Sui Introduces Decentralized Seal Key Server Bringing MPC Security To Testnet

TLDR

• Sui launches a decentralized Seal key server on testnet using MPC and threshold cryptography.
• Operators generate distributed key shares through a DKG process, so no party holds the full key.
• Key server membership can rotate without re-encrypting existing data or changing the public key.
• Seal SDK integration remains unchanged except for configuring the decentralized server endpoint.

Sui has introduced a decentralized Seal key server on its testnet to expand the network’s encryption infrastructure. The new system uses multi-party computation and threshold cryptography to distribute trust across multiple operators.

The release aims to strengthen data security while keeping the developer workflow unchanged. Applications that already use Seal can integrate the new server with the same SDK and encryption processes. The main change is configuration of a decentralized server endpoint.

Seal serves as Sui’s programmable encryption layer. It allows developers to set onchain policies that define who can access encrypted data. The decentralized key server adds distributed key management to this framework.

According to the Sui Foundation, the system appears as a single logical key server to applications. Internally, it spreads key control across independent operators so no entity holds the complete master key.

Distributed key control through MPC

The decentralized server relies on distributed key generation and threshold cryptography. Operators take part in a coordinated DKG ceremony that produces key shares instead of a full key.

Each operator runs a key server that stores only its partial share. Because the master key never exists in one location, the system reduces risks linked to centralized key storage.

When a client requests a decryption key, the request moves through an aggregator service. The aggregator collects encrypted partial responses from operators. It then combines those responses into a single encrypted result.

The client decrypts the final key locally. The aggregator cannot access plaintext key material. It only coordinates encrypted responses from the operator servers.

The design also allows independent groups to form committees and deploy their own decentralized key servers. Committees can choose their own membership, thresholds, and governance structure.

Stable public keys enable operator rotation

Infrastructure operators may change over time. The decentralized Seal key server supports membership rotation through new DKG ceremonies.

During rotation, operators update their key shares while keeping the same public key and onchain object identifier. Because the public key remains unchanged, encrypted data does not need to be processed again.

This approach keeps existing access policies intact. Clients also continue using the same configuration and encryption logic. The process reduces operational complexity for long-running applications.

The Sui Foundation states that this rotation model helps infrastructure evolve without disrupting applications that rely on encrypted data.

Integration remains consistent for developers

Developers using Seal do not need to change their core code. Encryption and decryption processes remain the same, and policy rules continue to use the existing Move framework.

Instead of listing several independent key servers, developers configure a single decentralized key server object ID and an aggregator URL. The SDK handles the rest of the interaction.

A decentralized server counts as one server within Seal’s threshold configuration. Developers can still combine independent servers and decentralized servers in hybrid trust models.

The first decentralized Seal key server is live on Sui testnet. It runs with a 3-of-5 internal threshold and uses geo-distributed operators, including Mysten. The aggregator service is currently operated by Mysten.

Support is available in Seal SDK version 1.1.0 and later. Testnet usage does not require API credentials. Mainnet deployment and additional operator options are planned for future updates.

The post Sui Introduces Decentralized Seal Key Server Bringing MPC Security To Testnet appeared first on CoinCentral.