Sealed-Bid Auctions with Enclave

How Encrypted Execution Environments (E3) enable a new class of onchain auctions, preserving bid privacy and eliminating the need for a trusted auctioneer.

      O     O     O     O       O    O    O    O     O     O      O  
   O     O     O     O     O  _________   O     O     O     O     O  
      O      O    O     O  /             \  O     O    O     O     O
   O     O     O    O     |   ________    |     O     O     O     O    
 O     O    O      O     |  /        /|   |       O    O     O     O  
      O      O      O    | /        / |   |   O     O      O     O    O    
   O      O     O     O  |/________/  |   |  O     O     O     O     O     
      O      O      O     |           |/  |     O     O     O     O     
  O      O     O     O     \_________/   / O     O     O     O     O    
     O    O     O      O    \ \------/  /    O     O      O     O     O    
O     O      O    O     O    \ \----/  /       O    O      O     O    O    
   O      O      O     O      \ \--/  /  O     O     O     O     O     O  
      O      O     O     O     \ \/  /      O     O     O     O     O     
      O        O     O     O       O    O    O    O     O     O      O  
      O     O     O     O       O    O    O    O     O     O      O  

Auctions are some of the most ubiquitous mechanisms in web3. They are used to find fair prices for new assets, sell rare objects, liquidate collateral, allocate priority, and select operators. As DeFi evolves, auctions of various shapes and sizes have become fundamental to onchain environments, playing a critical role in distributing value fairly and keeping protocols secure. These auction mechanisms are not just technical constructs; they reflect real economic and social issues like fairness, transparency, and efficiency.

Today, key use cases for onchain auctions include:

  • Liquidations (CDP, Collateral): Protocols like Sky Ecosystem (fka MakerDAO) and Celo use auctions to liquidate collateral efficiently, clearing bad debt from under-collateralized loans.
  • Token Launches: Platforms such as Balancer and Gnosis Auction leverage auctions to distribute tokens fairly and prevent centralized control or manipulation.
  • NFT Sales: Auctions help marketplaces like OpenSea and Verse drive fair price discovery and competitive bidding for NFTs.
  • Solver Competitions: Protocols like CoW aggregate intents into batches and auction them to solvers, who compete to offer the highest surplus for fulfilling the orders.
  • MEV Solutions: Flashbots and Eden run block space auctions to reduce frontrunning in MEV extraction.
  • Protocol Maintenance: Protocols like Curve Finance use auctions where keepers can bid on tasks like reward distribution and liquidity rebalancing.

However, despite being composable and independently auditable, open auctions like these can lead to sub-optimal economic outcomes. Vickrey auctions, also known as sealed-bid second-price auctions, are widely considered the most efficient auction format, producing the best outcomes for all participants (especially in repeated auctions). But Vickrey and other sealed-bid auctions remain largely under-explored in DeFi due to the technical challenges of implementing multi-party privacy-preserving systems atop transparent rails.

As a result, there has been a tendency to rely on open auction formats, where bids and strategies are visible, and frontrunning and collusion are enabled, ultimately leading to capital inefficiencies as participants overcommit to secure their bids. These power dynamics can distort outcomes, create misaligned incentives, and eventually reduce participation when bids risk exposure or manipulation.

Addressing these privacy gaps and their challenges is a critical step toward the growth and maturation of auctions and DeFi in general.


Enclave: Bringing Sealed-Bid Auctions Onchain

Enclave’s Encrypted Execution Environments (E3) address DeFi’s transparency challenges by making legitimately sealed-bid auctions possible onchain. While some forms of sealed-bid auctions exist onchain, current implementations either require revealing all bids at some stage or rely on a trusted auctioneer to privately manage them. E3s, however, perform operations on encrypted bids and only disclose what’s necessary, such as the winning bid. This ensures privacy and security without sacrificing fairness or efficiency, while also addressing common issues like frontrunning and trust dependence.

Key benefits of this approach include the following:

  • Bids remain private, with only necessary details revealed: Enclave uses fully homomorphic encryption (FHE) to keeps bid data encrypted throughout the entire auction process, revealing only what’s required for the auction type (e.g. the winning bid and bidder). This ensures complete confidentiality — no intermediary ever sees the raw data. Participants can submit bids knowing their bidding strategies remain hidden and protected.
  • Auction integrity is secured without exposing bid data: Enclave leverages zero-knowledge proofs (ZKPs) and distributed threshold cryptography (DTC) to ensure bid integrity and mitigate tampering. Even though bids remain private, these cryptographic techniques offer strong guarantees that the auction process remains fair and secure.
  • Results are fully verifiable, eliminating the need for a trusted auctioneer: Enclave ensures that every critical step in the auction process is verifiable and provable using ZKPs and an external compute provider. This assures participants that the auction results are accurate and trustworthy, without requiring bid transparency or a trusted auctioneer.

By enabling fully private sealed-bid auctions, Enclave brings key advantages like more efficient capital usage, stronger security, and protection against frontrunning. This creates a secure and private bidding environment where participants can bid with confidence. For organizations, Enclave opens new possibilities for running secure onchain auctions, promoting broader participation and fostering a more equitable ecosystem.


How Sealed-Bid Auctions Work with Enclave

Phase 1: An E3 Is Requested for an Auction

The process begins when an entity, such as an auctioneer, auction platform, or auction house, initiates a request through Enclave (step 1 in the diagram above). This request specifies key auction parameters, including the computation needed to determine the winning bid, the number of nodes — called Ciphernodes — requested to secure the process, and the auction’s duration. The auctioneer also places a deposit to ensure proper rewards for the Ciphernodes and compute providers involved. This creates an Encrypted Execution Environment (step 2), which is only active for the auction’s duration.

Phase 2: Ciphernodes Are Selected to Secure the Process

Once the auction request is submitted, Ciphernodes are selected through a random process called sortition to form a Ciphernode Committee (step 3). These Ciphernodes use DTC to collectively generate and publish a single-use shared public key for encrypting the bids (step 4), ensuring no single party can decrypt the bids while maintaining the confidentiality and security of the auction data.

Phase 3: Participants Submit Encrypted Bids

During the auction window, participants submit their bids, encrypted using the shared public key generated by the Ciphernodes (step 5). Each bid includes a ZKP to verify that it is valid and correctly formatted without revealing the actual bid. These encrypted bids are secured within the E3 until the auction deadline.

Phase 4: Encrypted Bids Are Processed by the E3

Once the submission window closes, the selected compute provider (e.g. RISC Zero, Succinct’s SP1, Kleros) runs the auction computation — for instance, determining the highest bid — using FHE (step 6). The entire process occurs without decrypting the bids, and ZKPs are generated to verify auction rules are followed without exposing sensitive data. The provider then publishes the encrypted results onchain (step 7).

Phase 5: Auction Results are Verified and Published

After the results are published, the Ciphernodes decrypt the auction results (e.g., the winning bid or other auction metrics) through a distributed decryption process (step 8). This ensures that no single entity controls the decryption, preserving the integrity and security of the auction. Once the required number of decryption shares are published (step 9), anyone can aggregate them to produce the auction results as plaintext (step 10). Ciphernodes then securely dispose of the decryption keys to prevent future access to the bids.


Key Advantages of Sealed-Bid Auctions

Enclave's privacy-preserving architecture offers distinct advantages for onchain auctions:

✅ Efficient Capital Usage: Sealed-bid auctions keep bids confidential, reducing the need for participants to overcommit funds. This leads to more efficient use of capital, which is especially important in contexts like liquidations and protocol maintenance.

✅ Frontrunning Protection: By keeping all bids encrypted until the auction concludes, Enclave prevents frontrunning, increasing fairness in contexts like MEV and token launches.

✅ Fair and Secure Environment: Enclave's cryptographic guarantees ensure bids are tamper-proof, fostering a fair and independent auction environment, which is vital for competitive bidding in NFT sales and similar use cases.

✅ Aligned Incentives: Only the auction results are revealed, preventing exploitation and aligning incentives across participants, benefiting solver competitions and ensuring unbiased outcomes.

✅ Increased Participation: With a secure and private bidding environment, Enclave encourages broader participation by relieving security concerns and protecting personal bidding strategies/data.


Build Auctions with Enclave

Onchain auctions are essential to DeFi, but without privacy, they are vulnerable to manipulation, frontrunning, and inefficiency. Enclave addresses these and other challenges by making truly sealed-bid auctions possible onchain. From Vickrey to batch to other latency-insensitive auction formats, Enclave ensures bids are kept private, auction operations are secure, and results are verifiable without a trusted operator, reconfiguring the dynamics of onchain auctions around privacy, fairness, and efficiency.

To learn more about implementing sealed-bid auctions with Enclave, join the Enclave Telegram group. This is the perfect time to partner up and build alongside us!

Enclave is an open-source protocol for Encrypted Execution Environments, with Gnosis Guild as its initial development team. Follow Enclave on social media (XFarcaster) for updates and subscribe for articles and announcements. For partnership inquires, business opportunities, and more, join the Enclave Telegram group.

Subscribe to Enclave