Status: EC2 instance terminated.
Privacy-preserving DeFi swaps on Sui using TEE (Trusted Execution Environment) and SEAL encryption
Built with: AWS Nitro Enclaves β’ SEAL β’ Sui
Mist Protocol enables truly private token swaps on Sui by combining:
- SEAL threshold encryption for hiding swap amounts
- TEE (AWS Nitro Enclaves) for trusted execution with hardware attestation
- Privacy relayer to break on-chain linkability
- Stealth addresses for unlinkable swap outputs
Unlike traditional DEXs where every swap is publicly visible, Mist Protocol keeps swap amounts private while maintaining verifiability through TEE attestation.
Traditional DEX: Mist Protocol:
User Wallet β Swap β Output User β Deposit β Intent β TEE β Stealth β Claim
β β β
Publicly linked No owner field Unlinkable address
Result: On-chain observers cannot link deposits to swap outputs!
User deposits 1.0 SUI
β
Creates deposit with secret nullifier
β
Deposit note stored locally (encrypted)
On-chain: Deposit object (no owner field - privacy!)
User generates stealth addresses (output + remainder)
β
Signs intent with wallet (proves ownership)
β
Frontend SEAL-encrypts: nullifier, amounts, stealth addresses
β
Submit on-chain (direct or via optional relayer)
β
On-chain: SwapIntent added to IntentQueue
Backend polls queue every 5 seconds
β
Decrypts with SEAL (2-of-3 threshold)
β
Verifies wallet signature (prevents nullifier theft)
β
TEE wallet executes swap on FlowX
β
Sends output to stealth address (unlinkable!)
User sees tokens at stealth address
β
Claims to main wallet (sponsored tx)
β
On-chain: No link between deposit and output!
ββββββββββββββββ
β Frontend β Next.js + @mysten/dapp-kit + SEAL SDK
ββββββββ¬ββββββββ
β Creates encrypted intents
βΌ
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Sui Blockchain (Move Contracts) β
β β
β Deposits β NullifierReg β IntentQueue β
β (Shared) β (Shared) β (Shared) β
β β
β - No owner β - Spent β - Pending β
β field! β nullifiers β intents β
βββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β² β
β β Polls every 5s
β Executes signed tx βΌ
β ββββββββββββββββββββββββ
β β TEE Backend β
β β (Rust + AWS Nitro) β
β β β
β β - SEAL decrypt β
β β - DEX swap β
β β - SEAL encrypt β
β β - Build tx β
β ββββββββββββ¬ββββββββββββ
β β
β β POST /sign
β βΌ
β ββββββββββββββββββββββββ
ββββββββββββββββββββββββββββ tx-signer β
β (HTTP Service) β
β β
β Wraps: β
β sui keytool sign β
ββββββββββββββββββββββββ
| Component | Technology |
|---|---|
| Smart Contracts | Sui Move |
| Backend (TEE) | Rust, Axum, SEAL SDK |
| Signing Service | Rust, Axum, Sui CLI |
| Frontend | Next.js 14, TypeScript, @mysten/dapp-kit |
| Encryption | SEAL (2-of-3 threshold encryption) |
| DEX | FlowX (testnet) β MIST_TOKEN |
| TEE | AWS Nitro Enclaves (hardware attestation) |
mist-protocol/
βββ backend/ # TEE backend (Rust + AWS Nitro)
β βββ src/apps/mist-protocol/
β βββ intent_processor.rs # Polls IntentQueue
β βββ swap_executor.rs # Executes swaps via FlowX
β βββ seal_encryption.rs # SEAL crypto
β
βββ enclave/ # AWS Nitro Enclave deployment
β βββ Makefile # Build enclave image
β βββ deploy.sh # Deployment scripts
β βββ AWS_QUICKSTART.md # Deployment guide
β
βββ tx-signer/ # Transaction signing service
β βββ src/main.rs # HTTP wrapper around sui keytool
β
βββ contracts/ # Sui Move smart contracts
β βββ mist_protocol/
β βββ sources/
β βββ mist_protocol.move # Main protocol
β βββ seal_policy.move # TEE + user decryption
β
βββ frontend/ # Next.js frontend
β βββ app/ # Pages + privacy relayer API
β βββ components/ # React components
β βββ lib/deposit-notes.ts # Stealth address + note management
β
βββ docs/ # Documentation
sui --version # 1.60.0+
node --version # v20.0.0+
pnpm --version # 8.0.0+
cargo --version # 1.70.0+# Frontend
cd frontend && pnpm install
# Backend (will download and build dependencies)
cd ../backend && cargo build --release
# Signing service
cd ../tx-signer && cargo build --releasecd contracts/mist_protocol
sui client publish --gas-budget 500000000
# Save package_id, pool_id, queue_id from outputBackend: Update backend/src/apps/mist-protocol/seal_config.yaml
Frontend: Update frontend/.env.local
Backend key: Set in backend/.env
See docs/SETUP.md for detailed configuration.
# Terminal 1: Signing service
cd tx-signer && cargo run
# Terminal 2: Backend
cd backend && cargo run
# Terminal 3: Frontend
cd frontend && pnpm dev
# Open http://localhost:3000- Connect wallet
- Deposit 0.5 SUI
- Receive deposit note with secret nullifier
- Select deposit note (0.5 SUI)
- Swap to: MIST_TOKEN
- Sign intent with wallet
- Generates stealth addresses automatically
Backend logs show:
π Poll cycle #5
β
Successfully decrypted intent
π― Intent: 0x1e6f...
π± Swap: 0.5 SUI β MIST_TOKEN
β
Signature verified!
π Executing swap on FlowX...
π Calling signing service...
β
Transaction signed successfully!
π Executing signed transaction on-chain...
β
Swap executed successfully!
π Transaction: rkZeR5Fw5j...
- Check "Claim" tab
- See MIST_TOKEN at stealth address
- Click "Claim to Main Wallet"
- Tokens transferred (unlinkable on-chain!)
- Swap amounts encrypted with SEAL threshold encryption
- On-chain observers see only encrypted bytes
- Even node operators cannot see amounts
- AWS Nitro Enclaves provide hardware-based trusted execution
- Cryptographic attestation proves code integrity
- SEAL keys released only to verified TEE
- Ephemeral keypairs generated inside enclave (never written to disk)
- Users submit intents, TEE executes asynchronously
- No need to stay online during swap
- MEV-resistant (intents processed in queue order)
- Relayer can submit swap intents on behalf of users
- User's wallet never touches the swap transaction
- Extra privacy layer for those who want it
- Swap outputs sent to unlinkable stealth addresses
- User generates keypair locally, only they can claim
- On-chain: No link between deposit and output
- Deposit tokens with secret nullifier
- Create encrypted swap intents with stealth addresses
- Optional privacy relayer (submits intents on behalf of users)
- Wallet signature verification (prevents nullifier theft)
- TEE polls IntentQueue every 5 seconds
- SEAL threshold decryption (2-of-3 key servers)
- Transaction signing via tx-signer service
- Execute swap on FlowX DEX
- Send output to unlinkable stealth addresses
- Claim tokens from stealth addresses
- Cetus mainnet integration (implemented, pending deployment)
- Production deployment to AWS Nitro Enclaves (c5.xlarge)
Note: Testnet uses FlowX β MIST_TOKEN. Cetus mainnet swap is implemented but not yet deployed.
- Batch swap execution (multiple intents in one tx)
- Cross-pool swaps
- Additional token support
- Zero-knowledge proofs for enhanced privacy
- Architecture - Complete system design and data flow
- Setup Guide - Installation, configuration, and deployment
Due to fastcrypto version conflicts between SEAL SDK and sui-types, we built a novel signing architecture:
- Backend: Handles all SEAL encryption (fastcrypto v1)
- tx-signer: Signs transactions only (fastcrypto v2)
- Result: Clean separation, no version conflicts
This HTTP wrapper pattern is production-ready and commonly used in Sui projects. See tx-signer/README.md.
First DeFi protocol on Sui to use SEAL threshold encryption for:
- User balance privacy
- TEE-verifiable decryption
- Dual-party access (user + TEE)
Every swap intent requires a wallet signature to prevent nullifier theft attacks:
- Message format:
mist_intent_v2:{nullifier}:{inputAmount}:{outputStealth}:{remainderStealth} - TEE verifies signature before executing (Ed25519, Secp256k1, Secp256r1 supported)
- Attackers cannot steal nullifiers without the user's wallet private key
100% on-chain intent tracking:
- No database required
- Survives backend restarts
- Transparent and auditable
- Efficient RPC queries
What's Private:
- Individual swap amounts (SEAL encrypted)
- Deposit ownership (no owner field on-chain)
- User β swap linkage (stealth addresses break link)
What's Public:
- Deposit events (no amounts, no owner)
- Intent queue state (encrypted contents)
- Stealth address balances (unlinkable to user)
Trusted:
- AWS Nitro Enclaves (hardware attestation via NSM API)
- SEAL key servers (2-of-3 threshold - no single point of failure)
- Smart contract logic (auditable on-chain)
- TEE backend address (hardcoded in contract for authorization)
Not Trusted:
- Individual key servers (threshold prevents collusion)
- RPC nodes (cannot decrypt - see only encrypted bytes)
- Frontend (encryption happens client-side with SEAL SDK)
Testnet Deployment:
- Contracts:
0x584b4dd0e047e8cca64f82f5945a0f75cfd1c1e06d3757831a82369de976f89a - Network: Sui Testnet
Try it yourself:
- Get testnet SUI from faucet
- Follow setup guide: docs/SETUP.md
- Create a swap and watch the TEE process it!
- Sui Documentation: https://docs.sui.io
- AWS Nitro Enclaves: https://aws.amazon.com/ec2/nitro/nitro-enclaves/
- SEAL Encryption: https://docs.mystenlabs.com/seal
- FlowX DEX: https://flowx.finance
Apache-2.0
Mist Protocol built by Misty Labs
- Mysten Labs for SEAL and Sui
- Cetus Protocol for DEX infrastructure
- AWS for Nitro Enclaves