Sui Integrates SCION: A Unique Security Protocol for Validators

[PRESS RELEASE – Grand Cayman, Cayman Islands, October 2nd, 2024]

Sui Sets a New Standard as the First Blockchain to Offer an Advanced and Secure Alternative to the Border Gateway Protocol

Sui, the innovative Layer 1 blockchain known for its top-tier performance and limitless horizontal scalability, has announced its status as the pioneering blockchain to equip validators with a robust defense mechanism against Internet routing attacks, which have historically led to severe downtime across various networks. This advancement addresses vulnerabilities in Web 3.0 at the foundational layer of Internet infrastructure, reinforcing Sui’s reputation as the most secure and dependable Layer 1 blockchain, boasting 100% uptime since its mainnet debut. This new infrastructure leverages a networking technology referred to as SCION and is currently operational on Sui’s testnet.

The protocol utilized for directing data packets across the independent networks constituting the Internet is known as Border Gateway Protocol (BGP), established in the late 1980s with a focus on scalable global routing, often neglecting security. As the Internet has evolved into a crucial and risky environment, the security framework of BGP has failed to adapt to these escalating threats.

This existing gap in security permits malicious entities to redirect traffic toward their own systems, potentially dropping it or worse, impersonating legitimate communication partners. For instance, in 2018, a rerouting of DNS traffic led to the hijacking of MyEtherWallet’s users, resulting in the theft of over $17 million in Ethereum. Notably, this attack was executed against AWS’s Route 53 service, one of the world’s foremost DNS providers. Similarly, in 2022, KLAYswap experienced an attack that circumvented best security practices despite their adherence to recommended protocols, thanks to simple traffic rerouting that bypassed advanced protections like DNSSEC and TLS.

Up until now, no blockchain has effectively countered this category of attacks. Sui will be the first to incorporate SCION, an advanced network architecture designed to mitigate these critical vulnerabilities. The original creators of SCION are now part of the team at Mysten Labs, where their expertise is being harnessed to implement this essential infrastructure technology for Sui.

“SCION provides the security framework that the Internet urgently needs, as it is fundamentally designed with security as a primary focus,” stated George Danezis, Co-Founder and Chief Scientist at Mysten Labs. “By integrating this technology, Sui will stand out as the first blockchain to offer validators access to an innovative internet infrastructure that is cryptographically secured against potential attacks.”

The SCION technology being integrated into Sui’s framework represents a new Internet architecture, which, akin to the current Internet, synchronizes numerous smaller networks. However, on Sui, SCION fundamentally reforms how the network identifies pathways to external destinations, utilizing cryptography to ensure that unauthorized parties cannot exert influence—essentially neutralizing the kinds of attacks previously discussed.

Implementing SCION equips Sui with an unprecedented resilience against network hijacking and improves the capability to switch between networks, leading to:

• Enhanced consensus participation resilience. For individual validators, the flexibility to transition from one network to another in the face of attacks enhances resilience against network assaults aiming to disrupt validator operation—an incident that could affect epoch rewards.
• Improved state synchronization availability. Full nodes on Sui will experience greater accessible connections to their syncing nodes or validators, providing alternatives to connecting with potentially more distant nodes, effectively bypassing network congestion.
• Increased robustness against IP DDoS attacks. In scenarios involving IP DDoS attacks targeting the network through various attack sources, Sui can prioritize communication through SCION instead of IP, thereby rendering attacks against validators ineffective.

Contrasting with the Internet Protocol (IP) used in the conventional Internet for sending and forwarding packets, a SCION-enabled Sui node can choose from multiple pathways to reach its target while encoding that choice in the packet’s header. Moreover, SCION’s design supports the simultaneous utilization of various paths, allowing Sui nodes to manage different types of traffic on different routes, such as segregating consensus from synchronization traffic across networks with distinct properties.

Apart from the security enhancements this integration offers, SCION’s new packet-forwarding protocol also allows Sui to gain further control over its infrastructure, boosting its already industry-leading speeds. Tests conducted on the SCION-enabled network demonstrated a reduction in latency between distant nodes by over 10%, attributed to the automatic path selection and optimization capabilities accessible via Sui’s SCION integration.

To enable a Sui node with SCION, the primary steps involve securing a SCION connection from a SCION-capable Internet service provider or network operator and operating a SCION network appliance that is accessible by the Sui node (e.g., located with the node or hosted separately). Since the SCION network operates concurrently with the existing Internet infrastructure, connectivity on Sui is achievable through either IP or SCION—resulting in unprecedented availability. This new infrastructure further positions Sui as a premier choice for critical infrastructure applications.

The establishment of the SCION infrastructure was undertaken in partnership with Anapaya Systems, which crafted the router software and additional tools essential for implementing the Sui SCION network, alongside Cyberlink and InterCloud, who maintain the global SCION infrastructure connecting Sui validators, as well as Martincoit Networks, which assisted in designing and coordinating the SCION/Sui rollout. Karrier One is extending SCION network connectivity across Canada and beyond, while also developing SCION-enabled data center hosting solutions. Furthermore, The SCION Association, which has recently welcomed Mysten Labs as a member, has been instrumental in promoting this technology.