What if Ethereum’s core development team were to suddenly disappear? Or what if a sovereign state demanded censorship of certain transactions? Would Ethereum still stay open?
These questions may sound extreme, but they are increasingly becoming real design constraints for Ethereum’s protocol.
In early March, Vitalik Buterin proposed a new framing, arguing that the Ethereum community should see itself as part of a broader ecosystem of “sanctuary technologies”: free, open-source tools that help people live, work, communicate, manage risk, build wealth, and coordinate around shared goals—while maximizing resilience to external pressure.
At first glance, this may sound like an abstract shift in values. But viewed in the context of Ethereum’s recent protocol evolution, it points to a very concrete set of engineering problems:
As block building becomes more specialized, control over transaction ordering becomes more concentrated, and the public mempool becomes more vulnerable to sandwich attacks and front-running, how can Ethereum continue to defend one of the core principles of an open network—that users’ transactions should not be easily shut out by a small group of actors?
1. Vitalik Coins a New Term: “Sanctuary Technologies”
Vitalik’s starting point this time is unusually candid.
Rather than repeating grand claims about “changing the world,” he acknowledges that Ethereum’s impact on ordinary people’s daily lives remains limited. On-chain finance may be more efficient, and the application ecosystem may be richer, but many of those gains remain largely within crypto itself.
That is why he proposes a new way to frame Ethereum: rather than seeing it as merely a financial network, we should understand it as part of a broader ecosystem of sanctuary technologies.
By his definition, these technologies tend to share several traits: they are open-source and free, anyone can use or copy them, they help people communicate, collaborate, manage wealth and risk, and—most importantly—they can keep operating even under government pressure, corporate blockades, or other forms of external interference.
Vitalik even offers a vivid analogy: a truly decentralized protocol should be more like a hammer than a subscription service. Once you buy a hammer, it is yours. It does not suddenly stop working because the manufacturer went bankrupt, nor does it one day pop up with a notice saying, “This feature is no longer available in your region.”
At its core, if a technology is meant to provide sanctuary, it cannot depend on the continued existence of a centralized organization. Nor can it leave users stuck in the passive role of service recipients.
Source: CoinDesk
This naturally brings to mind another standard Vitalik has often used to evaluate Ethereum’s long-term value: the walkaway test. It asks a very simple question: if all of Ethereum’s core developers disappeared tomorrow, would the protocol still function normally?
This is not a slogan, but an exceptionally demanding standard for decentralization. What it really asks is not whether there is a decentralization narrative today, but whether the system can still hold up in the worst plausible future.
Applied to the block production layer, the answer becomes very concrete: if a chain is to pass the walkaway test, the power to include transactions cannot remain concentrated in a few hands over the long term. Nor can public transaction flow remain inherently exposed to front-running, sandwich attacks, and censorship.
That is the backdrop for why FOCIL and encrypted mempools have moved to the center of Ethereum’s discussions.
2. Censorship Resistance Returns to the Center of the Protocol: FOCIL + Encrypted Mempools
To understand this, we need to take a closer look at the problems Ethereum’s public mempool currently faces.
Over the past few years, Ethereum’s block-building layer has become increasingly specialized. To improve efficiency and maximize MEV extraction, builders have taken on a much larger role. Block production no longer looks like the idealized model in which every validator builds blocks independently and locally. That shift brings real benefits—but the trade-offs are just as clear:
Once block-building power becomes concentrated in the hands of a few powerful participants, censorship is no longer just a theoretical risk. In principle, any major builder could selectively refuse to include certain transactions, such as transfers sent from sanctioned Tornado Cash addresses.
In other words, Ethereum’s challenge today is no longer just about fees or throughput. It is also about whether ordinary users can still trust its public transaction infrastructure.
This is why FOCIL—Fork-Choice Enforced Inclusion Lists—is Ethereum’s protocol-level response to the censorship problem. The idea is fairly simple: by introducing an Inclusion List mechanism, timely transaction inclusion no longer depends entirely on the unilateral decision of the proposer or builder.
In each slot, an Inclusion List Committee is selected from the validator set. Based on the mempool each member can see, the committee forms and broadcasts a list of transactions to be included. The proposer in the next slot must then build a block that satisfies those inclusion constraints, while attesters will only vote for blocks that meet them.
Put differently, FOCIL does not eliminate builders. Instead, it uses fork-choice rules to provide stronger inclusion guarantees for valid transactions in the public mempool. Builders can still optimize ordering and still improve efficiency and profits around MEV—but they no longer get to decide whether a legitimate transaction is even allowed into a block.
Although it remains controversial, FOCIL has already been confirmed as a core consensus-layer proposal for the next major upgrade, Hegotá, with Specification Freeze Included status. It is expected to be activated in the second half of 2026, after the Glamsterdam upgrade.
That said, FOCIL does not solve another equally important problem: before a transaction is actually included in a block, it may already be fully exposed to the market. MEV searchers can then front-run, sandwich, or reorder it. DeFi transactions are especially vulnerable. For ordinary users, that means even if a transaction is not censored, it may still be targeted and exploited before it ever makes it on-chain.
That is the root cause of sandwich attacks.
The main proposals currently under discussion are LUCID, proposed by Ethereum Foundation researchers Anders Elowsson, Julian Ma, and Justin Florentine, and EIP-8105, the Universal Enshrined Encrypted Mempool. The EIP-8105 team has also recently announced full support for LUCID, and the two teams are now advancing the effort together.
The core idea behind an encrypted mempool is simple:
- When a user sends a transaction, its contents are encrypted.
- The transaction is only decrypted after it has been included in a block and reached a certain level of confirmation.
- Until then, searchers cannot see the transaction’s intent and therefore cannot carry out sandwich attacks or front-running.
- As a result, the public mempool becomes “safe and usable” again.
As researchers have put it, ePBS (enshrined proposer-builder separation), FOCIL, and encrypted mempools together form the “Holy Trinity of Censorship Resistance”: a complete framework for systemic defense across the entire transaction supply chain.
At present, FOCIL is already confirmed for Hegotá, while the encrypted mempool proposal, LUCID, is still being actively considered as another headline proposal for the same upgrade.
3. What Does All This Mean?
From a wider perspective, FOCIL and encrypted mempools are not just new terms in another round of Ethereum upgrades. They are better understood as a signal:
Ethereum is putting censorship resistance back at the center of protocol design.
The blockchain industry talks constantly about decentralization. But when a transaction is one day actually censored—blocked, intercepted, or simply made to disappear from the network—most users suddenly realize that decentralization was never the default. It is something that has to be secured in protocol code.
On February 20, Vitalik noted that FOCIL has important synergies with Ethereum’s account abstraction proposal EIP-8141, which is based on 7701. EIP-8141 elevates smart accounts—including multisigs, post-quantum signatures, key rotation, and gas sponsorship—to first-class status, meaning operations from these accounts can be included directly as on-chain transactions without additional wrapping.
Some may question whether these trade-offs are worth it: FOCIL adds protocol complexity, and encrypted mempools may introduce efficiency costs.
But that is exactly what makes sanctuary technologies so important. The truly unique value of blockchains may never have been just putting assets on-chain or making transactions faster. It may instead lie in whether they can continue to provide people with a permissionless digital exit—one that is hard to shut down and hard to take away—even under pressure.
From that perspective, the significance of FOCIL and encrypted mempools becomes clear: they aim to turn things that once depended on goodwill, spontaneous market balance, or simply the hope that nothing would go wrong into harder, more durable protocol rules.
When countless users can live, work, communicate, manage risk, and build wealth freely on this “digital island of stability,” without worrying about being expelled or censored by any centralized entity—only then will Ethereum truly have passed the Walkaway Test.
And that is the ultimate meaning of sanctuary technologies.