Both Walrus and Seal are built on Sui, a blockchain that handles coordination, access policies, and audit logs. Sui is designed for high throughput and low latency, making it well-suited for storage and access control operations.
Storage Network
Walrus operates through a network of independent storage nodes, each operated by different parties. The network continuously verifies that nodes are storing data correctly, ensuring reliability.
Key Server Network
Seal’s key servers are distributed across independent operators. No single key server can decrypt data on its own, ensuring that no individual operator can access encrypted content without satisfying the defined access policy.
Data Flow: Upload Process
When you upload a file with encryption:
Encryption
File is encrypted on your device before leaving your browser
Policy Creation
Access rules are recorded on the Sui blockchain
Distribution
Encrypted file is broken into pieces and distributed across multiple storage nodes
Metadata Storage
File ID and access policy reference are stored on Sui blockchain
Zark Access
Zark stores the file reference for shared space access
Image needed: Data flow diagram showing upload process: Client → Encryption → Distribution → Blockchain metadata. Linear flow diagram.
Data Flow: Access Process
When you access an encrypted file:
Request
You request access to an encrypted file through Zark
File Retrieval
Zark retrieves the encrypted file from Walrus’s storage network
Key Request
Your browser contacts Seal’s key servers requesting decryption keys
Policy Verification
Key servers verify you satisfy the access policy on Sui blockchain
Key Release
If authorized, key servers release decryption keys
Local Decryption
Your browser decrypts content locally
Display
Decrypted content is displayed, never leaving your device unencrypted
Resilience
Files are broken into pieces and distributed across multiple storage nodes. Even if some nodes fail, your file can be reconstructed from the remaining pieces. This provides cloud-grade reliability with minimal redundancy.
Security Architecture
Key management is distributed across multiple independent servers. No single party can decrypt your data unilaterally. Key servers only release keys after verifying that access policies are satisfied. 
