23 posts tagged with "Sui"

Privacy is becoming public infrastructure. In 2025, developers need tools that make encryption as easy as storing data. Mysten Labs' Seal provides exactly that—decentralized secrets management with onchain access control. This tutorial will teach you how to build secure Web3 applications using identity-based encryption, threshold security, and programmable access policies.

Introduction: Why Seal Matters for Web3​

Traditional cloud applications rely on centralized key management systems where a single provider controls access to encrypted data. While convenient, this creates dangerous single points of failure. If the provider is compromised, goes offline, or decides to restrict access, your data becomes inaccessible or vulnerable.

Seal changes this paradigm entirely. Built by Mysten Labs for the Sui blockchain, Seal is a decentralized secrets management (DSM) service that enables:

• Identity-based encryption where content is protected before it leaves your environment
• Threshold encryption that distributes key access across multiple independent nodes
• Onchain access control with time locks, token-gating, and custom authorization logic
• Storage agnostic design that works with Walrus, IPFS, or any storage solution

Whether you're building secure messaging apps, gated content platforms, or time-locked asset transfers, Seal provides the cryptographic primitives and access control infrastructure you need.

Getting Started​

Prerequisites​

Before diving in, ensure you have:

• Node.js 18+ installed
• Basic familiarity with TypeScript/JavaScript
• A Sui wallet for testing (like Sui Wallet)
• Understanding of blockchain concepts

Installation​

Install the Seal SDK via npm:

npm install @mysten/seal

You'll also want the Sui SDK for blockchain interactions:

npm install @mysten/sui

Project Setup​

Create a new project and initialize it:

mkdir seal-tutorial
cd seal-tutorial
npm init -y
npm install @mysten/seal @mysten/sui typescript @types/node

Create a simple TypeScript configuration:

// tsconfig.json
{
  "compilerOptions": {
    "target": "ES2020",
    "module": "commonjs",
    "strict": true,
    "esModuleInterop": true,
    "skipLibCheck": true,
    "forceConsistentCasingInFileNames": true
  }
}

Core Concepts: How Seal Works​

Before writing code, let's understand Seal's architecture:

1. Identity-Based Encryption (IBE)​

Unlike traditional encryption where you encrypt to a public key, IBE lets you encrypt to an identity (like an email address or Sui address). The recipient can only decrypt if they can prove they control that identity.

2. Threshold Encryption​

Instead of trusting a single key server, Seal uses t-of-n threshold schemes. You might configure 3-of-5 key servers, meaning any 3 servers can cooperate to provide decryption keys, but 2 or fewer cannot.

3. Onchain Access Control​

Access policies are enforced by Sui smart contracts. Before a key server provides decryption keys, it verifies that the requestor meets the onchain policy requirements (token ownership, time constraints, etc.).

4. Key Server Network​

Distributed key servers validate access policies and generate decryption keys. These servers are operated by different parties to ensure no single point of control.

Basic Implementation: Your First Seal Application​

Let's build a simple application that encrypts sensitive data and controls access through Sui blockchain policies.

Step 1: Initialize the Seal Client​

// src/seal-client.ts
import { SealClient } from '@mysten/seal';
import { SuiClient } from '@mysten/sui/client';

export async function createSealClient() {
  // Initialize Sui client for testnet
  const suiClient = new SuiClient({
    url: 'https://fullnode.testnet.sui.io'
  });

  // Configure Seal client with testnet key servers
  const sealClient = new SealClient({
    suiClient,
    keyServers: [
      'https://keyserver1.seal-testnet.com',
      'https://keyserver2.seal-testnet.com',
      'https://keyserver3.seal-testnet.com'
    ],
    threshold: 2, // 2-of-3 threshold
    network: 'testnet'
  });

  return { sealClient, suiClient };
}

Step 2: Simple Encryption/Decryption​

// src/basic-encryption.ts
import { createSealClient } from './seal-client';

async function basicExample() {
  const { sealClient } = await createSealClient();

  // Data to encrypt
  const sensitiveData = "This is my secret message!";
  const recipientAddress = "0x742d35cc6d4c0c08c0f9bf3c9b2b6c64b3b4f5c6d7e8f9a0b1c2d3e4f5a6b7c8";

  try {
    // Encrypt data for a specific Sui address
    const encryptedData = await sealClient.encrypt({
      data: Buffer.from(sensitiveData, 'utf-8'),
      recipientId: recipientAddress,
      // Optional: add metadata
      metadata: {
        contentType: 'text/plain',
        timestamp: Date.now()
      }
    });

    console.log('Encrypted data:', {
      ciphertext: encryptedData.ciphertext.toString('base64'),
      encryptionId: encryptedData.encryptionId
    });

    // Later, decrypt the data (requires proper authorization)
    const decryptedData = await sealClient.decrypt({
      ciphertext: encryptedData.ciphertext,
      encryptionId: encryptedData.encryptionId,
      recipientId: recipientAddress
    });

    console.log('Decrypted data:', decryptedData.toString('utf-8'));

  } catch (error) {
    console.error('Encryption/decryption failed:', error);
  }
}

basicExample();

Access Control with Sui Smart Contracts​

The real power of Seal comes from programmable access control. Let's create a time-locked encryption example where data can only be decrypted after a specific time.

Step 1: Deploy Access Control Contract​

First, we need a Move smart contract that defines our access policy:

// contracts/time_lock.move
module time_lock::policy {
    use sui::clock::{Self, Clock};
    use sui::object::{Self, UID};
    use sui::tx_context::{Self, TxContext};

    public struct TimeLockPolicy has key, store {
        id: UID,
        unlock_time: u64,
        authorized_user: address,
    }

    public fun create_time_lock(
        unlock_time: u64,
        authorized_user: address,
        ctx: &mut TxContext
    ): TimeLockPolicy {
        TimeLockPolicy {
            id: object::new(ctx),
            unlock_time,
            authorized_user,
        }
    }

    public fun can_decrypt(
        policy: &TimeLockPolicy,
        user: address,
        clock: &Clock
    ): bool {
        let current_time = clock::timestamp_ms(clock);
        policy.authorized_user == user && current_time >= policy.unlock_time
    }
}

Step 2: Integrate with Seal​

// src/time-locked-encryption.ts
import { createSealClient } from './seal-client';
import { TransactionBlock } from '@mysten/sui/transactions';

async function createTimeLocked() {
  const { sealClient, suiClient } = await createSealClient();

  // Create access policy on Sui
  const txb = new TransactionBlock();

  const unlockTime = Date.now() + 60000; // Unlock in 1 minute
  const authorizedUser = "0x742d35cc6d4c0c08c0f9bf3c9b2b6c64b3b4f5c6d7e8f9a0b1c2d3e4f5a6b7c8";

  txb.moveCall({
    target: 'time_lock::policy::create_time_lock',
    arguments: [
      txb.pure(unlockTime),
      txb.pure(authorizedUser)
    ]
  });

  // Execute transaction to create policy
  const result = await suiClient.signAndExecuteTransactionBlock({
    transactionBlock: txb,
    signer: yourKeypair, // Your Sui keypair
  });

  const policyId = result.objectChanges?.find(
    change => change.type === 'created'
  )?.objectId;

  // Now encrypt with this policy
  const sensitiveData = "This will unlock in 1 minute!";

  const encryptedData = await sealClient.encrypt({
    data: Buffer.from(sensitiveData, 'utf-8'),
    recipientId: authorizedUser,
    accessPolicy: {
      policyId,
      policyType: 'time_lock'
    }
  });

  console.log('Time-locked data created. Try decrypting after 1 minute.');

  return {
    encryptedData,
    policyId,
    unlockTime
  };
}

Practical Examples​

Example 1: Secure Messaging Application​

// src/secure-messaging.ts
import { createSealClient } from './seal-client';

class SecureMessenger {
  private sealClient: any;

  constructor(sealClient: any) {
    this.sealClient = sealClient;
  }

  async sendMessage(
    message: string,
    recipientAddress: string,
    senderKeypair: any
  ) {
    const messageData = {
      content: message,
      timestamp: Date.now(),
      sender: senderKeypair.toSuiAddress(),
      messageId: crypto.randomUUID()
    };

    const encryptedMessage = await this.sealClient.encrypt({
      data: Buffer.from(JSON.stringify(messageData), 'utf-8'),
      recipientId: recipientAddress,
      metadata: {
        type: 'secure_message',
        sender: senderKeypair.toSuiAddress()
      }
    });

    // Store encrypted message on decentralized storage (Walrus)
    return this.storeOnWalrus(encryptedMessage);
  }

  async readMessage(encryptionId: string, recipientKeypair: any) {
    // Retrieve from storage
    const encryptedData = await this.retrieveFromWalrus(encryptionId);

    // Decrypt with Seal
    const decryptedData = await this.sealClient.decrypt({
      ciphertext: encryptedData.ciphertext,
      encryptionId: encryptedData.encryptionId,
      recipientId: recipientKeypair.toSuiAddress()
    });

    return JSON.parse(decryptedData.toString('utf-8'));
  }

  private async storeOnWalrus(data: any) {
    // Integration with Walrus storage
    // This would upload the encrypted data to Walrus
    // and return the blob ID for retrieval
  }

  private async retrieveFromWalrus(blobId: string) {
    // Retrieve encrypted data from Walrus using blob ID
  }
}

Example 2: Token-Gated Content Platform​

// src/gated-content.ts
import { createSealClient } from './seal-client';

class ContentGating {
  private sealClient: any;
  private suiClient: any;

  constructor(sealClient: any, suiClient: any) {
    this.sealClient = sealClient;
    this.suiClient = suiClient;
  }

  async createGatedContent(
    content: string,
    requiredNftCollection: string,
    creatorKeypair: any
  ) {
    // Create NFT ownership policy
    const accessPolicy = await this.createNftPolicy(
      requiredNftCollection,
      creatorKeypair
    );

    // Encrypt content with NFT access requirement
    const encryptedContent = await this.sealClient.encrypt({
      data: Buffer.from(content, 'utf-8'),
      recipientId: 'nft_holders', // Special recipient for NFT holders
      accessPolicy: {
        policyId: accessPolicy.policyId,
        policyType: 'nft_ownership'
      }
    });

    return {
      contentId: encryptedContent.encryptionId,
      accessPolicy: accessPolicy.policyId
    };
  }

  async accessGatedContent(
    contentId: string,
    userAddress: string,
    userKeypair: any
  ) {
    // Verify NFT ownership first
    const hasAccess = await this.verifyNftOwnership(
      userAddress,
      contentId
    );

    if (!hasAccess) {
      throw new Error('Access denied: Required NFT not found');
    }

    // Decrypt content
    const decryptedContent = await this.sealClient.decrypt({
      encryptionId: contentId,
      recipientId: userAddress
    });

    return decryptedContent.toString('utf-8');
  }

  private async createNftPolicy(collection: string, creator: any) {
    // Create Move contract that checks NFT ownership
    // Returns policy object ID
  }

  private async verifyNftOwnership(user: string, contentId: string) {
    // Check if user owns required NFT
    // Query Sui for NFT ownership
  }
}

Example 3: Time-Locked Asset Transfer​

// src/time-locked-transfer.ts
import { createSealClient } from './seal-client';

async function createTimeLockTransfer(
  assetData: any,
  recipientAddress: string,
  unlockTimestamp: number,
  senderKeypair: any
) {
  const { sealClient, suiClient } = await createSealClient();

  // Create time-lock policy on Sui
  const timeLockPolicy = await createTimeLockPolicy(
    unlockTimestamp,
    recipientAddress,
    senderKeypair,
    suiClient
  );

  // Encrypt asset transfer data
  const transferData = {
    asset: assetData,
    recipient: recipientAddress,
    unlockTime: unlockTimestamp,
    transferId: crypto.randomUUID()
  };

  const encryptedTransfer = await sealClient.encrypt({
    data: Buffer.from(JSON.stringify(transferData), 'utf-8'),
    recipientId: recipientAddress,
    accessPolicy: {
      policyId: timeLockPolicy.policyId,
      policyType: 'time_lock'
    }
  });

  console.log(`Asset locked until ${new Date(unlockTimestamp)}`);

  return {
    transferId: encryptedTransfer.encryptionId,
    unlockTime: unlockTimestamp,
    policyId: timeLockPolicy.policyId
  };
}

async function claimTimeLockTransfer(
  transferId: string,
  recipientKeypair: any
) {
  const { sealClient } = await createSealClient();

  try {
    const decryptedData = await sealClient.decrypt({
      encryptionId: transferId,
      recipientId: recipientKeypair.toSuiAddress()
    });

    const transferData = JSON.parse(decryptedData.toString('utf-8'));

    // Process the asset transfer
    console.log('Asset transfer unlocked:', transferData);

    return transferData;
  } catch (error) {
    console.error('Transfer not yet unlocked or access denied:', error);
    throw error;
  }
}

Integration with Walrus Decentralized Storage​

Seal works seamlessly with Walrus, Sui's decentralized storage solution. Here's how to integrate both:

// src/walrus-integration.ts
import { createSealClient } from './seal-client';

class SealWalrusIntegration {
  private sealClient: any;
  private walrusClient: any;

  constructor(sealClient: any, walrusClient: any) {
    this.sealClient = sealClient;
    this.walrusClient = walrusClient;
  }

  async storeEncryptedData(
    data: Buffer,
    recipientAddress: string,
    accessPolicy?: any
  ) {
    // Encrypt with Seal
    const encryptedData = await this.sealClient.encrypt({
      data,
      recipientId: recipientAddress,
      accessPolicy
    });

    // Store encrypted data on Walrus
    const blobId = await this.walrusClient.store(
      encryptedData.ciphertext
    );

    // Return reference that includes both Seal and Walrus info
    return {
      blobId,
      encryptionId: encryptedData.encryptionId,
      accessPolicy: encryptedData.accessPolicy
    };
  }

  async retrieveAndDecrypt(
    blobId: string,
    encryptionId: string,
    userKeypair: any
  ) {
    // Retrieve from Walrus
    const encryptedData = await this.walrusClient.retrieve(blobId);

    // Decrypt with Seal
    const decryptedData = await this.sealClient.decrypt({
      ciphertext: encryptedData,
      encryptionId,
      recipientId: userKeypair.toSuiAddress()
    });

    return decryptedData;
  }
}

// Usage example
async function walrusExample() {
  const { sealClient } = await createSealClient();
  const walrusClient = new WalrusClient('https://walrus-testnet.sui.io');

  const integration = new SealWalrusIntegration(sealClient, walrusClient);

  const fileData = Buffer.from('Important document content');
  const recipientAddress = '0x...';

  // Store encrypted
  const result = await integration.storeEncryptedData(
    fileData,
    recipientAddress
  );

  console.log('Stored with Blob ID:', result.blobId);

  // Later, retrieve and decrypt
  const decrypted = await integration.retrieveAndDecrypt(
    result.blobId,
    result.encryptionId,
    recipientKeypair
  );

  console.log('Retrieved data:', decrypted.toString());
}

Threshold Encryption Advanced Configuration​

For production applications, you'll want to configure custom threshold encryption with multiple key servers:

// src/advanced-threshold.ts
import { SealClient } from '@mysten/seal';

async function setupProductionSeal() {
  // Configure with multiple independent key servers
  const keyServers = [
    'https://keyserver-1.your-org.com',
    'https://keyserver-2.partner-org.com',
    'https://keyserver-3.third-party.com',
    'https://keyserver-4.backup-provider.com',
    'https://keyserver-5.fallback.com'
  ];

  const sealClient = new SealClient({
    keyServers,
    threshold: 3, // 3-of-5 threshold
    network: 'mainnet',
    // Advanced options
    retryAttempts: 3,
    timeoutMs: 10000,
    backupKeyServers: [
      'https://backup-1.emergency.com',
      'https://backup-2.emergency.com'
    ]
  });

  return sealClient;
}

async function robustEncryption() {
  const sealClient = await setupProductionSeal();

  const criticalData = "Mission critical encrypted data";

  // Encrypt with high security guarantees
  const encrypted = await sealClient.encrypt({
    data: Buffer.from(criticalData, 'utf-8'),
    recipientId: '0x...',
    // Require all 5 servers for maximum security
    customThreshold: 5,
    // Add redundancy
    redundancy: 2,
    accessPolicy: {
      // Multi-factor requirements
      requirements: ['nft_ownership', 'time_lock', 'multisig_approval']
    }
  });

  return encrypted;
}

Security Best Practices​

1. Key Management​

// src/security-practices.ts

// GOOD: Use secure key derivation
import { generateKeypair } from '@mysten/sui/cryptography/ed25519';

const keypair = generateKeypair();

// GOOD: Store keys securely (example with environment variables)
const keypair = Ed25519Keypair.fromSecretKey(
  process.env.PRIVATE_KEY
);

// BAD: Never hardcode keys
const badKeypair = Ed25519Keypair.fromSecretKey(
  "hardcoded-secret-key-12345" // Don't do this!
);

2. Access Policy Validation​

// Always validate access policies before encryption
async function secureEncrypt(data: Buffer, recipient: string) {
  const { sealClient } = await createSealClient();

  // Validate recipient address
  if (!isValidSuiAddress(recipient)) {
    throw new Error('Invalid recipient address');
  }

  // Check policy exists and is valid
  const policy = await validateAccessPolicy(policyId);
  if (!policy.isValid) {
    throw new Error('Invalid access policy');
  }

  return sealClient.encrypt({
    data,
    recipientId: recipient,
    accessPolicy: policy
  });
}

3. Error Handling and Fallbacks​

// Robust error handling
async function resilientDecrypt(encryptionId: string, userKeypair: any) {
  const { sealClient } = await createSealClient();

  try {
    return await sealClient.decrypt({
      encryptionId,
      recipientId: userKeypair.toSuiAddress()
    });
  } catch (error) {
    if (error.code === 'ACCESS_DENIED') {
      throw new Error('Access denied: Check your permissions');
    } else if (error.code === 'KEY_SERVER_UNAVAILABLE') {
      // Try with backup configuration
      return await retryWithBackupServers(encryptionId, userKeypair);
    } else if (error.code === 'THRESHOLD_NOT_MET') {
      throw new Error('Insufficient key servers available');
    } else {
      throw new Error(`Decryption failed: ${error.message}`);
    }
  }
}

4. Data Validation​

// Validate data before encryption
function validateDataForEncryption(data: Buffer): boolean {
  // Check size limits
  if (data.length > 1024 * 1024) { // 1MB limit
    throw new Error('Data too large for encryption');
  }

  // Check for sensitive patterns (optional)
  const dataStr = data.toString();
  if (containsSensitivePatterns(dataStr)) {
    console.warn('Warning: Data contains potentially sensitive patterns');
  }

  return true;
}

Performance Optimization​

1. Batching Operations​

// Batch multiple encryptions for efficiency
async function batchEncrypt(dataItems: Buffer[], recipients: string[]) {
  const { sealClient } = await createSealClient();

  const promises = dataItems.map((data, index) =>
    sealClient.encrypt({
      data,
      recipientId: recipients[index]
    })
  );

  return Promise.all(promises);
}

2. Caching Key Server Responses​

// Cache key server sessions to reduce latency
class OptimizedSealClient {
  private sessionCache = new Map();

  async encryptWithCaching(data: Buffer, recipient: string) {
    let session = this.sessionCache.get(recipient);

    if (!session || this.isSessionExpired(session)) {
      session = await this.createNewSession(recipient);
      this.sessionCache.set(recipient, session);
    }

    return this.encryptWithSession(data, session);
  }
}

Testing Your Seal Integration​

Unit Testing​

// tests/seal-integration.test.ts
import { describe, it, expect } from 'jest';
import { createSealClient } from '../src/seal-client';

describe('Seal Integration', () => {
  it('should encrypt and decrypt data successfully', async () => {
    const { sealClient } = await createSealClient();
    const testData = Buffer.from('test message');
    const recipient = '0x742d35cc6d4c0c08c0f9bf3c9b2b6c64b3b4f5c6d7e8f9a0b1c2d3e4f5a6b7c8';

    const encrypted = await sealClient.encrypt({
      data: testData,
      recipientId: recipient
    });

    expect(encrypted.encryptionId).toBeDefined();
    expect(encrypted.ciphertext).toBeDefined();

    const decrypted = await sealClient.decrypt({
      ciphertext: encrypted.ciphertext,
      encryptionId: encrypted.encryptionId,
      recipientId: recipient
    });

    expect(decrypted.toString()).toBe('test message');
  });

  it('should enforce access control policies', async () => {
    // Test that unauthorized users cannot decrypt
    const { sealClient } = await createSealClient();

    const encrypted = await sealClient.encrypt({
      data: Buffer.from('secret'),
      recipientId: 'authorized-user'
    });

    await expect(
      sealClient.decrypt({
        ciphertext: encrypted.ciphertext,
        encryptionId: encrypted.encryptionId,
        recipientId: 'unauthorized-user'
      })
    ).rejects.toThrow('Access denied');
  });
});

Deployment to Production​

Environment Configuration​

// config/production.ts
export const productionConfig = {
  keyServers: [
    process.env.KEY_SERVER_1,
    process.env.KEY_SERVER_2,
    process.env.KEY_SERVER_3,
    process.env.KEY_SERVER_4,
    process.env.KEY_SERVER_5
  ],
  threshold: 3,
  network: 'mainnet',
  suiRpc: process.env.SUI_RPC_URL,
  walrusGateway: process.env.WALRUS_GATEWAY,
  // Security settings
  maxDataSize: 1024 * 1024, // 1MB
  sessionTimeout: 3600000, // 1 hour
  retryAttempts: 3
};

Monitoring and Logging​

// utils/monitoring.ts
export class SealMonitoring {
  static logEncryption(encryptionId: string, recipient: string) {
    console.log(`[SEAL] Encrypted data ${encryptionId} for ${recipient}`);
    // Send to your monitoring service
  }

  static logDecryption(encryptionId: string, success: boolean) {
    console.log(`[SEAL] Decryption ${encryptionId}: ${success ? 'SUCCESS' : 'FAILED'}`);
  }

  static logKeyServerHealth(serverUrl: string, status: string) {
    console.log(`[SEAL] Key server ${serverUrl}: ${status}`);
  }
}

Resources and Next Steps​

Official Documentation​

• Seal Documentation: https://seal-docs.wal.app/
• GitHub Repository: https://github.com/MystenLabs/seal
• Sui Documentation: https://docs.sui.io/
• Walrus Documentation: https://docs.wal.app/

Community and Support​

• Sui Discord: Join the #seal channel for community support
• GitHub Issues: Report bugs and request features
• Developer Forums: Sui community forums for discussions

Advanced Topics to Explore​

1. Custom Access Policies: Build complex authorization logic with Move contracts
2. Cross-Chain Integration: Use Seal with other blockchain networks
3. Enterprise Key Management: Set up your own key server infrastructure
4. Audit and Compliance: Implement logging and monitoring for regulated environments

Sample Applications​

• Secure Chat App: End-to-end encrypted messaging with Seal
• Document Management: Enterprise document sharing with access controls
• Digital Rights Management: Content distribution with usage policies
• Privacy-Preserving Analytics: Encrypted data processing workflows

Conclusion​

Seal represents a fundamental shift toward making privacy and encryption infrastructure-level concerns in Web3. By combining identity-based encryption, threshold security, and programmable access control, it provides developers with powerful tools to build truly secure and decentralized applications.

The key advantages of building with Seal include:

• No Single Point of Failure: Distributed key servers eliminate central authorities
• Programmable Security: Smart contract-based access policies provide flexible authorization
• Developer-Friendly: TypeScript SDK integrates seamlessly with existing Web3 tooling
• Storage Agnostic: Works with Walrus, IPFS, or any storage solution
• Production Ready: Built by Mysten Labs with enterprise security standards

Whether you're securing user data, implementing subscription models, or building complex multi-party applications, Seal provides the cryptographic primitives and access control infrastructure you need to build with confidence.

Start building today, and join the growing ecosystem of developers making privacy a fundamental part of public infrastructure.

Ready to start building? Install @mysten/seal and begin experimenting with the examples in this tutorial. The decentralized web is waiting for applications that put privacy and security first.

TL;DR​

• Talus is shipping Nexus, a Move-based framework that composes on-chain and off-chain tools into verifiable Directed Acyclic Graph (DAG) workflows, mediated by a trusted "Leader" service today and aiming for secure enclaves and decentralization over time.
• The stack targets an emerging agent economy by integrating tool registries, payment rails, gas budgeting, and marketplaces so tool builders and agent operators can monetize usage with auditability.
• A roadmap toward a dedicated Protochain (Cosmos SDK + Move VM) is public, but Sui remains the live coordination layer; the Sui + Walrus storage integration provides the current production substrate.
• Token plans are evolving: materials reference historical $TAI concepts and a 2025 Litepaper that introduces a$US ecosystem token for payments, staking, and prioritization mechanics.
• Execution risk centers on decentralizing the Leader, finalizing token economics, and demonstrating Protochain performance while maintaining developer UX across Sui, Walrus, and off-chain services.

What Talus Is Building—and What It Is Not​

Talus positions itself as a coordination and monetization layer for autonomous AI agents rather than a raw AI inference market. The core product, Nexus, allows developers to package tool invocations, external API calls, and on-chain logic into workflow DAGs expressed in Sui Move. The design emphasizes verifiability, capability-based access, and schema-governed data flow so that each tool invocation can be audited on-chain. Talus pairs this with marketplaces—Tool Marketplace, Agent Marketplace, and Agent-as-a-Service—to help operators discover and monetize agent functionality.

By contrast, Talus is not operating its own large-language models or GPU network. Instead, it expects tool builders to wrap existing APIs or services (OpenAI, vector search, trading systems, data providers) and register them with Nexus. This makes Talus complementary to compute networks such as Ritual or Bittensor, which could appear as tools inside Nexus workflows.

Architecture: On-Chain Control Plane, Off-Chain Execution​

On-Chain (Sui Move)​

The on-chain components live on Sui and deliver the coordination plane:

• Workflow engine – DAG semantics include entry groups, branching variants, and concurrency checks. Static validation attempts to prevent race conditions before execution.
• Primitives – ProofOfUID enables authenticated cross-package messaging without tight coupling; OwnerCap/CloneableOwnerCap expose capability-based permissions; ProvenValue and NexusData structures define how data is passed inline or via remote storage references.
• Default TAP (Talus Agent Package) – A reference agent that demonstrates how to create worksheets (proof objects), trigger workflow evaluation, and confirm tool outcomes while conforming to the Nexus Interface v1.
• Tool registry & anti-spam – Tool creators must deposit time-locked collateral to publish a tool definition, discouraging spam while keeping registration permissionless.
• Gas service – Shared objects store per-tool pricing, user gas budgets, and gas tickets with expiry or usage caps. Events record every claim so operators can audit settlement for tool owners and the Leader.

Off-Chain Leader​

A Talus-operated Leader service listens to Sui events, fetches tool schemas, orchestrates off-chain execution (LLMs, APIs, compute jobs), validates input/output against declared schemas, and writes results back on-chain. Leader capabilities are represented as Sui objects; a failed Sui transaction can "damage" a capability, preventing immediate reuse until the epoch rolls over. Talus plans to harden the Leader path via Trusted Execution Environments (TEEs), multiple operators, and eventual permissionless participation.

Storage & Verifiability​

Walrus, Mysten Labs' decentralized storage layer, is integrated for agent memory, model artifacts, and large datasets. Nexus keeps Sui for the deterministic control plane while pushing heavier payloads to Walrus. Public materials indicate support for multiple verification modes—optimistic, zero-knowledge, or trusted execution—selectable per workflow requirements.

Developer Experience and Early Products​

Talus maintains a Rust-based SDK, CLI tooling, and documentation with walkthroughs (building DAGs, integrating LLMs, securing tools). A catalog of standard tools—OpenAI chat completions, X (Twitter) operations, Walrus storage adapters, math utilities—reduces the friction for prototyping. On the consumer side, flagship experiences such as IDOL.fun (agent-versus-agent prediction markets) and AI Bae (gamified AI companions) serve as proof points and distribution channels for agent-native workflows. Talus Vision, a no-code builder, is positioned as an upcoming marketplace interface that abstracts workflow design for non-developers.

Economic Design, Token Plans, and Gas Handling​

In the live Sui deployment, users fund workflows in SUI. The Gas Service converts those budgets into tool-specific tickets, enforces expiry or scope limits, and logs claims that can be reconciled on-chain. Tool owners define pricing, while the Leader is paid through the same settlement flow. Because the Leader can currently claim budgets once execution succeeds, users must trust the operator—but emitted events provide auditability.

Token design remains in flux. Third-party explainers reference an earlier $TAI** concept, whereas Talus's 2025 Litepaper proposes an ecosystem token dubbed **$US with a 10 billion supply. The stated roles include serving as the medium for tool and Leader payments, staking for service guarantees, and conferring prioritization privileges. Materials suggest that excess SUI paid at execution could be converted to $US via market swaps. Investors should treat these details as provisional until tokenomics are finalized.

Funding, Team, and Partnerships​

Talus announced a $6 million strategic round (total $9 million raised) led by Polychain at a reported $150 million valuation in late 2024. Proceeds are earmarked for advancing Nexus, incubating consumer applications, and building Protochain, the proposed dedicated L1 for agents. Public sources list Mike Hanono (CEO) and Ben Frigon (COO) as key executives. Integration announcements highlight collaboration with the Sui and Walrus ecosystems, reinforcing Mysten Labs' infrastructure as the current execution environment.

Competitive Lens​

• Ritual focuses on decentralized AI compute (Infernet) and EVM integrations, emphasizing verifiable inference rather than workflow orchestration.
• Autonolas (Olas) coordinates off-chain agent services with on-chain incentives; it shares the agent-economy thesis but lacks Nexus's Move-based DAG execution layer.
• Fetch.ai offers Agentverse and uAgents to connect autonomous services; Talus differentiates with on-chain verification of each workflow step and embedded gas accounting.
• Bittensor rewards ML model contribution via TAO subnets—a compute marketplace that could slot into Nexus as a tool provider but does not provide the monetization rails Talus is targeting.

Overall, Talus is staking out the coordination and settlement plane for agent workflows, leaving raw compute and inference to specialized networks that can plug in as tools.

Key Risks and Open Questions​

1. Leader trust – Until TEEs and multi-operator support ship, developers must trust Talus's Leader to execute faithfully and return accurate results.
2. Token uncertainty – Branding and mechanics have shifted from $TAI to$US; supply schedules, distribution, and staking economics remain unfinalized.
3. Protochain execution – Public materials describe a Cosmos SDK chain with Move VM support, but code repositories, benchmarks, and security audits are not yet available.
4. Tool quality and spam – Collateral requirements deter spam, yet long-term success depends on schema validation, uptime guarantees, and dispute resolution around off-chain outputs.
5. UX complexity – Coordinating Sui, Walrus, and diverse off-chain APIs introduces operational overhead; the SDK and no-code tooling must abstract this to maintain developer adoption.

Milestones to Watch Through 2025–2026​

• Shipping a Leader roadmap with TEE hardening, slashing rules, and public onboarding for additional operators.
• Expansion of the Tool Marketplace: number of registered tools, pricing models, and quality metrics (uptime, SLA transparency).
• Adoption metrics for IDOL.fun, AI Bae, and Talus Vision as indicators of user demand for agent-native experiences.
• Performance data from running sizable workflows on Sui + Walrus: latency, throughput, and gas consumption.
• Publication of final tokenomics, including supply release schedule, staking rewards, and the SUI→$US conversion path.
• Release of Protochain repositories, testnets, and interoperability plans (e.g., IBC support) to validate the dedicated chain thesis.

How Builders and Operators Can Engage​

• Prototype quickly – Combine the Default TAP with standard tools (OpenAI, X, Walrus) in a three-node DAG to automate data ingestion, summarization, and on-chain actions.
• Monetize specialized tools – Wrap proprietary APIs (financial data, compliance checks, bespoke LLMs) as Nexus tools, define pricing, and issue gas tickets with expiry or usage caps to manage demand.
• Prepare for Leader participation – Monitor documentation for staking requirements, slashing logic, and failure-handling mechanics so infrastructure providers can step in as additional Leaders when the network opens.
• Evaluate consumer flywheels – Analyze retention and spend in IDOL.fun and AI Bae to assess whether agent-first consumer products can bootstrap broader tool demand.

Bottom Line​

Talus delivers a credible blueprint for an on-chain agent economy by combining verifiable Move-based workflows, capability-controlled tool composition, and explicit monetization rails. Success now hinges on proving that the model scales beyond a trusted Leader, finalizing sustainable token incentives, and demonstrating that Protochain can extend Sui-era lessons into a dedicated execution environment. Builders who need transparent settlement and composable agent workflows should keep Nexus on their diligence shortlist while tracking how quickly Talus can de-risk these open questions.

Public blockchains give every participant a synchronized, auditable ledger—but they also expose every piece of data by default. Seal, now live on Sui Mainnet as of September 3, 2025, addresses this by pairing on-chain policy logic with decentralized key management so that Web3 builders can decide exactly who gets to decrypt which payloads.

TL;DR​

• What it is: Seal is a secrets-management network that lets Sui smart contracts enforce decryption policies on-chain while clients encrypt data with identity-based encryption (IBE) and rely on threshold key servers for key derivation.
• Why it matters: Instead of custom backends or opaque off-chain scripts, privacy and access control become first-class Move primitives. Builders can store ciphertexts anywhere—Walrus is the natural companion—but still gate who can read.
• Who benefits: Teams shipping token-gated media, time-locked reveals, private messaging, or policy-aware AI agents can plug into Seal’s SDK and focus on product logic, not bespoke crypto plumbing.

Policy Logic Lives in Move​

Seal packages come with seal_approve* Move functions that define who can request keys for a given identity string and under which conditions. Policies can mix NFT ownership, allowlists, time locks, or custom role systems. When a user or agent asks to decrypt, key servers evaluate these policies via Sui full-node state and only approve if the chain agrees.

Because the access rules are part of your on-chain package, they are transparent, auditable, and versionable alongside the rest of your smart contract code. Governance updates can be rolled out like any other Move upgrade, with community review and on-chain history.

Threshold Cryptography Handles the Keys​

Seal encrypts data to application-defined identities. A committee of independent key servers—chosen by the developer—shares the IBE master secret. When a policy check passes, each server derives a key share for the requested identity. Once a quorum of t servers responds, the client combines the shares into a usable decryption key.

You get to set the trade-off between liveness and confidentiality by picking committee members (Ruby Nodes, NodeInfra, Overclock, Studio Mirai, H2O Nodes, Triton One, or Mysten’s Enoki service) and selecting the threshold. Need stronger availability? Choose a larger committee with a lower threshold. Want higher privacy assurances? Tighten the quorum and lean on permissioned providers.

Developer Experience: SDKs and Session Keys​

Seal ships a TypeScript SDK (npm i @mysten/seal) that handles encrypt/decrypt flows, identity formatting, and batching. It also issues session keys so wallets are not constantly spammed with prompts when an app needs repeated access. For advanced workflows, Move contracts can request on-chain decryption via specialized modes, allowing logic like escrow reveals or MEV-resistant auctions to run directly in smart contract code.

Because Seal is storage-agnostic, teams can pair it with Walrus for verifiable blob storage, with IPFS, or even with centralized stores when that fits operational realities. The encryption boundary—and its policy enforcement—travels with the data regardless of where the ciphertext lives.

Designing with Seal: Best Practices​

• Model availability risk: Thresholds such as 2-of-3 or 3-of-5 map directly to uptime guarantees. Production deployments should mix providers, monitor telemetry, and negotiate SLAs before entrusting critical workflows.
• Be mindful of state variance: Policy evaluation depends on full nodes performing dry_run calls. Avoid rules that hinge on rapidly changing counters or intra-checkpoint ordering to prevent inconsistent approvals across servers.
• Plan for key hygiene: Derived keys live on the client. Instrument logging, rotate session keys, and consider envelope encryption—use Seal to protect a symmetric key that encrypts the larger payload—to limit blast radius if a device is compromised.
• Architect for rotation: A ciphertext’s committee is fixed at encryption time. Build upgrade paths that re-encrypt data through new committees when you need to swap providers or adjust trust assumptions.

What Comes Next​

Seal’s roadmap points toward validator-operated MPC servers, DRM-style client tooling, and post-quantum KEM options. For builders exploring AI agents, premium content, or regulated data flows, today’s release already provides a clear blueprint: encode your policy in Move, compose a diverse key committee, and deliver encrypted experiences that respect user privacy without leaving Sui’s trust boundary.

If you are considering Seal for your next launch, start by prototyping a simple NFT-gated policy with a 2-of-3 open committee, then iterate toward the provider mix and operational controls that match your app’s risk profile.

Imagine a world where users can interact with your dApp seamlessly, without needing to hold any native tokens (SUI). This is no longer a distant dream. With Sui's Gas Station (also known as a Paymaster), developers can cover gas fees on behalf of their users, completely removing one of the biggest barriers for new entrants to Web3 and enabling a truly frictionless on-chain experience.

This article provides a complete guide to upgrading your dApp to be gas-less. We'll dive deep into the core concepts of the Sui Paymaster, its architecture, implementation patterns, and best practices.

1. Background and Core Concepts: What is a Sponsored Transaction?​

In the world of blockchain, every transaction requires a network fee, or "gas." For users accustomed to the seamless experiences of Web2, this is a significant cognitive and operational hurdle. Sui addresses this challenge at the protocol level with Sponsored Transactions.

The core idea is simple: allow one party (the Sponsor) to pay the SUI gas fees for another party's (the User) transaction. This way, even if a user has zero SUI in their wallet, they can still successfully initiate on-chain actions.

Paymaster ≈ Gas Station​

In the Sui ecosystem, the logic for sponsoring transactions is typically handled by an off-chain or on-chain service called a Gas Station or Paymaster. Its primary responsibilities include:

1. Evaluating the Transaction: It receives a user's gas-less transaction data (GasLessTransactionData).
2. Providing Gas: It locks and allocates the necessary gas fee for the transaction. This is usually managed through a gas pool composed of many SUI Coin objects.
3. Generating a Sponsor Signature: After approving the sponsorship, the Gas Station signs the transaction with its private key (SponsorSig), certifying its willingness to pay the fee.
4. Returning the Signed Transaction: It sends back the TransactionData, which now includes the gas data and the sponsor's signature, to await the user's final signature.

In short, a Gas Station acts as a refueling service for your dApp's users, ensuring their "vehicles" (transactions) can travel smoothly on the Sui network.

2. High-Level Architecture and Interaction Flow​

A typical gas-less transaction involves coordination between the user, the dApp frontend, the Gas Station, and a Sui Full Node. The interaction sequence is as follows:

Flow Breakdown:

1. The User performs an action in the dApp UI, which constructs a transaction data package without any gas information.
2. The dApp sends this data to its designated Gas Station to request sponsorship.
3. The Gas Station verifies the request's validity (e.g., checks if the user is eligible for sponsorship), then populates the transaction with a Gas Coin and its signature, returning the semi-complete transaction to the dApp.
4. The User sees the full transaction details in their wallet (e.g., "Purchase one NFT") and provides the final signature. This is a crucial step that ensures the user maintains consent and control over their actions.
5. The dApp broadcasts the complete transaction, containing both the user's and the sponsor's signatures, to a Sui Full Node.
6. After the transaction is finalized on-chain, the Gas Station can confirm this by listening for on-chain events or receipts, then notify the dApp backend via a webhook to close the loop on the business process.

3. Three Core Interaction Models​

You can use the following three interaction models individually or in combination to suit your business needs.

Model 1: User-Initiated → Sponsor-Approved (Most Common)​

This is the standard model, suitable for the vast majority of in-dApp interactions.

1. User constructs GasLessTransactionData: The user performs an action within the dApp.
2. Sponsor adds GasData and signs: The dApp backend sends the transaction to the Gas Station, which approves it, attaches a Gas Coin, and adds its signature.
3. User reviews and gives final signature: The user confirms the final transaction details in their wallet and signs it. The dApp then submits it to the network.

This model strikes an excellent balance between security and user experience.

Model 2: Sponsor-Initiated Airdrops/Incentives​

This model is perfect for airdrops, user incentives, or batch asset distributions.

1. Sponsor pre-fills TransactionData + signs: The Sponsor (typically the project team) pre-constructs most of the transaction (e.g., airdropping an NFT to a specific address) and attaches its sponsorship signature.
2. User's second signature makes it effective: The user only needs to sign this "pre-approved" transaction once for it to be executed.

This creates an extremely smooth user experience. With just one click to confirm, users can claim rewards or complete tasks, dramatically increasing the conversion rates of marketing campaigns.

Model 3: Wildcard GasData (Credit Line Model)​

This is a more flexible and permission-based model.

1. Sponsor transfers a GasData object: The Sponsor first creates one or more Gas Coin objects with a specific budget and transfers ownership directly to the user.
2. User spends freely within the budget: The user can then freely use these Gas Coins to pay for any transactions they initiate within the budget's limits and validity period.
3. Gas Coin is returned: Once depleted or expired, the Gas Coin object can be designed to be automatically destroyed or returned to the Sponsor.

This model is equivalent to giving the user a limited-time, limited-budget "gas fee credit card," suitable for scenarios requiring a high degree of user autonomy, such as offering a free-to-play experience during a game season.

4. Typical Application Scenarios​

The power of the Sui Paymaster lies not just in solving the gas fee problem, but also in its ability to deeply integrate with business logic to create new possibilities.

Scenario 1: Paywalls​

Many content platforms or dApp services require users to meet certain criteria (e.g., hold a VIP NFT, reach a certain membership level) to access features. The Paymaster can implement this logic perfectly.

• Flow: A user requests an action → the dApp backend verifies the user's qualifications (e.g., NFT ownership) → if eligible, it calls the Paymaster to sponsor the gas fee; if not, it simply denies the signing request.
• Advantage: This model is inherently resistant to bots and abuse. Since the sponsorship decision is made on the backend, malicious users cannot bypass the qualification check to drain gas funds.

Scenario 2: One-Click Checkout​

In e-commerce or in-game purchase scenarios, simplifying the payment process is critical.

• Flow: The user clicks "Buy Now" on a checkout page. The dApp constructs a transaction that includes the business logic (e.g., transfer_nft_to_user). The user only needs to sign to approve the business transaction in their wallet, without worrying about gas. The gas fee is covered by the dApp's Sponsor.
• Advantage: You can encode business parameters like an order_id directly into the ProgrammableTransactionBlock, enabling precise on-chain attribution for backend orders.

Scenario 3: Data Attribution​

Accurate data tracking is fundamental to business optimization.

• Flow: When constructing the transaction, write a unique identifier (like an order_hash) into the transaction's parameters or into an event that will be emitted upon execution.
• Advantage: When the Gas Station receives the on-chain receipt for a successful transaction, it can easily extract this order_hash by parsing the event or transaction data. This allows for a precise mapping between on-chain state changes and specific backend orders or user actions.

5. Code Skeleton (Based on the Rust SDK)​

Here is a simplified code snippet demonstrating the core interaction steps.

// Assume tx_builder, sponsor, and wallet have been initialized

// Step 1: On the user or dApp side, construct a gas-less transaction
let gasless_transaction_data = tx_builder.build_gasless_transaction_data(false)?;

// Step 2: On the Sponsor (Gas Station) side, receive the gasless_transaction_data,
// fill it with a Gas Coin, and return the transaction data with the Sponsor's signature.
// The sponsor_transaction_block function handles gas allocation and signing internally.
let sponsored_transaction = sponsor.sponsor_transaction_block(gasless_transaction_data, user_address, gas_budget)?;

// Step 3: The dApp sends the sponsored_transaction back to the user,
// who signs and executes it with their wallet.
let response = wallet.sign_and_execute_transaction_block(&sponsored_transaction)?;

For a complete implementation, refer to the official Sui documentation's Gas Station Tutorial which offer out-of-the-box code examples.

6. Risks and Protection​

While powerful, deploying a Gas Station in a production environment requires careful consideration of the following risks:

• Equivocation (Double-Spending): A malicious user might try to use the same Gas Coin for multiple transactions in parallel, which would cause the Gas Coin to be locked by the Sui network. This can be effectively mitigated by assigning a unique Gas Coin per user or transaction, maintaining a blacklist, and rate-limiting signing requests.
• Gas Pool Management: In high-concurrency scenarios, a single large-value Gas Coin can become a performance bottleneck. The Gas Station service must be capable of automatically splitting large SUI Coins into many smaller-value Gas Coins and efficiently reclaiming them after use. Professional Gas Station providers like Shinami offer mature, managed solutions for this.
• Authorization and Rate Limiting: You must establish strict authorization and rate-limiting policies. For instance, manage sponsorship limits and frequencies based on user IP, wallet address, or API tokens to prevent the service from being drained by malicious actors.

7. Ecosystem Tools​

The Sui ecosystem already offers a rich set of tools to simplify Paymaster development and deployment:

• Official SDKs (Rust/TypeScript): Include high-level APIs like sponsor_transaction_block(), significantly reducing integration complexity.
• Shinami Gas Station: Provides an all-in-one managed service, including automated Gas Coin splitting/reclaiming, detailed metrics monitoring, and webhook notifications, allowing developers to focus on business logic.
• Enoki / Mysten Demos: The community and Mysten Labs also provide open-source Paymaster implementations that can be used as a reference for building your own service.

8. Implementation Checklist​

Ready to upgrade your dApp to the gas-less era? Go through this checklist before you start:

• Plan Your Funding Flow: Define the Sponsor's funding source, budget, and replenishment strategy. Set up monitoring and alerts for key metrics (e.g., gas pool balance, consumption rate).
• Reserve Attribution Fields: When designing your transaction parameters, be sure to reserve fields for business identifiers like order_id or user_id.
• Deploy Anti-Abuse Policies: You must implement strict authorization, rate-limiting, and logging mechanisms before going live.
• Rehearse on Testnet: Whether building your own service or integrating a third-party Gas Station, always conduct thorough concurrency and stress testing on a testnet or devnet first.
• Continuously Optimize: After launch, continuously track transaction success rates, failure reasons, and gas costs. Fine-tune your budget and strategies based on the data.

Conclusion​

The Sui Paymaster (Gas Station) is more than just a tool for covering user gas fees. It's a powerful paradigm that elegantly combines a "zero SUI on-chain" user experience with the business need for "order-level on-chain attribution" within a single, atomic transaction. It paves the way for Web2 users to enter Web3 and provides developers with unprecedented flexibility for business customization.

With an increasingly mature ecosystem of tools and the current low gas costs on the Sui network, there has never been a better time to upgrade your dApp's payment and interaction flows to the gas-less era.

We're happy to announce the launch of SUI token staking on BlockEden.xyz! Starting today, you can stake your SUI tokens directly through our platform and earn a $2.08% APY while supporting the security and decentralization of the SUI network.

What's New: A Seamless SUI Staking Experience​

Our new staking feature brings institutional-grade staking to everyone with a simple, intuitive interface that makes earning rewards effortless.

Key Features​

One-Click Staking Staking SUI has never been easier. Simply connect your Suisplash wallet, enter the amount of SUI you wish to stake, and approve the transaction. You'll start earning rewards almost immediately without any complex procedures.

Competitive Rewards Earn a competitive $2.08% APY on your staked SUI. Our $8% commission fee is transparent, ensuring you know exactly what to expect. Rewards are distributed daily upon the completion of each epoch.

Trusted Validator Join a growing community that has already staked over 22 million SUI with the BlockEden.xyz validator. We have a proven track record of reliable validation services, supported by enterprise-grade infrastructure that ensures $99.9% uptime.

Flexible Management Your assets remain flexible. Staking is instant, meaning your rewards begin to accumulate right away. Should you need to access your funds, you can initiate the unstaking process at any time. Your SUI will be available after the standard SUI network unbonding period of 24-48 hours. You can track your stakes and rewards in real-time through our dashboard.

Why Stake SUI with BlockEden.xyz?​

Choosing a validator is a critical decision. Here’s why BlockEden.xyz is a sound choice for your staking needs.

Reliability You Can Trust​

BlockEden.xyz has been a cornerstone of blockchain infrastructure since our inception. Our validator infrastructure powers enterprise applications and has maintained exceptional uptime across multiple networks, ensuring consistent reward generation.

Transparent & Fair​

We believe in complete transparency. There are no hidden fees—just a clear $8% commission on the rewards you earn. You can monitor your staking performance with real-time reporting and verify our validator's activity on-chain.

• Open Validator Address: 0x3b5664bb0f8bb4a8be77f108180a9603e154711ab866de83c8344ae1f3ed4695

Seamless Integration​

Our platform is designed for simplicity. There's no need to create an account; you can stake directly from your wallet. The experience is optimized for the Suisplash wallet, and our clean, intuitive interface is built for both beginners and experts.

How to Get Started​

Getting started with SUI staking on BlockEden.xyz takes less than two minutes.

Step 1: Visit the Staking Page​

Navigate to blockeden.xyz/dash/stake. You can begin the process immediately without any account registration.

Step 2: Connect Your Wallet​

If you don't have it already, install the Suisplash wallet. Click the "Connect Wallet" button on our staking page and approve the connection in the wallet extension. Your SUI balance will be displayed automatically.

Step 3: Choose Your Stake Amount​

Enter the amount of SUI you want to stake (minimum 1 SUI). You can use the "MAX" button to conveniently stake your entire available balance, leaving a small amount for gas fees. A summary will show your stake amount and estimated annual rewards.

Step 4: Confirm & Start Earning​

Click "Stake SUI" and approve the final transaction in your wallet. Your new stake will appear on the dashboard in real-time, and you will begin accumulating rewards immediately.

Staking Economics: What You Need to Know​

Understanding the mechanics of staking is key to managing your assets effectively.

Reward Structure​

• Base APY: \$2.08% annually
• Reward Frequency: Distributed every epoch (approximately 24 hours)
• Commission: \$8% of earned rewards
• Compounding: Rewards are added to your wallet and can be re-staked to achieve compound growth.

Example Earnings​

Here is a straightforward breakdown of potential earnings based on a \$2.08% APY, after the `$8% commission fee.

Note: These are estimates. Actual rewards may vary based on network conditions.

Risk Considerations​

Staking involves certain risks that you should be aware of:

• Unbonding Period: When you unstake, your SUI is subject to a 24-48 hour unbonding period where it is inaccessible and does not earn rewards.
• Validator Risk: While we maintain high standards, any validator carries operational risks. Choosing a reputable validator like BlockEden.xyz is important.
• Network Risk: Staking is a form of network participation and is subject to the inherent risks of the underlying blockchain protocol.
• Market Risk: The market value of the SUI token can fluctuate, which will affect the total value of your staked assets.

Technical Excellence​

Enterprise Infrastructure​

Our validator nodes are built on a foundation of technical excellence. We utilize redundant systems distributed across multiple geographic regions to ensure high availability. Our infrastructure is under 24/7 monitoring with automated failover capabilities, and a professional operations team manages the system around the clock. We also conduct regular security audits and compliance checks.

Open Source & Transparency​

We are committed to the principles of open source. Our staking integration is built to be transparent, allowing users to inspect the underlying processes. Real-time metrics are publicly available on SUI network explorers, and our fee structure is completely open with no hidden costs. We also actively participate in community governance to support the SUI ecosystem.

Supporting the SUI Ecosystem​

By staking with BlockEden.xyz, you're doing more than just earning rewards. You are actively contributing to the health and growth of the entire SUI network.

• Network Security: Your stake adds to the total amount securing the SUI network, making it more robust against potential attacks.
• Decentralization: Supporting independent validators like BlockEden.xyz enhances the network's resilience and prevents centralization.
• Ecosystem Growth: The commission fees we earn are reinvested into maintaining and developing critical infrastructure.
• Innovation: Revenue supports our research and development of new tools and services for the blockchain community.

Security & Best Practices​

Please prioritize the security of your assets.

Wallet Security​

• Never share your private keys or seed phrase with anyone.
• Use a hardware wallet for storing and staking large amounts.
• Always verify transaction details in your wallet before signing.
• Keep your wallet software updated to the latest version.

Staking Safety​

• If you are new to staking, start with a small amount to familiarize yourself with the process.
• Consider diversifying your stake across multiple reputable validators to reduce risk.
• Regularly monitor your staked assets and rewards.
• Ensure you understand the unbonding period before you commit your funds.

Join the Future of SUI Staking​

The launch of SUI staking on BlockEden.xyz is more than a new feature; it's a gateway to active participation in the decentralized economy. Whether you're an experienced DeFi user or just beginning your journey, our platform provides a simple and secure way to earn rewards while contributing to the future of the SUI network.

Ready to start earning?

Visit blockeden.xyz/dash/stake and stake your first SUI tokens today!

About BlockEden.xyz​

BlockEden.xyz is a leading blockchain infrastructure provider offering reliable, scalable, and secure services to developers, enterprises, and the broader Web3 community. From API services to validator operations, we're committed to building the foundation for a decentralized future.

• Founded: 2021
• Networks Supported: 15+ blockchain networks
• Enterprise Clients: 500+ companies worldwide
• Total Value Secured: $100M+ across all networks

Follow us on Twitter, join our Discord, and explore our full suite of services at BlockEden.xyz.

Disclaimer: This blog post is for informational purposes only and does not constitute financial advice. Cryptocurrency staking involves risks, including the potential loss of principal. Please conduct your own research and consider your risk tolerance before staking.

Introduction​

Announced for public launch on May 3rd, 2023, after an extensive three-wave testnet, the Sui blockchain introduced an innovative gas pricing system designed to benefit both users and validators. At its heart is the Reference Gas Price (RGP), a network-wide baseline gas fee that validators agree upon at the start of each epoch (approximately 24 hours).

This system aims to create a mutually beneficial ecosystem for SUI token holders, validators, and end-users by providing low, predictable transaction costs while simultaneously rewarding validators for performant and reliable behavior. This report provides a deep dive into how the RGP is determined, the calculations validators perform, its impact on the network economy, its evolution through governance, and how it compares to other blockchain gas models.

The Reference Gas Price (RGP) Mechanism​

Sui’s RGP is not a static value but is re-established each epoch through a dynamic, validator-driven process.

• The Gas Price Survey: At the beginning of each epoch, every validator submits their "reservation price"—the minimum gas price they are willing to accept for processing transactions. The protocol then orders these submissions by stake and sets the RGP for that epoch at the stake-weighted 2/3 percentile. This design ensures that validators representing a supermajority (at least two-thirds) of the total stake are willing to process transactions at this price, guaranteeing a reliable level of service.

• Update Cadence and Requirements: While the RGP is set each epoch, validators are required to actively manage their quotes. According to official guidance, validators must update their gas price quote at least once a week. Furthermore, if there is a significant change in the value of the SUI token, such as a fluctuation of 20% or more, validators must update their quote immediately to ensure the RGP accurately reflects current market conditions.

• The Tallying Rule and Reward Distribution: To ensure validators honor the agreed-upon RGP, Sui employs a "tallying rule." Throughout an epoch, validators monitor each other’s performance, tracking whether their peers are promptly processing RGP-priced transactions. This monitoring results in a performance score for each validator. At the end of the epoch, these scores are used to calculate a reward multiplier that adjusts each validator's share of the stake rewards.

  • Validators who performed well receive a multiplier of ≥1, boosting their rewards.
  • Validators who stalled, delayed, or failed to process transactions at the RGP receive a multiplier of <1, effectively slashing a portion of their earnings.

This two-part system creates a powerful incentive structure. It discourages validators from quoting an unrealistically low price they can't support, as the financial penalty for underperformance would be severe. Instead, validators are motivated to submit the lowest price they can sustainably and efficiently handle.

Validator Operations: Calculating the Gas Price Quote​

From a validator's perspective, setting the RGP quote is a critical operational task that directly impacts profitability. It requires building data pipelines and automation layers to process a number of inputs from both on-chain and off-chain sources. Key inputs include:

• Gas units executed per epoch
• Staking rewards and subsidies per epoch
• Storage fund contributions
• The market price of the SUI token
• Operational expenses (hardware, cloud hosting, maintenance)

The goal is to calculate a quote that ensures net rewards are positive. The process involves several key formulas:

1. Calculate Total Operational Cost: This determines the validator's expenses in fiat currency for a given epoch.

   $$\text{Cost}_{\text{epoch}} = (\text{Total Gas Units Executed}_{\text{epoch}}) \times (\text{Cost in USD per Gas Unit}_{\text{epoch}})$$

2. Calculate Total Rewards: This determines the validator's total revenue in fiat currency, sourced from both protocol subsidies and transaction fees.

   $$\text{USD Rewards}_{\text{epoch}} = (\text{Total Stake Rewards in SUI}_{\text{epoch}}) \times (\text{SUI Token Price})$$

   Where Total Stake Rewards is the sum of any protocol-provided Stake Subsidies and the Gas Fees collected from transactions.

3. Calculate Net Rewards: This is the ultimate measure of profitability for a validator.

   $$\text{USD Net Rewards}_{\text{epoch}} = \text{USD Rewards}_{\text{epoch}} - \text{USD Cost}_{\text{epoch}}$$

   By modeling their expected costs and rewards at different RGP levels, validators can determine an optimal quote to submit to the Gas Price Survey.

Upon mainnet launch, Sui set the initial RGP to a fixed 1,000 MIST (1 SUI = 10⁹ MIST) for the first one to two weeks. This provided a stable operating period for validators to gather sufficient network activity data and establish their calculation processes before the dynamic survey mechanism took full effect.

Impact on the Sui Ecosystem​

The RGP mechanism profoundly shapes the economics and user experience of the entire network.

• For Users: Predictable and Stable Fees: The RGP acts as a credible anchor for users. The gas fee for a transaction follows a simple formula: User Gas Price = RGP + Tip. In normal conditions, no tip is needed. During network congestion, users can add a tip to gain priority, creating a fee market without altering the stable base price within the epoch. This model provides significantly more fee stability than systems where the base fee changes with every block.

• For Validators: A Race to Efficiency: The system fosters healthy competition. Validators are incentivized to lower their operating costs (through hardware and software optimization) to be able to quote a lower RGP profitably. This "race to efficiency" benefits the entire network by driving down transaction costs. The mechanism also pushes validators toward balanced profit margins; quoting too high risks being priced out of the RGP calculation, while quoting too low leads to operational losses and performance penalties.

• For the Network: Decentralization and Sustainability: The RGP mechanism helps secure the network's long-term health. The "threat of entry" from new, more efficient validators prevents existing validators from colluding to keep prices high. Furthermore, by adjusting their quotes based on the SUI token's market price, validators collectively ensure their operations remain sustainable in real-world terms, insulating the network's fee economy from token price volatility.

Governance and System Evolution: SIP-45​

Sui's gas mechanism is not static and evolves through governance. A prominent example is SIP-45 (Prioritized Transaction Submission), which was proposed to refine fee-based prioritization.

• Issue Addressed: Analysis showed that simply paying a high gas price did not always guarantee faster transaction inclusion.
• Proposed Changes: The proposal included increasing the maximum allowable gas price and introducing an "amplified broadcast" for transactions paying significantly above the RGP (e.g., ≥5x RGP), ensuring they are rapidly disseminated across the network for priority inclusion.

This demonstrates a commitment to iterating on the gas model based on empirical data to improve its effectiveness.

Comparison with Other Blockchain Gas Models​

Sui's RGP model is unique, especially when contrasted with Ethereum's EIP-1559.

Potential Criticisms and Challenges​

Despite its innovative design, the RGP mechanism faces potential challenges:

• Complexity: The system of surveys, tallying rules, and off-chain calculations is intricate and may present a learning curve for new validators.
• Slow Reaction to Spikes: The RGP is fixed for an epoch and cannot react to sudden, mid-epoch demand surges, which could lead to temporary congestion until users begin adding tips.
• Potential for Collusion: In theory, validators could collude to set a high RGP. This risk is primarily mitigated by the competitive nature of the permissionless validator set.
• No Fee Burn: Unlike Ethereum, Sui recycles all gas fees to validators and the storage fund. This rewards network operators but does not create deflationary pressure on the SUI token, a feature some token holders value.

Frequently Asked Questions (FAQ)​

Why stake SUI? Staking SUI secures the network and earns rewards. Initially, these rewards are heavily subsidized by the Sui Foundation to compensate for low network activity. These subsidies decrease by 10% every 90 days, with the expectation that rewards from transaction fees will grow to become the primary source of yield. Staked SUI also grants voting rights in on-chain governance.

Can my staked SUI be slashed? Yes. While parameters are still being finalized, "Tally Rule Slashing" applies. A validator who receives a zero performance score from 2/3 of its peers (due to low performance, malicious behavior, etc.) will have its rewards slashed by a to-be-determined amount. Stakers can also miss out on rewards if their chosen validator has downtime or quotes a suboptimal RGP.

Are staking rewards automatically compounded? Yes, staking rewards on Sui are automatically distributed and re-staked (compounded) every epoch. To access rewards, you must explicitly unstake them.

What is the Sui unbonding period? Initially, stakers can unbond their tokens immediately. An unbonding period where tokens are locked for a set time after unstaking is expected to be implemented and will be subject to governance.

Do I maintain custody of my SUI tokens when staking? Yes. When you stake SUI, you delegate your stake but remain in full control of your tokens. You never transfer custody to the validator.

How to drop wallet friction, keep users flowing, and forecast the upside

What if your Web3 app had the same seamless sign-up flow as a modern Web2 service? That's the core promise of zkLogin on the Sui blockchain. It functions like OAuth for Sui, letting users sign in with familiar accounts from Google, Apple, X, and more. A zero-knowledge proof then securely links that Web2 identity to an on-chain Sui address—no wallet pop-ups, no seed phrases, no user churn.

The impact is real and immediate. With hundreds of thousands of zkLogin accounts already live, case studies report massive gains in user conversion, jumping from a dismal 17% to a healthy 42% after removing traditional wallet barriers. Let's break down how it works and what it can do for your project.

Why Wallets Kill First‑Time Conversion​

You've built a groundbreaking dApp, but your user acquisition funnel is leaking. The culprit is almost always the same: the "Connect Wallet" button. Standard Web3 onboarding is a maze of extension installations, seed phrase warnings, and crypto-jargon quizzes.

It’s a massive barrier for newcomers. UX researchers observed a staggering 87% drop-off the moment a wallet prompt appeared. In a telling experiment, simply re-routing that prompt to a later stage in the checkout process flipped the completion rate to 94%. Even for crypto-curious users, the primary fear is, “I might lose my funds if I click the wrong button.” Removing that single, intimidating step is the key to unlocking exponential growth.

How zkLogin Works (in Plain English)​

zkLogin elegantly sidesteps the wallet problem by using technologies every internet user already trusts. The magic happens behind the scenes in a few quick steps:

1. Ephemeral Key Pair: When a user wants to sign in, a temporary, single-session key pair is generated locally in their browser. Think of it as a temporary passkey, valid only for this session.
2. OAuth Dance: The user signs in with their Google, Apple, or other social account. Your app cleverly embeds a unique value (nonce) into this login request.
3. ZKP Service: After a successful login, a ZKP (Zero-Knowledge Proof) service generates a cryptographic proof. This proof confirms, "This OAuth token authorizes the owner of the temporary passkey," without ever revealing the user's personal identity on-chain.
4. Derive Address: The user's JWT (JSON Web Token) from the OAuth provider is combined with a unique salt to deterministically generate their permanent Sui address. The salt is kept private, either client-side or in a secure backend.
5. Submit Transaction: Your app signs transactions with the temporary key and attaches the ZK proof. Sui validators verify the proof on-chain, confirming the transaction's legitimacy without the user ever needing a traditional wallet.

Step‑by‑Step Integration Guide​

Ready to implement this? Here’s a quick guide using the TypeScript SDK. The principles are identical for Rust or Python.

1. Install SDK​

The @mysten/sui package includes all the zklogin helpers you'll need.

pnpm add @mysten/sui

2. Generate Keys & Nonce​

First, create an ephemeral keypair and a nonce tied to the current epoch on the Sui network.

const keypair = new Ed25519Keypair();
const { epoch } = await suiClient.getLatestSuiSystemState();
const nonce = generateNonce(keypair.getPublicKey(), Number(epoch) + 2, generateRandomness());

3. Redirect to OAuth​

Construct the appropriate OAuth login URL for the provider you're using (e.g., Google, Facebook, Apple) and redirect the user.

4. Decode JWT & Fetch User Salt​

After the user logs in and is redirected back, grab the id_token from the URL. Use it to fetch the user-specific salt from your backend, then derive their Sui address.

const jwt = new URLSearchParams(window.location.search).get('id_token')!;
const salt = await fetch('/api/salt?jwt=' + jwt).then(r => r.text());
const address = jwtToAddress(jwt, salt);

5. Request ZK Proof​

Send the JWT to a prover service to get the ZK proof. For development, you can use Mysten’s public prover. In production, you should host your own or use a service like Enoki.

const proof = await fetch('/api/prove', {
  method:'POST',
  body: JSON.stringify({ jwt, ... })
}).then(r => r.json());

6. Sign & Send​

Now, build your transaction, set the sender to the user's zkLogin address, and execute it. The SDK handles attaching the zkLoginInputs (the proof) automatically. ✨

const tx = new TransactionBlock();
tx.moveCall({ target:'0x2::example::touch_grass' }); // Any Move call
tx.setSender(address);
tx.setGasBudget(5_000_000);

await suiClient.signAndExecuteTransactionBlock({
  transactionBlock: tx,
  zkLoginInputs: proof // The magic happens here
});

7. Persist Session​

For a smoother user experience, encrypt and store the keypair and salt in IndexedDB or local storage. Remember to rotate them every few epochs for enhanced security.

KPI Projection Template​

The difference zkLogin makes isn't just qualitative; it's quantifiable. Compare a typical onboarding funnel with a zkLogin-powered one:

👉 What this means: For a campaign driving 10,000 unique visitors, that's the difference between 300 first-day on-chain actions and over 2,500.

Best Practices & Gotchas​

To create an even more seamless experience, keep these pro-tips in mind:

• Use Sponsored Transactions: Pay for your users' first few transaction fees. This removes all friction and delivers an incredible "aha" moment.
• Handle Salts Carefully: Changing a user's salt will generate a new address. Only do this if you control a reliable recovery path for them.
• Expose the Sui Address: After signup, show users their on-chain address. This empowers advanced users to import it into a traditional wallet later if they choose.
• Prevent Refresh Loops: Cache the JWT and ephemeral keypair until they expire to avoid asking the user to log in repeatedly.
• Monitor Prover Latency: Keep an eye on the proof-generation round-trip time. If it exceeds 2 seconds, consider hosting a regional prover to keep things snappy.

Where BlockEden.xyz Adds Value​

While zkLogin perfects the user-facing flow, scaling it introduces new backend challenges. That's where BlockEden.xyz comes in.

• API Layer: Our high-throughput, geo-routed RPC nodes ensure your zkLogin transactions are processed with minimal latency, regardless of user location.
• Observability: Get out-of-the-box dashboards to track key metrics like proof latency, success/fail ratios, and your conversion funnel's health.
• Compliance: For apps that bridge into fiat, our optional KYC module provides a compliant on-ramp directly from the user's verified identity.

Ready to Ship?​

The era of clunky, intimidating wallet flows is over. Spin up a zkLogin sandbox, plug in BlockEden’s full-node endpoint, and watch your sign-up graph bend upward—while your users never even have to hear the word “wallet.” 😉

1. Liquidity and Growth of Sui DeFi​

Figure: Sui’s DeFi TVL (blue line) and DEX volume (green bars) grew dramatically through Q2 2025.

Total Value Locked (TVL) Surge: The Sui network’s DeFi liquidity has grown explosively over the past year. From roughly $600M TVL in late 2024, Sui’s TVL rocketed to over $2 billion by mid-2025. In fact, Sui peaked at about $2.55B TVL on May 21, 2025 and sustained well above $2B for much of Q2. This ~300%+ increase (a 480% year-over-year rise from May 2023) firmly positions Sui among the top 10 blockchains by DeFi TVL, outpacing growth on networks like Solana. Major catalysts included institutional adoption and the integration of native USDC stablecoin support, which together attracted large capital inflows. Notably, Sui’s monthly DEX trading volumes have climbed into the top tier of all chains – exceeding $7–8 billion per month by mid-2025 (ranking ~8th industry-wide). The circulating stablecoin liquidity on Sui surpassed $1 billion in mid-2025, after growing 180% since the start of the year, indicating deepening on-chain liquidity. Cross-chain capital is flowing in as well; around $2.7B of assets have been bridged into Sui’s ecosystem, including Bitcoin liquidity (details below). This rapid growth trend underscores a year of net inflows and user expansion for Sui DeFi.

Major DEXs and Liquidity Providers: Decentralized exchanges form the backbone of Sui’s DeFi liquidity. The Cetus protocol – an automated market maker (AMM) and aggregator – has been a flagship DEX, offering stablecoin swaps and concentrated liquidity pools. Cetus consistently leads in volume (facilitating $12.8B+ in trades during Q2 2025 alone) while holding around $80M TVL. Another key player is Bluefin, a multi-faceted DEX that operates both a spot AMM and a perpetual futures exchange. Bluefin expanded its offerings in 2025 with innovative features: it introduced BluefinX, Sui’s first RFQ (request-for-quote) system for improved price execution, and even integrated high-frequency trading optimizations to narrow the gap between DEX and CEX performance. By Q2, Bluefin’s AMM held about $91M TVL and saw over $7.1B in quarterly spot volume. Momentum is another rising DEX – it launched a concentrated liquidity market maker (CLMM) that quickly amassed $107M in liquidity and generated ~$4.6B in trading volume shortly after launch. Sui’s DEX sector also includes MovEX (a hybrid AMM + order-book exchange) and Turbos (an early CLMM adopter), among others, each contributing to the diverse liquidity landscape. Notably, Sui supports a native on-chain central limit order book called DeepBook, co-developed with MovEX, which provides shared order-book liquidity to any Sui dApp. This combination of AMMs, aggregators, and an on-chain CLOB gives Sui one of the more robust DEX ecosystems in DeFi.

Lending Markets and Yield Protocols: Sui’s lending and borrowing platforms have attracted significant capital, making up a large share of the TVL. The Suilend protocol stands out as Sui’s largest DeFi platform, with roughly $700M+ in TVL by Q2 2025 (having crossed the $1B mark in early 2025). Suilend is an expansion of Solana’s Solend, brought to Sui’s Move runtime, and it quickly became the flagship money-market on Sui. It offers deposit and collateralized borrowing services for assets like SUI and USDC, and has innovated by launching companion products – for example, SpringSui (a liquid staking module) and STEAMM, an AMM that enables “superfluid” use of liquidity within the platform. By gamifying user engagement (through point campaigns and NFTs) and issuing a governance token $SEND with revenue-sharing, Suilend drove rapid adoption – reporting over 50,000 monthly active wallets by mid-2025. Close behind Suilend is Navi Protocol (also referred to as Astros), which similarly reached on the order of $600–700M TVL in its lending pools. Navi sets itself apart by blending lending markets with yield strategies and even Bitcoin DeFi integration: for example, Navi facilitated a campaign for users to stake xBTC (a BTC proxy on Sui) via the OKX Wallet, incentivizing Bitcoin holders to participate in Sui yield opportunities. Other notable lending platforms include Scallop (~$146M TVL) and AlphaLend (~$137M), which together indicate a competitive market for borrowing and lending on Sui. Yield aggregation has also started to take hold – protocols like AlphaFi and Kai Finance each manage tens of millions in assets (e.g. ~$40M TVL) to optimize yield across Sui farms. Though smaller in scale, these yield optimizers and structured products (e.g. MovEX’s structured yield vaults) add depth to Sui’s DeFi offerings by helping users maximize returns from the growing liquidity base.

Liquid Staking and Derivatives: In parallel, Sui’s liquid staking derivatives (LSDs) and derivative trading platforms represent an important slice of the ecosystem’s liquidity. Because Sui is a proof-of-stake chain, protocols like SpringSui, Haedal, and Volo have introduced tokens that wrap staked SUI, allowing stakers to remain liquid. SpringSui – launched by the Suilend team – quickly became the dominant LSD, holding about $189M in staked SUI by end of Q2. Together with Haedal ($150M) and others, Sui’s LSD platforms give users the ability to earn validator rewards while redeploying staking tokens into DeFi (for example, using staked-SUI as lending collateral or in yield farms). On the derivatives front, Sui now hosts multiple on-chain perpetual futures exchanges. We’ve mentioned Bluefin’s perp DEX (Bluefin Perps) which handled billions in quarterly volume. Additionally, Typus Finance launched Typus Perp (TLP) in Q2 2025, entering Sui’s perps market with an impressive debut. Sudo (with its ZO protocol integration) introduced gamified perpetual swaps and “intelligent” leveraged products, growing its user base and liquidity by over 100% last quarter. The Magma protocol even pioneered a new AMM model – an Adaptive Liquidity Market Maker (ALMM) – aiming for zero-slippage trades and greater capital efficiency in swaps. These innovative DEX and derivative designs are attracting liquidity of their own (e.g. Magma’s TVL doubled in Q2) and enhancing Sui’s reputation as a testbed for next-gen DeFi primitives.

Trends in Capital Inflow and Users: The overall liquidity trend on Sui has been strongly positive, fueled by both retail and institutional inflows. Sui’s growing credibility (e.g. HSBC and DBS Bank joining as network validators) and high performance have drawn in new capital. A significant portion of assets bridged into Sui are blue-chip tokens and stablecoins – for instance, Circle’s USDC launched natively on Sui, and Tether’s USDT became available via bridges, leading to a robust stablecoin mix (USDC ~$775M, USDT ~$100M circulating by Q2). Perhaps most notably, Bitcoin liquidity has entered Sui in size (via wrapped or staked BTC – detailed in Section 3), accounting for over 10% of TVL. On the user side, improved wallet support and abstraction (see Section 2) have spurred adoption. The popular Phantom wallet (with ~7M users) extended support to Sui, making it easier for the broad crypto community to access Sui dApps. Similarly, centralized exchange wallets like OKX and Binance integrated Sui DeFi features (e.g. Binance’s Chrome wallet added a Simple Yield integration featuring Sui’s Scallop protocol). These on-ramps contributed to Sui’s user growth: by early 2025 Sui had hundreds of thousands of active addresses, and top dApps like Suilend report tens of thousands of monthly users. Overall, liquidity on Sui has trended upward in 2025, supported by consistent inflows and expanding user participation – a stark contrast to the stagnation seen on some other chains during the same period.

2. Abstraction: Simplifying User Experience on Sui​

Account Abstraction Features: A cornerstone of Sui’s design is account abstraction, which vastly improves usability by hiding blockchain complexities from end-users. Unlike traditional Layer-1s where users must manage keys and gas for every transaction, Sui enables a smoother experience via native features. Specifically, Sui supports third-party credential logins and gas sponsorship at the protocol level. Developers can integrate zkLogin – allowing users to create a Sui wallet and log in with familiar Web2 credentials (Google, Facebook, Twitch, etc.) instead of seed phrases. Concurrently, Sui offers sponsored transactions, meaning dApp builders can pay gas fees on behalf of users through an on-chain “gas station” mechanism. Together, zkLogin and gas sponsorship remove two major pain points (seed phrase management and acquiring native tokens) for new users. A Sui user can, for example, sign up with an email/password (via OAuth) and start using a DeFi app immediately with no upfront SUI tokens needed. This level of abstraction mirrors Web2 ease-of-use and has been critical in onboarding the “next wave” of users who expect frictionless signup and free trial experiences. Many Sui apps and even Web3 games now leverage these features – a recent NFT game launch boasted a “zero-wallet login” flow for players, powered by Sui’s account abstraction and social login capabilities. Overall, by automating key management and gas handling, Sui significantly lowers the barrier to entry for DeFi, which in turn drives higher user retention and activity.

Smart Contract Abstraction and Move: Beyond login and transactions, Sui’s object-oriented programming model provides abstraction at the smart contract level. Sui’s native Move language treats objects (not externally owned accounts) as the basic unit of storage, with rich metadata and flexible ownership structures. This means developers can create smart contract objects that act as proxies for user accounts, automating tasks that would traditionally require user signatures. For example, an app on Sui can deploy a programmable object to handle recurring payments or complex multi-step trades on behalf of a user, without that user manually initiating each step. These objects can hold permissions and logic, effectively abstracting away repetitive actions from the end-user. Additionally, Sui introduced Programmable Transaction Blocks (PTBs) as a way to bundle multiple operations into a single transaction payload. Instead of requiring a user to sign and send 3–4 separate transactions (e.g. approve token, then swap, then stake), a Sui PTB can compose those steps and execute them all at once. This not only reduces friction and confirmation prompts for the user, but also improves performance (fewer on-chain transactions means lower total gas and faster execution). From the user’s perspective, a complex series of actions can feel like one smooth interaction – a critical improvement in UX. Sui’s Move was built with such composability and abstraction in mind, and it’s enabling developers to craft dApps that feel much more like traditional fintech apps. As an added bonus, Sui’s cryptographic agility supports multiple signature schemes (Ed25519, secp256k1, etc.), which allows wallets to use different key types (including those used on Ethereum or Bitcoin). This flexibility makes it easier to integrate Sui functionality into multi-chain wallets and even sets the stage for quantum-resistant cryptography down the line.

Cross-Chain Abstraction – Intents and Integration: Sui is breaking ground in cross-chain user experience through abstraction as well. A prime example is the July 2025 integration of NEAR Intents, a novel cross-chain coordination system, into Sui’s ecosystem. With this integration, Sui users can seamlessly swap assets across 20+ other chains (including Ethereum, Bitcoin, Solana, Avalanche, etc.) in a single step, without manual bridging. The underlying “intent” model means the user simply expresses what they want (e.g. “swap 1 ETH on Ethereum for SUI on Sui”) and a network of automated solvers finds the most efficient way to fulfill that request across chains. The user no longer needs to juggle multiple wallets or gas fees on different networks – the system abstracts all that away. Swapping assets into Sui becomes as easy as a one-click transaction, with no need to even hold gas tokens on the source chain. This is a significant UX leap for cross-chain DeFi. By mid-2025, NEAR Intents was live and Sui users could bring in outside liquidity within seconds, enabling use cases like cross-chain arbitrage and onboarding of assets from non-Sui holders with virtually no friction or custodial risk. Sui Foundation representatives highlighted that “swapping native assets in one click…abstracts away complexity while keeping everything on-chain, secure, and composable”. In parallel, Sui has benefited from major wallet integrations that hide complexity for users. As noted, Phantom’s multi-chain wallet now supports Sui, and other popular wallets like OKX and Binance Wallet have built-in support for Sui dApps. For instance, Binance’s wallet lets users directly access yield farms on Sui (via Scallop) through a simple interface, and OKX’s wallet integrated Sui’s BTC staking flows (Navi’s xBTC) natively. These integrations mean users can interact with Sui DeFi without switching apps or worrying about technical details – their familiar wallet abstracts it for them. All of these efforts, from intents-based swaps to wallet UIs, serve the goal of making cross-chain and on-chain DeFi feel effortless on Sui. The result is that Sui is increasingly accessible not just to crypto natives but also to mainstream users who demand simplicity.

User Experience Impact: Thanks to Sui’s abstraction layers, the user experience on Sui’s DeFi protocols has become one of the most user-friendly in blockchain. New users can onboard with a social login and no upfront cost, execute complex transactions with minimal confirmations, and even move assets from other chains with one-click swaps. This approach is fulfilling Sui’s mission of “familiar onboarding” and mass adoption. As a point of comparison, just as an iPhone user doesn’t need to understand Swift code to use an app, a Sui DeFi user shouldn’t need to grasp private keys or bridge mechanics. Sui’s account abstraction ethos embraces that philosophy, “offering a gateway to a seamless and gratifying user experience” for blockchain finance. By making Web3 interactions feel closer to Web2 in ease, Sui is lowering barriers for the next wave of DeFi users who value convenience. This user-centric design is a key factor in Sui’s growing adoption and sets the stage for greater mainstream participation in DeFi through 2025 and beyond.

3. The Next Wave of DeFi Primitives on Sui​

Proliferation of Native Stablecoins: A vibrant array of new stablecoins and asset-backed tokens is emerging on Sui, providing foundational building blocks for DeFi. In late 2024, Agora Finance’s AUSD went live as the first fully USD-backed stablecoin native to Sui. Marketed as an institutional-grade stablecoin, AUSD’s launch immediately added liquidity and was a boon for Sui’s DeFi growth (Sui’s TVL was about $600M when AUSD arrived and climbing). By mid-2025, AUSD had a circulating supply of tens of millions (with more on Ethereum and Avalanche) and became a regulated alternative to USDC/USDT within Sui’s ecosystem. Around the same time, the Bucket Protocol introduced BUCK, an over-collateralized stablecoin akin to DAI but for Sui. Users can mint BUCK by depositing SUI, BTC, ETH, and other assets as collateral. BUCK is pegged to USD and maintained via on-chain collateral ratios and stability mechanisms (Bucket features a Peg Stability Module, CDP vaults, etc., similar to MakerDAO). By Q2 2025, BUCK’s supply reached ~$60–66M, making it one of the largest Sui-native stablecoins (Bucket’s protocol TVL was ~$69M in that period, mostly backing BUCK). Another notable addition is USDY by Ondo Finance – a yield-bearing “stablecoin” that tokenizes short-term U.S. Treasury yields. Ondo deployed USDY onto Sui in early 2024, marking Sui’s foray into real-world asset (RWA) backed tokens. USDY is effectively a tokenized bond fund that accrues interest for holders (its price floats slightly, reflecting earned yield). This provides Sui users with a native, compliance-focused stable asset that generates yield without needing to stake or farm. By 2025, Sui’s stablecoin landscape also included First Digital USD (FDUSD), brought via partnerships in Asia, and wrapped versions of major stablecoins. The variety of stablecoin primitives – from decentralized CDP-backed (BUCK) to fully fiat-backed (AUSD) to yield-bearing (USDY) – is expanding on-chain liquidity and enabling new DeFi strategies (e.g. using BUCK as loan collateral, or holding USDY as a low-risk yield source). These stable assets form the bedrock for other protocols like DEXs and lenders to build upon, and their presence is a strong signal of a maturing DeFi ecosystem.

BTC DeFi (“BTCfi”) Innovations: Sui is at the forefront of making Bitcoin an active player in DeFi, coining the term BTCfi for Bitcoin-centric DeFi use cases. In 2025, multiple initiatives bridged Bitcoin’s liquidity and security into Sui’s network. One major step was the integration of Threshold Network’s tBTC on Sui. tBTC is a decentralized, 1:1 BTC-backed token that uses threshold cryptography (distributed signing) to avoid any single custodian. In July 2025, tBTC went live on Sui, immediately unlocking access to over $500M worth of BTC liquidity for Sui protocols. This means Bitcoin holders can now mint tBTC directly into Sui and deploy it in lending, trading, or yield farming without entrusting their BTC to a centralized bridge. Sui’s high-performance infrastructure (with sub-second finality) makes it an attractive home for these BTC assets. In parallel, Sui partnered with the Stacks ecosystem to support sBTC, another 1:1 BTC representation that piggybacks off Bitcoin’s security via the Stacks layer-2. By May 2025, over 10% of Sui’s TVL consisted of BTC or BTC-derived assets as bridges like Wormhole, Stacks, and Threshold ramped up Bitcoin connectivity. More than 600 BTC (>$65M) had flowed into Sui in just the first few months of 2025. These BTC derivatives unlock use cases such as using BTC as collateral on Sui’s lending platforms (indeed, Suilend held over $102M in Bitcoin-based assets by Q2, more than any other Sui lender). They also enable BTC trading pairs on Sui DEXs and allow Bitcoin holders to earn DeFi yields without giving up their BTC ownership. The concept of BTCfi is to transform Bitcoin from a “passive” store-of-value into an active capital asset – and Sui has embraced this by providing the technology (fast, parallel execution and an object model ideal for representing BTC custody) and forging partnerships to bring in Bitcoin liquidity. The Sui Foundation even began running a Stacks validator, signaling its commitment to BTC integration. In short, Bitcoin is now a first-class citizen in Sui DeFi, and this cross-pollination is a key innovation of 2025. It opens the door for new Bitcoin-backed stablecoins, Bitcoin yield products, and multi-chain strategies that bridge the gap between the Bitcoin network and DeFi on Sui.

Advanced DEX Primitives and HFT: The next wave of Sui DeFi primitives also includes novel exchange designs and financial instruments that go beyond the initial AMM models. We’ve seen earlier how Magma’s ALMM and Momentum’s CLMM are pushing AMMs toward greater capital efficiency (concentrating liquidity or dynamically adjusting it). Additionally, protocols are experimenting with high-performance trading features: Bluefin in particular rolled out functionalities aimed at institutional and high-frequency traders. In July 2025, Bluefin announced it was bringing institutional-grade high-frequency trading strategies to its Sui-based DEX, using Sui’s parallel execution to achieve throughput and latency improvements. This narrows the performance gap with centralized exchanges and could attract quantitative trading firms to provide liquidity on-chain. Such enhancements in execution speed, low slippage, and MEV protection (Bluefin’s Spot 2.0 upgrade is noted for MEV-resistant RFQ matching) are new primitives in exchange design that Sui is pioneering.

Meanwhile, derivatives and structured products on Sui are becoming more sophisticated. Typus expanding into perpetual futures and Sudo/ZO offering gamified perps were mentioned; these indicate a trend of blending DeFi with trading gamification and user-friendly interfaces. Another example is Nemo, which introduced a “yield trading” market and a points reward system in its new interface – essentially allowing users to speculate on yield rates and earn loyalty points, a creative twist on typical yield farming. We also see structured yield products: for instance, MovEX and others have discussed structured vaults that automatically rotate funds between strategies, giving users packaged investment products (akin to DeFi ETFs or tranches). These are in development and represent the next generation of yield farming, where complexity (like strategy hopping) is abstracted and offered as a single product.

New Financial Instruments & Partnerships: The Sui community and its partners are actively building entirely new DeFi primitives that could define the next phase of growth. One high-profile upcoming project is Graviton, which raised $50M in a Series A (led by a16z and Pantera) to create a modular trading, lending, and cross-margining platform on Sui. Graviton is often compared to dYdX – aiming to onboard professional traders with a full-suite decentralized trading experience (perpetuals, margin trading, lending markets all under one roof). Such a well-funded initiative underlines the confidence in Sui’s DeFi potential and promises a new primitive: a one-stop, high-performance DeFi “super app” on Sui. In addition, real-world finance is intersecting with Sui: the Sui Foundation has fostered partnerships like xMoney/xPortal to launch a crypto-powered MasterCard for retail users, which would allow spending Sui-based assets in everyday purchases. This kind of CeFi–DeFi bridge (essentially bringing DeFi liquidity to point-of-sale) could be transformative if it gains traction. On the institutional side, 21Shares filed for a SUI exchange-traded fund (ETF) in the US – while not a DeFi protocol, an ETF would give traditional investors exposure to Sui’s growth and indirectly to its DeFi economy.

The community and developer activity on Sui is another driving force for new primitives. Sui’s open-source Move ecosystem has grown so active that by mid-2025 Sui surpassed Solana and Near in weekly developer commits and repo forks, thanks to a surge in new tooling (e.g. Move SDKs, zk-proof integrations, cross-chain protocol development). This vibrant developer community is continually experimenting with ideas like on-chain options markets, decentralized insurance, and intent-based lending (some hackathon projects in 2025 tackled these areas). The results are starting to emerge: for example, Lotus Finance launched as a decentralized options AMM on Sui in Q2, and Turbos adopted decentralized front-end hosting (via Walrus) to push the envelope on censorship-resistant DeFi. Community-driven initiatives like these, alongside formal partnerships (e.g. Sui’s collaboration with Google Cloud to provide on-chain data indexing and AI inference tools), create a fertile ground for novel protocols. We’re seeing DeFi primitives on Sui that integrate AI oracles for dynamic pricing, BTC staking services (SatLayer), and even cross-chain intents (the NEAR Intents integration can be seen as a primitive for cross-chain liquidity). Each adds a building block that future developers can combine into new financial products.

Summary: In 2025, Sui’s DeFi ecosystem is flourishing with innovation. The liquidity on Sui has reached multi-billion dollar levels, anchored by major DEXes and lenders, and bolstered by steady inflows and user growth. Through account abstraction and user-centric design, Sui has dramatically improved the DeFi user experience, attracting a broader audience. And with the next wave of primitives – from native stablecoins and BTC integration to advanced AMMs, perps, and real-world asset tokens – Sui is expanding what’s possible in decentralized finance. Key protocols and community efforts are driving this evolution: Cetus and Bluefin advancing DEX tech, Suilend and others expanding lending into new asset classes, Bucket, Agora, Ondo bringing novel assets on-chain, and many more. High-profile partnerships (with infrastructure providers, TradFi institutions, and cross-chain networks) further amplify Sui’s momentum. All these elements point to Sui solidifying its position as a leading DeFi hub by 2025 – one characterized by deep liquidity, seamless usability, and relentless innovation in financial primitives.

Sources:

• Sui Foundation – Sui Q2 2025 DeFi Roundup (July 15, 2025)
• Sui Foundation – NEAR Intents Brings Lightning-Fast Cross-chain Swaps to Sui (July 17, 2025)
• Sui Foundation – Sui to Support sBTC and Stacks (BTCfi Use Cases) (May 1, 2025)
• Sui Foundation – All About Account Abstraction (Oct 4, 2023)
• Ainvest News – Sui Network TVL Surpasses $1.4B Driven by DeFi Protocols (Jul 14, 2025)
• Ainvest News – Sui DeFi TVL Surges 480% to $1.8B... (Jul 12, 2025)
• Suipiens (Sui community) – tBTC Integration Brings Bitcoin Liquidity to Sui (Jul 17, 2025)
• Suipiens – Inside Suilend: Sui’s Leading Lending Platform (Jul 3, 2025)
• The Defiant – Ondo to Bring RWA-Backed Stablecoins onto Sui (Feb 7, 2024)
• Official Sui Documentation – Intro to Sui: User Experience (account abstraction features)

Overview​

Aptos and Sui stand as the next generation of Layer-1 blockchains, both originating from the Move language initially conceived by Meta's Libra/Diem project. While they share a common lineage, their team backgrounds, core objectives, ecosystem strategies, and evolutionary paths have diverged significantly.

Aptos emphasizes versatility and enterprise-grade performance, targeting both DeFi and institutional use cases. In contrast, Sui is laser-focused on optimizing its unique object model to power mass-market consumer applications, particularly in gaming, NFTs, and social media. Which chain will ultimately distinguish itself depends on its ability to evolve its technology to meet the demands of its chosen market niche, while establishing a clear advantage in user experience and developer friendliness.

1. Development Journey​

Aptos​

Born from Aptos Labs—a team formed by former Meta Libra/Diem employees—Aptos began closed testing in late 2021 and launched its mainnet on October 19, 2022. Early mainnet performance drew community skepticism with under 20 TPS, as noted by WIRED, but subsequent iterations on its consensus and execution layers have steadily pushed its throughput to tens of thousands of TPS.

By Q2 2025, Aptos had achieved a peak of 44.7 million transactions in a single week, with weekly active addresses surpassing 4 million. The network has grown to over 83 million cumulative accounts, with daily DeFi trading volume consistently exceeding $200 million (Source: Aptos Forum).

Sui​

Initiated by Mysten Labs, whose founders were core members of Meta's Novi wallet team, Sui launched its incentivized testnet in August 2022 and went live with its mainnet on May 3, 2023. From the earliest testnets, the team prioritized refining its "object model," which treats assets as objects with specific ownership and access controls to enhance parallel transaction processing (Source: Ledger).

As of mid-July 2025, Sui's ecosystem Total Value Locked (TVL) reached $2.326 billion. The platform has seen rapid growth in monthly transaction volume and the number of active engineers, proving especially popular within the gaming and NFT sectors (Source: AInvest, Tangem).

2. Technical Architecture Comparison​

3. On-Chain Ecosystem and Use Cases​

3.1 Ecosystem Scale and Growth​

Aptos In Q1 2025, Aptos recorded nearly 15 million monthly active users and approached 1 million daily active wallets. Its DeFi trading volume surged by 1000% year-over-year, with the platform establishing itself as a hub for financial-grade stablecoins and derivatives (Source: Coinspeaker). Key strategic moves include integrating USDT via Upbit to drive penetration in Asian markets and attracting numerous leading DEXs, lending protocols, and derivatives platforms (Source: Aptos Forum).

Sui In June 2025, Sui's ecosystem TVL reached a new high of $2.326 billion, driven primarily by high-interaction social, gaming, and NFT projects (Source: AInvest). The ecosystem is defined by core projects like object marketplaces, Layer-2 bridges, social wallets, and game engine SDKs, which have attracted a large number of Web3 game developers and IP holders.

3.2 Dominant Use Cases​

• DeFi & Enterprise Integration (Aptos): With its mature BFT finality and a rich suite of financial tools, Aptos is better suited for stablecoins, lending, and derivatives—scenarios that demand high levels of consistency and security.
• Gaming & NFTs (Sui): Sui's parallel execution advantage is clear here. Its low transaction latency and near-zero fees are ideal for high-concurrency, low-value interactions common in gaming, such as opening loot boxes or transferring in-game items.

4. Evolution & Strategy​

Aptos

• Performance Optimization: Continuing to advance sharding research, planning for multi-region cross-chain liquidity, and upgrading the AptosVM to improve state access efficiency.
• Ecosystem Incentives: A multi-hundred-million-dollar ecosystem fund has been established to support DeFi infrastructure, cross-chain bridges, and compliant enterprise applications.
• Cross-Chain Interoperability: Strengthening integrations with bridges like Wormhole and building out connections to Cosmos (via IBC) and Ethereum.

Sui

• Object Model Iteration: Extending the Move syntax to support custom object types and complex permission management while optimizing the parallel scheduling algorithm.
• Driving Consumer Adoption: Pursuing deep integrations with major game engines like Unreal and Unity to lower the barrier for Web3 game development, and launching social plugins and SDKs.
• Community Governance: Promoting the SuiDAO to empower core project communities with governance capabilities, enabling rapid iteration on features and fee models.

5. Core Differences & Challenges​

• Security vs. Parallelism: Aptos's strict resource semantics and consistent consensus provide DeFi-grade security but can limit parallelism. Sui's highly parallel transaction model must continuously prove its resilience against large-scale security threats.
• Ecosystem Depth vs. Breadth: Aptos has cultivated deep roots in the financial sector with strong institutional ties. Sui has rapidly accumulated a broad range of consumer-facing projects but has yet to land a decisive breakthrough in large-scale DeFi.
• Theoretical Performance vs. Real-World Throughput: While Sui has higher theoretical TPS, its actual throughput is still constrained by ecosystem activity. Aptos has also experienced congestion during peak periods, indicating a need for more effective sharding or Layer-2 solutions.
• Market Narrative & Positioning: Aptos markets itself on enterprise-grade security and stability, targeting traditional finance and regulated industries. Sui uses the allure of a "Web2-like experience" and "zero-friction onboarding" to attract a wider consumer audience.

6. The Path to Mass Adoption​

Ultimately, this is not a zero-sum game.

In the medium to long term, if the consumer market (gaming, social, NFTs) continues its explosive growth, Sui's parallel execution and low entry barrier could position it for rapid adoption among tens of millions of mainstream users.

In the short to medium term, Aptos's mature BFT finality, low fees, and strategic partnerships give it a more compelling offering for institutional finance, compliance-focused DeFi, and cross-border payments.

The future is likely a symbiotic one where the two chains coexist, creating a stratified market: Aptos powering financial and enterprise infrastructure, while Sui dominates high-frequency consumer interactions. The chain that ultimately achieves mass adoption will be the one that relentlessly optimizes performance and user experience within its chosen domain.