jakiro
Author: Alex Liu, Foresight News
With the continuous maturity of the Web3 ecosystem, issues such as privacy protection, access control and key management are becoming increasingly prominent.On April 5, Mysten Labs launched a new decentralized key management solution on Sui Testnet – SEAL.Below, we will give a detailed introduction to SEAL from multiple dimensions such as technical architecture, application scenarios, developer experience and future prospects.
background
In the traditional Web2 era, data encryption and access control often rely on centralized key management services (KMS), such as AWS KMS or GCP Cloud KMS.However, these solutions cannot meet the requirements of the Web3 ecosystem for decentralization, transparency and user-autonomous control.
In response to this pain point, Mysten Labs launched SEAL, aiming to achieve secure encryption and access control of data through decentralized methods, helping developers avoid relying on a single trustee in the process of building decentralized applications (DApps), thereby achieving more flexible and secure data protection.
The emergence of SEAL solves the limitations of traditional solutions due to single scenarios or relying on centralized services when data on massive chains needs to be protected.Through SEAL, developers can realize data encryption and access management across storage systems and application scenarios without sacrificing security and performance, providing a general and efficient security solution for Web3 applications.
Technical Architecture
SEAL adopts a multi-layer technical solution to ensure the security and efficiency of the data encryption process, mainly including the following key components:
On-chain Access Control
SEAL uses the Move smart contract on the Sui blockchain to achieve access control.Developers can fine-grained control who can access the decryption key and under what conditions allow access by defining access policies in smart contracts.This on-chain-based rule ensures transparency, making the permission verification process immutable, thereby enhancing data security.
Threshold Encryption
In the traditional single-point trust key management method, centralized key storage is easily the target of attack.SEAL uses threshold encryption technology to store the decryption keys in multiple independent backend services.The complete key can only be restored when the preset minimum number of keys is reached, such as the t-out-of-n model.This mechanism effectively disperses risks, and the overall data can remain secure even if some key servers are attacked.
Client encryption
SEAL emphasizes that data is encrypted and decrypted on the client, that is, the user completes the encryption process locally.In this way, even if SEAL’s server or intermediate node is invaded, plaintext data cannot be obtained, further improving the system’s privacy protection capabilities.
Storage irrelevance
Unlike some solutions that can only be encrypted for a specific storage system, SEAL is storage-independent.Whether it is decentralized storage Walrus based on Sui chain or other on-chain or off-chain storage systems, SEAL can provide compatible encryption solutions.This flexibility allows developers to choose the most suitable storage solution according to project needs without worrying about the adaptation of the encryption mechanism.
Application scenarios
SEAL’s flexible and diverse application scenarios also demonstrate its broad practical value.Here are a few typical application cases:
Content payment and threshold access
In the current digital content distribution field, more and more creators are looking to enable paid reading or membership subscription through encrypted content.With SEAL, creators can encrypt quality content, allowing only users who hold specific NFTs or pay subscriptions to view them decrypt.This model is similar to the on-chain version of Patreon or Substack, which not only protects the copyright of the content, but also provides accurate user-paid access.
Private message and data transmission
User privacy protection is particularly important in decentralized chat and social applications.SEAL supports end-to-end encrypted message transmission, making sure that the message content can only be read by both parties on the communications even on the public chain.Developers can use SEAL to build safe and reliable decentralized instant messaging applications to solve the hidden dangers of privacy leakage in traditional social platforms.
NFT transmission and time lock transactions
As an important asset on blockchain, NFT has also attracted much attention.SEAL can be applied to NFT’s time lock encryption, that is, the transfer or unlocking of the NFT can only be performed within a specific time window.This approach is not only suitable for closed auctions, but also provides technical support for DAO voting and other decisions.
Storage of user sensitive information
In the fields of medical care, identity authentication, etc., users’ sensitive data needs to be strictly protected.SEAL is able to encrypt data stored in Walrus or other storage systems and ensures that only authorized users can view it through on-chain access control, providing a decentralized and efficient solution for data privacy protection.
Developer experience
SEAL is technically innovative, while providing developers with a complete SDK and toolchain, reducing the difficulty of integration and deployment.Through the SEAL SDK, developers can call interfaces such as encryption, decryption and key management without having to understand the underlying complex cryptography principles.At the same time, although there is no ecological project established yet, the official provides detailed documentation and an example APP, and the code in it provides detailed guidance for developers to help them quickly build and debug applications in a testnet environment.
In addition, SEAL’s beta version is open on Sui Testnet, and developers can conduct multiple scenario tests in this environment and submit feedback to Mysten Labs to continuously improve functionality in future versions.The developer-friendly and easy integration features make SEAL the preferred tool for Web3 developers.
Future Outlook
Although SEAL has mature basic functions, Mysten Labs has not stopped there.In the future, SEAL’s development direction may include:
Multi-party secure computing (MPC): By introducing MPC technology, more distributed decryption operations are achieved, making the key management process more secure and reliable.
Server-side encryption: In certain specific scenarios, in order to meet the needs of lightweight front-end applications, server-side decryption solutions may be supported in the future to provide developers with more flexible choices.
Digital copyright management (DRM): Drawing on the experience of the traditional media industry, we develop DRM technology similar to platforms such as Netflix and YouTube, and protect digital content copyright while ensuring user-side security.
The addition of these functions will further expand the application boundaries of SEAL, making it not only limited to data encryption and decryption, but also become a comprehensive decentralized data security platform, providing solid security guarantees for the entire Web3 ecosystem.
