Vitalik's "Shelter Technology" Declaration: How does Ethereum incorporate censorship resistance into the protocol?

If one day the core development team of Ethereum were to “disappear” collectively, or if a sovereign nation demanded to censor specific transactions, could Ethereum still remain open?

These questions sound like extreme hypotheticals, but they are increasingly becoming a realistic reference point in Ethereum protocol design.

In early March, Vitalik Buterin proposed a new framing, stating that the Ethereum community should see itself as part of an “sanctuary technology” ecosystem: these free, open-source technologies enable people to live, work, communicate, manage risks, and build wealth, while collaborating toward common goals and maximizing resistance to external pressures.

This framing appears to be an abstract upgrade of core values, but when viewed in the context of Ethereum’s recent protocol evolution, it corresponds to very concrete engineering issues:

As block construction becomes more specialized, transaction ordering power concentrates, and the public mempool becomes more vulnerable to front-running and censorship, how can Ethereum continue to uphold its most fundamental principle of an “open network”—that user transactions should not be easily blocked by a few entities?

1. Vitalik Coined a New Term: “Sanctuary Technologies”

Vitalik’s approach this time is marked by rare frankness.

He doesn’t continue with grandiose phrases like “changing the world,” but admits that, to date, Ethereum’s tangible improvements in ordinary people’s lives remain limited. For example, on-chain financial efficiency may have increased, and the application ecosystem has become richer, but many achievements still circulate mainly within the crypto world.

Therefore, he proposes a new perspective: rather than viewing Ethereum solely as a financial network, see it as part of a broader “sanctuary technology” ecosystem.

According to his definition, these technologies typically share several features: they are open-source, free, accessible to anyone; they help people communicate, collaborate, manage risks and wealth; and crucially, they can operate even under government pressure, corporate blockades, or other external interventions.

Vitalik even offers a vivid analogy—true decentralized protocols should be more like a hammer than a subscription service. When you buy a hammer, it’s yours; it won’t suddenly stop working if the manufacturer goes out of business, nor will you see a message one day saying “This feature is no longer available in your region.”

Ultimately, if a technology is to serve as a sanctuary, it cannot rely on a centralized organization’s ongoing existence, nor should it leave users passively dependent on service providers.

Image source: CoinDesk

This naturally recalls Vitalik’s earlier mention of another standard for assessing Ethereum’s long-term value: the walkaway test. This test asks a straightforward question: if all core developers disappeared tomorrow, would the protocol still function properly?

This is not just a slogan but a very strict decentralization standard, because it questions not whether there is a decentralization narrative now, but whether the system can withstand the worst-case future.

Applying this question to block production, the answer becomes very specific: to pass the walkaway test, a chain must prevent transaction control from being concentrated in the hands of a few, and ensure that public transaction flow is not inherently vulnerable to front-running, censorship, or manipulation.

This is precisely the context behind FOCIL and encrypted mempools entering core Ethereum discussions.

2. Censorship Resistance Returns to Protocol Core: FOCIL + Encrypted Mempools

Let’s carefully analyze the current issues facing Ethereum’s public mempool.

Over recent years, Ethereum has become increasingly specialized in block construction. To improve efficiency and MEV extraction, the role of builders has grown more important. Block production is no longer an idealized process where each validator independently constructs blocks; while this has practical benefits, it also has clear costs:

Once block-building power concentrates among a few dominant participants, censorship becomes a real risk. In theory, any major builder could selectively refuse to include certain transactions, such as transfers from sanctioned Tornado Cash addresses.

In other words, Ethereum’s current challenge is no longer just about high fees or throughput, but whether the public transaction infrastructure remains trustworthy for ordinary users.

Therefore, FOCIL (Fork-Choice Enforced Inclusion Lists) is Ethereum’s direct response to censorship concerns at the protocol level. Its core idea is straightforward: by introducing an Inclusion List mechanism, whether a transaction can be included in a block no longer depends solely on the proposer or builder’s unilateral decision.

In each slot, an Inclusion List Committee is selected from the validator set. Committee members, based on their view of the mempool, form a list of transactions to be included and broadcast it; the next slot’s proposer must build a block satisfying these constraints, and attesters will only vote for blocks that meet the list’s criteria.

In other words, FOCIL doesn’t eliminate builders but uses fork-choice rules to provide stronger guarantees that valid transactions in the public mempool will be included. This allows builders to still optimize for ordering and MEV, but they no longer hold the power to decide whether a transaction is eligible for inclusion.

Although controversial, FOCIL has been confirmed as a core proposal for the next major upgrade, Hegotá, with the specification frozen. It is expected to be deployed after the Glamsterdam upgrade, in the second half of 2026.

However, FOCIL does not solve another equally critical issue: before a transaction is actually included in a block, has it already been fully exposed to the market? MEV searchers can front-run, sandwich, or reorder transactions based on this information, especially in DeFi, where targeted front-running can be highly profitable. For ordinary users, this means that even if their transactions are not censored, they can still be targeted for front-running before they are confirmed.

This is the root cause of sandwich attacks.

The community’s main current solutions include LUCID (proposed by Ethereum Foundation researcher Anders Elowsson, Julian Ma, and Justin Florentine) and EIP-8105 (Universal Enshrined Encrypted Mempool). The EIP-8105 team recently announced full support for LUCID, and both teams are collaborating to push these solutions forward.

The core idea of encrypted mempools is:

• When users send transactions, the content is encrypted;
• The transaction remains encrypted until it is included in a block and reaches a certain confirmation threshold;
• Until then, searchers cannot see the transaction intent, preventing sandwich attacks or front-running;
• As a result, the public mempool becomes “secure and usable” again.

As researchers say, the combination of ePBS (Execution Layer Proposer-Builder Separation) + FOCIL + encrypted mempools forms the “Holy Trinity of Censorship Resistance,” providing a comprehensive systemic defense across the entire transaction supply chain.

Currently, FOCIL has been confirmed for Hegotá; the encrypted mempool solution (LUCID) is actively being promoted as another headline proposal for Hegotá.

3. What Does All This Mean?

Looking at the bigger picture, FOCIL and encrypted mempools are not just new terms in Ethereum’s upgrade list—they signal a shift:

Ethereum is re-centering “censorship resistance” in its protocol design.

Although the blockchain industry often talks about “decentralization,” many users realize that when a transaction is censored, blocked, or disappears from the network, decentralization is not a default state but something to be actively fought for through protocol code.

As early as February 20, Vitalik wrote that FOCIL and Ethereum’s account abstraction proposal EIP-8141 (based on 7701) have important synergies. EIP-8141 elevates smart accounts (including multisigs, quantum-resistant signatures, key changes, gas sponsorships) to “first-class citizens,” meaning operations from these accounts can be directly packaged as on-chain transactions without additional wrapping.

Some may question: does FOCIL add protocol complexity? Could encrypted mempools cause efficiency losses? Are these costs justified?

This is precisely what makes “sanctuary technologies” so noteworthy: the true value of blockchain may never be just asset on-boarding or transaction speed, but whether it can continue providing a permissionless, hard-to-shut-down, and resilient digital escape hatch under high-pressure environments.

From this perspective, the significance of FOCIL and encrypted mempools is clear: they aim to harden protocol rules, transforming what once relied on good faith, market self-regulation, and “hope nothing goes wrong” into more robust safeguards.

When countless users can freely live, work, communicate, manage risks, and build wealth on this “digital safe island,” without fear of eviction or censorship by centralized entities—then Ethereum will have truly passed the “Walkaway Test.”

And that, ultimately, is the core purpose of sanctuary technologies.