SCION + Sui: This Is How We're Building the World’s First Truly Unstoppable Blockchain Network
Today's internet is a ticking time bomb of security vulnerabilities and centralized chokepoints waiting to explode. SCION is the first Internet architecture designed to provide robust and highly available global communication. Sui’s integration of SCION creates the world's first truly unstoppable blockchain network.
BTW: Here’s the link to my Substack to stay posted:
The Messy Beginning of a Clear Vision
Do you know what's funny about starting something revolutionary? Sometimes you don't even know exactly what you're building when you begin. That's exactly how it was with Mysten Labs.
Let me take you back to our first pitch deck.
Man, when I look at it now, I can't help but laugh. We called our initial concept "Polaris" - a system meant to bring multiple autonomous systems together for a new internet. Was it rough around the edges? Absolutely. But sometimes the messiest beginnings lead to the clearest visions.
When we started, we understood that we were moving into a world where everything was becoming digital.
Every asset, every interaction, every transaction. But here's the problem - what good is a digital world if all these assets can't interact with each other? It's like having a bunch of islands with no bridges between them.
We knew three things had to exist for Web3 to become the foundation of our digital future:
A coordination layer
A data storage layer
A networking layer
We needed to build Sui first. We needed a global coordination layer that could handle the complexity of digital asset interactions at scale.
Then came Walrus, our answer to the global storage layer problem.
But here's where things got really interesting: building a new networking layer.
We’re talking about the internet, and we understood how incredibly difficult it is to create something that alters the way the internet operates, but we knew we had to do it.
Because the internet today is far more fragile than most people realize.
The current TCP/IP stack we all rely on wasn't designed for the kind of robust, programmable networking we need in a truly digital world.
Why The Internet Is More Fragile Than We Think
Let's be real about the state of the internet today. It's a mess! It's way more fragile than anyone wants to admit.
This infrastructure we all rely on daily is built on protocols from the 1980s that were never designed to handle what we're throwing at them today.
The current internet uses a system called BGP (Border Gateway Protocol) to figure out how to route your data.
Then there's IP (Internet Protocol) forwarding. Every router needs to maintain massive forwarding tables that grow larger each year. These tables require expensive, power-hungry hardware called TCAM.
When these tables get corrupted or become inconsistent with tables at other routers, packets get lost or misrouted.
Think about this: When you send data across the internet, do you have any idea what path it takes? Can you guarantee it won't be intercepted or manipulated? Can you even be sure it'll reach its destination?
You can't.
And here's the scary part - neither do the internet service providers (ISPs). It's like a GPS system that's running on trust and hope rather than actual verification.
This blind trust has led to some major problems.
Remember when Facebook went down for six hours in 2021?
That wasn't because their servers crashed. It was because their BGP routes disappeared, and suddenly, no one could find Facebook on the internet.
It was like their address vanished from every GPS system in the world.
The current Internet lacks built-in security. Bad actors can exploit this trust-based system. They can hijack your traffic by simply announcing false routes.
An attacker can redirect your traffic through their servers, and read or modify your data, and you'd never know. This is called a "man-in-the-middle" attack.
Imagine you're trying to access your bank's website, but someone redirects your traffic through their servers first. They could steal your passwords, your financial data, everything.
This isn't just theoretical.
Azure, Microsoft's cloud platform, explicitly states in their service-level agreement (SLA) that they can't guarantee anything once your traffic leaves their network.
Think about that - one of the biggest tech companies in the world is basically saying, "Once your data leaves our servers, all bets are off."
But it gets worse.
BGP hijacks, and routing attacks- They're happening every day, and they're costing businesses millions.
In 2007, we saw what happens when these vulnerabilities are exploited at scale. Attackers launched a massive distributed denial-of-service (DDoS) attack against Estonia, taking down much of the country's critical infrastructure for a week.
More recently, in 2016, an attack exceeding 1 terabit per second (Tbps) targeted Dyn's DNS infrastructure, making many major websites inaccessible.
The scariest part? These attacks are getting bigger and more sophisticated.
The DDoS Nightmare: It's Getting Worse, Way Worse!
Look, DDoS attacks aren't new. They've been around since the dawn of the internet.
But what are we seeing now? It's on a whole other level.
We're not just seeing more attacks; we're seeing an explosion of them.
I'm talking about a mind-blowing 112% increase in 2023 compared to 2022.
And don't even get me started on the size of these attacks.
Back in the day, a 1 Gbps attack was considered massive. Now? We're seeing attacks hitting 1 Tbps.
That's terabits! It's like going from a water pistol to a fire hose connected directly to Niagara Falls.
But it's not just about size anymore. These attackers are getting smarter, and more sophisticated.
They're not just trying to flood your network with junk traffic. No, they're targeting specific layers of your stack, exploiting vulnerabilities in protocols you didn't even know could be exploited.
Take DNS QUERY attacks, for example. They were responsible for 26% of all DDoS events in 2023.
Why? Because why overwhelm the entire system when you can just seal off the gateway? Disable DNS and everything grinds to a halt. Simple but highly effective.
And don't even get me started on the new attack vectors...
HTTP/2 Rapid Reset? Continuation Frame Attacks? Loop DoS?
These aren't just new ways to cause trouble; they're exploiting the very foundations of how the internet works. We're talking about vulnerabilities baked into the protocols themselves!
And if you think crypto is safe from all this. You are dead wrong.
How Safe is Your Crypto Really?
Here's the brutal truth that nobody wants to talk about: Even the most secure blockchain in the world can't protect you from the fundamental flaws in how the internet works.
Think about this for a second:
You're using your favorite DeFi platform, everything seems normal, and the website looks legit, but guess what? You're not where you think you are.
Your traffic has been hijacked and redirected, and you're about to lose your funds without even knowing it.
Scary, right? Well, this isn't some theoretical threat - it's happening right now!
Remember KLAYswap in 2022? Hackers walked away with $1.9 million! Not because they cracked some sophisticated smart contract - they just hijacked the basic internet routing that everyone relies on (BGP).
And this isn't some one-off thing.
Celer Bridge got hit the same way, losing $235,000 because attackers could just redirect traffic to their fake front end.
But wait, there's more!
Remember when Cream Finance and PancakeSwap got hit simultaneously?
The attackers didn't need to break any blockchain - they just needed to compromise a GoDaddy employee account.
Think about that for a second.
All our fancy cryptography, all our decentralized systems, and what brings us down? The same old broken internet infrastructure we've been using since the 90s.
MyEtherWallet users learned this the hard way back in 2018. Over $152,000 in Ether - gone in two hours because someone could redirect Amazon Route 53 DNS traffic.
The hard truth is this:
Until we fix these fundamental internet infrastructure problems, all the blockchain security in the world won't save you.
Your "unhackable" DeFi protocol is only as secure as the DNS server it's running on.
And these security flaws are also exactly the reason why we tend to centralize everything related to the internet.
Centralization: The Necessary Evil of Internet Security?
Right now, we're living in a world where just a few companies - Cloudflare, Amazon, Google - are basically running the internet's infrastructure.
Think about it.
When was the last time you visited a website that WASN'T behind Cloudflare? These guys are handling something like 20% of all internet traffic.
And sure, it's convenient. They give you DDoS protection, content delivery, security - all in one neat package.
But we're creating these massive single points of failure.
Remember those times when Cloudflare has its hour-long outages a couple of times every year? Half the internet goes dark.
Dating apps, cryptocurrency exchanges, gaming platforms - all gone in an instant.
But it gets worse.
These companies aren't just providing services - they're becoming the internet itself. They're the ones deciding what stays up, what goes down, who gets protected, and who doesn't.
They're sucking up information about every click, every page load, every interaction. Sure, they say they're protecting your privacy, but come on - that's a lot of trust to put in one company.
One court order, one hack, one rogue employee - that's all it takes for all that data to be exposed or misused.
And here's where it gets really scary:
These companies have become de facto internet gatekeepers. Don't play by their rules? Boom - you're off the internet. Sure, they're blocking bad actors today, but who decides what's "bad" tomorrow?
It's like we're building this reverse version of the internet.
Remember what the internet was supposed to be? A decentralized network that could survive nuclear war because there was no central point of failure?
Now we're basically doing the opposite. We're creating these massive choke points that make the whole system vulnerable.
The worst part? We're getting addicted to this centralization.
Every time there's a security problem, every time there's a performance issue, we run to these centralized services for protection.
The bottom line is this: the current internet landscape is a mess, and it's getting messier by the day.
The original architects never imagined it would grow into this massive, global system where bad actors could cause so much damage.
This is why we need to rethink how the Internet works at its most fundamental level.
We need an architecture that provides:
Control over how our data travels
Built-in security and authentication
Protection against attacks
Fast recovery from failures
Efficient routing without massive forwarding tables
And this is where SCION comes in, and trust me, it's gonna change everything.
SCION: The Internet Architecture We Deserve
At ETH Zurich, researchers have spent 15 years developing something revolutionary:
SCION - a secure, multi-path, inter-domain routing architecture that can run side by side with today's internet, offering levels of security and control that were previously impossible.
SCION is what the internet should have been from day one.
It's a complete reimagining of how data moves across networks, built with security, control, and performance baked right into its core. We're not talking about another patch or workaround - this is a fundamental redesign of internet architecture.
Now, I know what you're thinking: "Another new internet architecture? Good luck with that!"
Trust me, I get it. Deploying a new internet architecture is like trying to climb Mount Everest.
It's not just technically challenging - it's about convincing ISPs to deploy it, getting users to adopt it, and breaking through all those circular dependencies.
But here's the exciting part:
SCION has been in production for 7 years now, with real companies, 100s of Swiss banks, and real healthcare providers using it every day.
Why SCION Changes Everything
Think of SCION like this: Instead of your data taking random paths through the internet jungle, SCION gives you a GPS with multiple route options, control over which path your data takes, and bulletproof security at every step of the journey.
SCION introduces a concept called Isolation Domains (ISDs). Think of them as trust boundaries where you can explicitly define whom you need to trust. Each ISD manages its own cryptographic keys and trust roots.
It's genius because:
If one part of the network gets attacked, the damage stays contained
Each domain can implement its own trust roots (no more single points of failure)
You get actual control over where your traffic flows
No more relying on global trust; you can limit your trust to specific entities that make sense for your use case.
But that's just the beginning.
The real game-changer is SCION's path-aware networking.
For the first time, you can see exactly which paths are available for your data, choose specific paths based on your requirements (latency, bandwidth, jurisdiction), and get cryptographic proof that your data actually took the path you selected.
It's like having a GPS for your data packets, with the added assurance that they won't take any unauthorized detours.
But wait, it gets better.
SCION doesn't just give you one path for your data; it gives you multiple paths that you can use simultaneously.
This is huge because your connection stays alive even if some paths fail.
You can choose the fastest routes for your data, load balancing becomes a breeze.
And DDoS attacks? Good luck trying to take down multiple paths at once, plus SCION comes with built-in DDoS defenses.
Now, most people hear “added security and multiple available paths” and assume it means slower performance.
But SCION? It turns this assumption on its head.
200x Faster Path Discovery, 1000x Less Overhead
Look, when most people hear "added security," they automatically think "slower performance."
But here's the mind-blowing part:
SCION's packet forwarding isn't just "not slower" - it's actually FASTER than traditional IP forwarding.
First off, SCION uses something called packet-carried forwarding state (PCFS).
What's that?
Instead of routers having to look up where to send each packet in some massive routing table (like they do today), the path information is right there in the packet itself.
Because of this SCION routers are completely stateless. They don't need to maintain massive routing tables or complex state information.
Everything needed for routing is in the packet header and the forwarding path is protected cryptographically.
The performance implications are staggering:
The path discovery is 200x faster than BGP
processing overhead is 1000x less than BGPsec
and multiple path options often lead to lower latency.
It can hit 100 gigabits per second using AF_XDP with kernel bypass and reaches 200 gigabits per second on standard servers using DPDK. Some implementations are pushing toward 800 gigabits per second without specialized hardware!
We're talking about horizontal scalability to millions of autonomous systems.
The bottom line?
SCION isn't just marginally better than current solutions - it's orders of magnitude more efficient.
And the best part? This isn't theoretical.
It's running in production right now, handling real-world traffic for banks, healthcare providers, and critical infrastructure.
Don't just take my word for it - let's look at what's happening in Switzerland right now.
The Swiss Experiment That Created a Domino Effect
The real breakthrough came in 2017 when the Secure Swiss Finance Network (SSFN) decided to use SCION in production. The SSFN is essentially the new Swiss interbank network, replacing the previous Finance IPnet.
The SSFN implemented SCION and put it through absolute hell. They simulated everything from simple link failures to complete provider outages.
The results? Mind-blowing.
While traditional networks would stumble and require manual intervention, SCION kept running. We're talking millisecond-level failover times with zero impact on application sessions.
The Swiss interbank clearing system - literally one of the most critical financial applications in Switzerland - didn't even notice when they were deliberately breaking network connections.
After six years of rigorous testing and development, they decided to fully transition to SCION.
This ignited a domino effect, building an ecosystem of ISPs, consultants, and software providers.
Today, over 300 banks access SCION via the SSFN, with adoption spreading to international banks across Europe, Asia, and North America.
But it doesn't stop with finance.
SCION has now expanded to healthcare: in 2022, HealthInfoNet (HIN) secured 50,000 doctors from routing attacks and DDoS threats through Swiss ISPs converting IP traffic to SCION.
The energy sector is following suit.
They're now looking at creating an energy network that would enable all energy providers within Switzerland, and eventually across Europe, to leverage SCION technology.
We're also seeing adoption in the education sector.
There's a global education network being deployed with the ambitious goal of reaching a million end hosts this year.
Internet Exchange Points, including Swiss-IX, DE-CIX, and AMS-IX, are advancing SCION peering, and AWS has now added SCION support at the VPC level.
And now Sui Is partnering with @anapaya_systems to build the most secure and performant blockchain infrastructure.
SCION + Sui: Building the World’s First Truly Unstoppable Blockchain Network
Think about it.
We've got this amazing global coordination layer, Sui, processing transactions in half a second, pushing the boundaries of what's possible in Web3.
But guess what's holding it back?
The same old internet infrastructure that wasn't built for this kind of operation.
You've got validators spread across the globe, trying to reach consensus at lightning speed, but they're relying on network infrastructure that's about as reliable as a chocolate teapot when it comes to guaranteed availability and performance.
We could have gone with private networks. Many do.
But that would've meant putting control in the hands of a single entity - exactly what we're trying to avoid in the blockchain world.
Instead, SCION gives us a public, distributed, and redundant network that no single entity controls.
It's the perfect match for our vision of a truly decentralized platform.
So here's what makes SCION the perfect match for Sui:
1. Bulletproof Availability
We're talking about a network that's fully immune to the kind of hijacking attacks and DDOS attacks that plague traditional internet routing.
No more crossed fingers hoping your validators stay connected - SCION's secure routing protocol makes sure of that.
2. Speed Matters
Remember when I mentioned Sui processing transactions in half a second? Most of that time is actually spent on network communication.
SCION's path-aware routing means validators can choose the fastest routes for their communication. We're talking real performance gains here, not just marginal improvements.
3. Triple Redundancy
This is where it gets really interesting.
The setup we've built with SCION gives Sui validators what I call "triple redundancy":
- Multiple SCION providers for primary communication
- Different paths within the SCION network
- Traditional IP as a fallback
This means Sui validators can keep running even if parts of the network face issues.
And the implementation is beautiful in its simplicity. We deploy SCION appliances alongside our validators, allowing them to seamlessly switch between SCION and traditional internet paths.
And the best part? Validators can join one at a time. No need for complex coordination or network-wide upgrades.
It's the kind of elegant solution that makes engineers smile.
All of this is not theory. Sui has already become the first blockchain to run SCION (now in Testnet).
And by the end of this year, we aim to have Sui mainnet running on Scion.
Now, you might be wondering, "Isn't this overkill? Do we really need all this?"
And my answer is a resounding yes.
When you're building a platform that aims to handle global finance and support millions of users, you can't afford to cut corners.
Every millisecond of latency we shave off, every potential point of failure we eliminate, brings us one step closer to a blockchain that can truly rival traditional financial systems in terms of speed and reliability.
The Future is Here, and It's Running on SCION and Sui
The bottom line is this:
The internet needs an upgrade, and SCION is that upgrade.
With SCION integration, we're setting a new standard for what blockchain infrastructure should look like.
That's the Sui way.
Now, the SCION integration is not a one-way street.
Mysten Labs is partnering with brilliant people like @Adrian_Perrig , the mastermind behind SCION, to develop systems where SCION can leverage Sui's capabilities to revolutionize internet infrastructure.
We're taking the best of SCION's next-gen network architecture and supercharging it with a global coordination layer like Sui.
Imagine an internet where bandwidth is an on-chain asset and network paths are optimized by smart contracts.
With Sui's smart contracts acting as a control plane for SCION's data plane, we're opening up a whole new realm of possibilities.
And the best part? This isn't some far-off dream. We're building it right now.
This is what building real infrastructure looks like.
It's not about chasing the latest blockchain buzzwords or promising impossible TPS numbers.
It's about building solid foundations that can support the future we envision.
Because that's how we roll at Mysten Labs.
We don't just talk about the future, we build it.
Don't miss out on the next article!
Stay updated by subscribing to my Substack here:
Bullish af.. love it. Sui will be the most secure blockchain ever, ready for mass adoption.
unstoppable blockchain