Sui Integrates SCION as a Pioneering Security Protocol for Network Validators

Grand Cayman, Cayman Islands, October 2nd, 2024

Sui has made a groundbreaking announcement as the first blockchain to incorporate a highly secure alternative to the traditional Border Gateway Protocol (BGP). Known for its exceptional performance and limitless scalability, Sui is now enhancing its infrastructure to offer validators an effective defense against Internet routing attacks that have caused considerable downtime on other networks. This initiative aims to mitigate risks to Web 3.0 by reinforcing the robustness of its already reliable Layer 1 blockchain, which has maintained a 100% uptime since its mainnet launch. The new technology is based on SCION and is currently active on Sui’s testnet.

BGP, the protocol responsible for routing data across the various independent networks that comprise the Internet, was developed in the late 1980s with a focus on scalable global routing, while security considerations were largely overlooked. Since then, as the Internet has become increasingly essential and vulnerable, BGP’s security measures have not adequately evolved to meet these growing threats.

The current shortcomings in BGP’s security allow malicious entities to redirect traffic to their own systems, where they can either intercept it or impersonate genuine communication partners. For instance, in 2018, a significant attack redirected DNS traffic from MyEtherWallet, resulting in the theft of over $17 million. This was accomplished by hijacking AWS’s Route 53 service, a prominent DNS provider. Similarly, a 2022 attack on KLAYswap exemplified how redirecting traffic, even when best security practices were followed, could bypass advanced security measures like DNSSEC and TLS.

No blockchain has previously offered a comprehensive defense against this type of attack. Sui is set to be the pioneer in integrating SCION, a next-generation network architecture that directly addresses these vulnerabilities. The team behind this initiative includes the original creators of SCION, who are now contributing their expertise to Mysten Labs, the organization responsible for adopting this critical infrastructure technology for Sui.

“SCION provides a much-needed security layer for the Internet, designed from the ground up with security at its core,” stated George Danezis, Co-Founder and Chief Scientist at Mysten Labs. “With this integration, Sui will lead the way as the first blockchain to equip validators with access to a cryptographically secure, next-generation internet.”

The SCION technology on Sui’s network transforms how paths to external destinations are established, utilizing cryptography to ensure that communication cannot be tampered with by unauthorized parties. As a result, various types of attacks described earlier will be rendered ineffective against Sui.

Integrating SCION provides Sui with exceptional resilience to network hijacking attacks, enabling a fallback capability between networks. Key benefits include:

• Enhanced Consensus Participation: Validators can switch between networks in response to attacks, improving their defense against downtime—which is crucial for epoch rewards.

• Increased State Synchronization: Full nodes will enjoy more robust connections with syncing partners, allowing for alternative connections to avoid bottlenecks.

• Immunity to IP DDoS Attacks: In the event of DDoS attacks, Sui can prioritize SCION-based communication, neutralizing the effectiveness of attacks.

Unlike the Internet Protocol (IP), which governs packet transmission and forwarding in the current Internet, a SCION-enabled Sui node can choose among multiple paths to its target destination, embedding this choice within each packet’s header. This capability allows traffic types to be directed via distinct paths, enhancing overall network efficiency.

Moreover, using SCION’s novel packet-forwarding method, Sui offers greater control to end hosts, which contributes to further enhancing the already leading speeds of its network. Tests on the SCION-integrated network have revealed latency reductions of over 10% between distant nodes, thanks to optimized path selection.

To set up a SCION-enabled Sui node, users need to establish a SCION connection through a compatible Internet service provider and operate a SCION network appliance linked to their Sui node. As SCION operates alongside the conventional Internet, Sui can maintain connectivity via either IP or SCION channels, greatly increasing availability. This new infrastructure positions Sui as the premier blockchain for critical infrastructure applications.

The implementation of SCION was made possible in partnership with various organizations responsible for the technology’s foundational components and global infrastructure, with efforts directed towards connecting Sui validators through a specialized SCION network.

For more information, contact the Sui Foundation.