Cryptography in Sui
As we launch Sui, we want to share our best practices on cryptography in Sui and why we support certain algorithms and primitives.
The distributed nature of Sui, with its network of disparate validators and collection of owned and shared objects, requires strong and modern cryptography to ensure security and trust in the system. Users rely on cryptography to secure their assets in wallets when performing on-chain activities, while developers need access to a toolkit of cryptographic primitives when building smart contracts. Strong, effective and efficient cryptography comprises a core pillar of the Sui blockchain.
As we launch Sui, we want to share our best practices on cryptography in Sui and why we support certain algorithms and primitives. Our philosophy applies to everything from user wallet key management to on-chain Move functions.
For maintainability and ease of use, we introduced fastcrypto, a cryptography library published as an independent crate to encourage reusability across different applications in the Sui ecosystem and beyond.
We developed fastcrypto with the following best practices in mind:
- API stability and safety: Always wrap struct and trait with our own structs/traits instead of exposing them directly. This helps avoid Rust's orphan rule and decouples fastcrypto APIs from dependencies.
- Careful selection of crates: Select libraries that are secure, performant, deterministic, and popular to use.
Industry standards with opinions: Follow standards if they exist, but also support more opinionated versions where we think they are safer.
- Key management safety: Implement Zeroize and ZeroizeOnDrop with keys. Choose fixed size keys where possible, protect against malleability, add extra security properties (i.e. novel proof of key possession and domain separation policies).
- Opaque error handling: Once the function executes the cryptographic protocol/algorithm it should not return explicit errors, which might leak private information.
- Robust testing and benchmarking: Each primitive is tested against common test vectors and arbitrary inputs if possible, and benchmarked to ensure performance.
Following these principles, we implemented a range of highly-optimized crypto primitives with extensive benchmarks for signature schemes, encoding algorithms, verifiable random functions, and zero knowledge proofs. We plan to introduce more comprehensive timestamped benchmarks for various cryptographic operations and further improve the result with techniques such as half aggregation of EdDSA signatures, pre-computed tables, and improved batch verifiers for both compression and performance boost, having already achieved some world record speed results.
In addition, we are working on a suite of zero knowledge proof functionality, which resulted in one of the fastest implementations of the Groth16 ZKP verifiers in Rust by wisely combining existing implementations.
Sui Wallet and Typescript SDK share the same cryptography backend utility implementations. Along with the Rust SDK, we provide wallet developers with a reference wallet implementation and toolkits for integration and we follow key management standards accepted by the cryptocurrency industry. We selected our supported libraries with security considerations in mind and we ensure feature parity across languages.
We are also working on a safe and usable transaction pre-approvals design in Sui Wallet, where users can securely bulk sign transactions meeting certain criteria. By eliminating the need of signing transactions one at a time, Sui Wallet makes on-chain games easy to implement, unlocking the full potential of fast execution of the Sui network.
Sui’s inherent crypto agility means it can accept more than one type of user signature scheme, and Sui can switch validator consensus signature schemes rapidly. This design also enables system level benchmarking for observability.
Cryptography in Move
Cryptographic primitives on-chain in Move are implemented with these considerations:
- Standard in the blockchain ecosystem (e.g. Merkle Tree, ECDSA verify signature).
- Enable cross-chain and off-chain applications (e.g. Ethereum’s keccak256 and ecrecover).
- Enable new applications that utilize Sui as a highly performant blockchain (e.g. confidential tokens and decentralized random beacons).
- Enable innovation in general (e.g. a new blockchain-optimized BLS12381 aggregation scheme, faster zero knowledge proof verification, novel smart contract lottery schemes).
Building a safe web3 future
Mysten Labs developed Sui as an object-oriented Layer-1 blockchain. As an important foundation of web3 distributed infrastructure, Sui needs to earn the confidence and trust of the current community, and all future users. Sui is developing with the best practices in cryptography described above and we provide toolings to help developers build applications that give users the safest experience.
In the immediate future, our blog articles will cover such topics as wallet specifications, cryptography agility, crypto primitives, and benchmarking cryptographic libraries. There are many topics in the cryptography space and we will show our strong commitment to this component of our technology, by training the blockchain community, while helping developers build the most secure applications. Stay tuned, because among the others, in our crypto blog series you will soon notice fresh announcements for novel algorithms and exciting results coming from our industry leading cryptography and systems research teams.