for further research and potential adoption, which we will discuss in this article.

In most up-to-date blockchains, transaction data is publicly perceptible in memory before it is sequenced, executed, and confirmed in a block. This transparency creates opportunities for sophisticated parties to engage in mining practices known as maximum extraction value (MEV). MEV exploits the block requester’s ability to reorder, include, or omit transactions for financial gain.

Common forms of MEV exploitation, such as frontrunning and sandwich attacks, remain ubiquitous, especially in Ethereum, where during the October 10 flash outage, an estimated $2.9 million was withdrawn. True measurement of total extractable MEV remains challenging because about 32% of these attacks were privately communicated to miners, and some involved over 200 related sub-transactions in a single exploit.

Some researchers have tried to prevent MEV with memory designs in which pending transactions are encrypted until the block is finalized. This prevents other blockchain participants from seeing what transactions or actions users transacting intend to take. Many encrypted memory proposals utilize some form of threshold encryption (TE) for this. TE shares a secret key that can reveal transaction data between several servers. As with multisig, a minimum number of signatories must work together to connect their key shares and unlock the data.

Why BTE matters

Standard TE has difficulty scaling effectively because each server must decrypt each transaction separately and broadcast a partial share of the decryption for it. These individual shares are recorded on-chain for aggregation and verification. This creates a communication overhead on the server that slows down the network and increases chain congestion. BTE addresses this limitation by allowing each server to provide a single, fixed-size decryption share that unlocks the entire batch, regardless of size.

First functional version of BTE, developed by Arka Rai Choudhuri, Sanjam Garg, Julien Piet and Guru-Vamsi Policharla (2024) used the so-called Scheme of KZG liabilities. It allows a server committee to lock a polynomial function on a public key, while keeping the function initially hidden from both users and committee members.

Decrypting public key encrypted transactions requires proving that they fit the polynomial. Since a constant-degree polynomial can be fully evaluated from a fixed number of points, the servers only need to exchange a compact amount of data together to provide this proof. Once they have established a common curve, they can send a single, concise message from it to unlock all transactions in the batch at once.

Importantly, transactions that do not fit into the polynomial remain blocked, so the committee can selectively reveal a subset of encrypted transactions while leaving others hidden. This ensures that all encrypted transactions outside the batch selected for execution remain encrypted.

Current TE implementations such as Ferweo AND MEVadecould therefore integrate BTE to protect privacy for non-batch transactions. BTE also fits naturally into Layer 2 rollups such as Mestizo, Espresso AND Radiusthat already pursue honesty and privacy through time-delayed encryption or trusted sequencers. By using BTE, these rollups could provide a trustless ordering process that would prevent anyone from exploiting trade visibility for arbitrage or liquidation purposes.

However, this first version of BTE had two main drawbacks: it required a complete re-initialization of the system, including a up-to-date round of key generation and parameter setting every time a up-to-date batch of transactions was encrypted. Decryption consumed a significant amount of memory and processing power as the nodes worked to combine all the partial shares.

Both of these factors limit the practicality of BTE; for example, the required repeated DKG executions to refresh committees and process blocks made the program effectively prohibitive for mid-sized permissioned committees, let alone any attempts to scale to a permissionless network.

In cases of selective decryption, where verifiers only decrypt profitable transactions, BTE makes all shares of the decryption publicly available. Thanks to this, everyone can detect unfair behavior and punish the perpetrators by cutting them. Ensures process reliability as long as the forthright servers threshold is vigorous.

Updates to BTE

Choudhuri, Garg, Policharla, and Wang (2025) made the first upgrade to BTE to improve server communication through a scheme called one-time BTE configuration. This scheme required only one initial Distributed Key Generation (DKG) a ceremony that runs once on all decryption servers. However, a multi-party calculation protocol was still required to establish the liability for each batch.

The first truly timeless BTE program appeared in August 2025 when Bormet, Faust, Othman and Qu introduced BEAT-MEV as a single, one-time initialization that can support all future batches. This was achieved using two advanced tools, pierceable pseudorandom functions and threshold homomorphic encryption, which allowed servers to reuse the same configuration parameters indefinitely. Each server only had to send a compact portion of the data during decryption, thus keeping server communication costs low.

Overview of expected results

Meanwhile, another newspaper called BEAST-MEV introduced the concept of hushed batch encryption (SBTE), which eliminated the need for any interactive configuration between servers. This replaced multiple coordination with a non-interactive, universal one-time configuration that allows nodes to operate independently.

However, the subsequent combination of all partial decryptions still required intensive, interactive computation. To solve this problem, BEAST-MEV borrowed BEAT-MEV’s subparting technique and used parallel processing to enable the system to decrypt enormous batches (up to 512 transactions) in less than one second. The table below summarizes how each subsequent BTE design improves on the original BTE design.

The potential of BTE also applies to protocols such as Cow swap which already mitigate MEV through bulk auctions and intent-based matching, and yet still expose part of the order flow to public storage resources. BTE integration before solution submission would bridge this gap and ensure transaction privacy from start to finish. For now, Shutter Network remains the most promising candidate for rapid deployment, and other protocols will likely be introduced as the deployment framework becomes more mature.

This article does not contain investment advice or recommendations. Every investment and trading move involves risk, and readers should conduct their own research when making a decision.

This article is for general information purposes and is not and should not be treated as legal or investment advice. The views, thoughts and opinions expressed here are solely those of the author and do not necessarily reflect or represent the views and opinions of Cointelegraph.

Cointelegraph does not endorse the content of this article or any product mentioned in it. Readers should conduct their own research before taking any action with any product or company mentioned and take full responsibility for their decisions.