Dive into

Antonio Yang - yanganto@github

Sui Foundation - Developer Relations

with Sui

Seal Inside

Sui

Baby Weddell Seal in Adélie Land, Antarctica CC BY-SA3.0

Agenda

Introduction

How to store?

Walrus nodes & tools

Access control with Seal

Introduction

Computation
Network

Storage

Blockchain

Blockchain cover everything !

Computation
Network

Storage

Blockchain

Application wants more ex: 1GB
But size matters for blockchain speed

1KB NFT would have a storage fee 0.0076 SUI.

1GB storage fee more than 7600 USD

Computation
Network

Storage

A layer for a problem

Computation
Network

Storage

Blob

unstructured data object
max 13.3 GB

Computation
Network

Storage

Smart Contract

Ownership
Blob Object ID

Life time
Metadata ...

Blob hashes

Web 2 / 3

Computation
Network

Storage

Complete the infrastructure of Web3

NOTE! Walrus use RaptorQ, XOR based

Data Redundancy

What are Reed-Solomon Codes? How computers recover lost data

Reed-Solomon Erasure Code

2D Encoding

Primary Sliver

Secondary Sliver

RaptorQ Erasure Encoded Blob
Shards: Primary Sliver + Secondary Sliver

1000 Shards now

Nodes have 1 or more shards

Data Redundancy

1/3 shards for read

2/3 shards for write

4.5 ~ 5 expanded on size

single-client store performance

150~200Mbps (actual encoded)

1000MiB file took ~296s

How to store?

Storage

https://github.com/MystenLabs/walrus-docs/blob/main/contracts/walrus/sources/system.move#L85-L93

Time & Space

Storage

public fun split_by_epoch( ... ): Storage
public fun split_by_size(...): Storage
public fun fuse_periods(...)

public fun fuse_amount(...)

Flexible to change Time & Space

Register Blob

Blob

Register Blob

Delete is possible!

Blob

Blob

public fun certify_blob(...)
public fun delete_blob(...): Storage
public fun extend_blob_with_resource(..)
public fun extend_blob(...)

Modified Time

Blob

Shared Blob

public fun new(blob, ctx)
public fun new_funded(blob, funds, ctx)
public fun fund(self, added_funds)
public fun extend(...)

Modified Time

Blob

Metadata of Blob

public fun add_metadata(&mut self, metadata)
public fun add_or_replace_metadata(...)
public fun take_metadata(...)

public fun insert_or_update_metadata_pair(...)
public fun remove_metadata_pair(...)

public fun remove_metadata_pair_if_exists(...)

Only Modified for Blob not SharedBlob

VecMap<String, String>

Walrus Nodes - Aggregator

Read

Aggregator

Storage nodes

Read

Walrus Nodes- Aggregator

Walrus Client - Cli

Rest API

Walrus Client - Publisher

Walrus Client

walrus store <FILES> --epochs <EPOCHS>
walrus read <some blob ID>
walrus delete --blob-id <BLOB_ID>

Command Line

Walrus Client

walrus publisher

Daemons

PUT /v1/blobs?epochs=1
PUT /v1/blobs?deletable=true
walrus aggregator

GET /v1/blobs/<some blob ID>
walrus daemon = publisher + aggregator

Walrus Testnet Servers

https://github.com/MystenLabs/seal/blob/main/examples/frontend/vite.config.ts

Limitation for files less than 10mb

  • https://publisher.walrus-testnet.walrus.space
  • https://wal-publisher-testnet.staketab.org
  • https://walrus-testnet-publisher.redundex.com
  • https://walrus-testnet-publisher.nodes.guru
  • https://publisher.walrus.banansen.dev
  • https://walrus-testnet-publisher.everstake.one

Walrus Client

site-builder publish <root> --epochs <epoch>

Site Builder

https://github.com/MystenLabs/walrus-sites/tree/main/site-builder

Execution completed
Resource operations performed:
  - created resource /Oi-Regular.ttf with blob ID ...
Created new site: test site
New site object ID: 0x407a...b73a
Browse the resulting site at: https://1lup...4piy.walrus.site

testnet is sunsetting,

but you can run your local one for testing

base36 of blob ID

Seal is ready

Access control with Walrus

Seal Inside

Sym Encrypted blob

Walrus & Seal

Asym Encrypted key

t out-of n

Content Publisher

  • AES Key for content (client side generated)
  • Encrypt the content and upload to walrus
  • Define t-out-of-n threshold encryption on AES key
  • AES key is encrypted by seal's public key
  • Encrypted AES key is stored on walrus
  • Deploy your access control contract
  • Define `entry fun seal_approve*(id: vector<u8>, ...)`

panic to reject

Content Reader

  • Sign a personal message
  • PTB
  • fetch t-out-of-n key servers, ex: 2 of 2

    • seal-key-server-testnet-1.mystenlabs.com

    • seal-key-server-testnet-2.mystenlabs.com

  • Decrypted AES key
  • Session should less than 10 min
  • Client side decryption

Valid pdb of seal_approve,

no need Sui

/v1/fetch_key

Create session no need Sui

Approve PTB

entry fun seal_approve*(id: vector<u8>, ...)

Key Server

  • https://github.com/MystenLabs/seal/crates/key-server
  • Key server NFT

    •     struct Service has key {
              id: 0x2::object::UID,
              name: 0x1::string::String,
              url: 0x1::string::String,
              pk: 0x2::group_ops::Element<0x2::bls12381::G2>,
          }

https://github.com/MystenLabs/seal/move/seal/sources/key_server.move#L19-L25

Q&A

Thank you

Seal Inside

Epoch duration
Testnet is 2 days

Mainnet is multiple weeks long

Maximum epochs is 183

 (corresponding to 1 year)

Maximum epoch in contract is 1000

Computation
Network

Storage

Web 2 / 3

George is Chief Scientist of Mystenlabs

TEE

  • AWS Nitro Enclaves
  • AWS CA is on chain
  • Intel SGX will be the next target

Walrus Client

Site Builder

Running `target/debug/site-builder -c /tmp/sites-config.yaml publish --epochs 1 /tmp/demo` 2025-03-30T01:42:23.232384Z INFO site_builder: initializing site builder 2025-03-30T01:42:23.232979Z INFO site_builder: loading sites configuration config_path="/tmp/sites-config.yaml" 2025-03-30T01:42:23.240775Z INFO site_builder: loading the configuration context="testnet" 2025-03-30T01:42:23.240795Z INFO site_builder: configuration loaded config=Config { portal: "wal.app", package: 0xf99aee9f21493e1590e7e5a9aea6f343a1f381031a04a732724871fc294be799, general: GeneralArgs { rpc_url: None, wallet: None, walrus_binary: Some("walrus"), walrus_config: None, gas_budget: Some(500000000) } } Parsing the directory /tmp/demo and locally computing blob IDs ... [Ok] 2025-03-30T01:42:26.195254Z INFO site_builder::util: Using wallet configuration from /home/yanganto/.sui/sui_config/client.yaml Storing resource on Walrus: /index.html ... [Ok] Applying the Walrus Site object updates on Sui ... [Ok] Execution completed Resource operations performed: - created resource /index.html with blob ID uDcYVlmmh5lQI3mCmECMVmGfaaxdGeZ-MQbfvnEw5vc The site routes were left unchanged Created new site: test site New site object ID: 0x4dad4d4e7bffa43f8be1734e5dad478b6032b02111b00ec05349848de1fc5a00 To browse the site, you have the following options: 1. Run a local portal, and browse the site through it: e.g. http://1xp2ozag3eud8172xrfqr7258hg86jzgiq55ywb7536f9owdts.localhost:3000 (more info: https://docs.wal.app/walrus-sites/portal.html#running-the-portal-locally) 2. Use a third-party portal (e.g. wal.app), which will require a SuiNS name. First, buy a SuiNS name at suins.io (e.g. example-domain), then point it to the site object ID. Finally, browse it with: https://example-domain.wal.app

Personal Message

Accessing keys of package 0xa631cfd03ac281b081dfad7b1afee38eaceb2a52b9d54650cd7a916c2d6133ef for 1 mins from 2025-04-05 16:47:32 UTC, session key hsdBVqi6JePASzqj9G5xcRIt9d6Ht4IwNAJH3IXEXe4=