Aptos Labs has submitted AIP-144 to Aptos governance, proposing to encrypt pending transactions at the protocol level before they reach block builders. If passed, the upgrade would make Aptos what Aptos Labs calls the first major Layer 1 to enforce transaction intent confidentiality natively, with no opt-in and no third-party routing required. The feature is live on Aptos devnet; testnet and mainnet rollout awaits governance approval.
MEV (maximal extractable value) is profit extracted by reading and reordering pending transactions before they settle. Existing defenses like Flashbots Protect and private RPC routes operate at the application layer: users must opt in, and those who don't remain exposed. AIP-144 moves the defense to the node. Every transaction enters the mempool with its Move payload encrypted, regardless of how it was submitted.
How it works
The technical design uses threshold encryption across the validator set. Validators run a distributed key generation (DKG) protocol at the start of each epoch. Transaction amounts, target tokens, and contract call arguments are encrypted before reaching the mempool; sender address, gas parameters, and signatures remain publicly visible. At execution time, a majority of stake collectively decrypts each batch, so no single validator can read trade intent before settlement. Aptos Labs reports the pre-computation step adds less than 20 milliseconds per batch.
What it prevents
Because amounts and target tokens are hidden until settlement, sandwich attacks cannot be constructed: they require reading mempool intent before inclusion, and that information is unavailable. The same opacity prevents validators from censoring addresses based on transaction content they cannot see.
