From encrypted rooms to programmable private payments on Sui.
Stripe × Signal, on Sui. Six phases turning PTB-atomic transfers + AES-256 ephemeral rooms into the privacy layer for bounty escrow, tipping, subscriptions, OTC negotiation, and private invoicing. Phase 2 — bounty escrow + admin-arbitrated disputes — is our Sui Overflow 2026 submission, DeFi & Payments core track.
PHASE 01
Foundation — Encrypted Ephemeral Rooms
shipped
Ship the privacy-and-self-destruct primitive that every later payment phase composes on.
Timeline: Shipped on Sui devnet
Core features
Pay SUI to create a room — tiered: free (public) / 0.01 SUI (private)
Per-room AES-256 key generated client-side; private rooms are true E2E via invite envelope
Public rooms encrypted-at-rest with on-chain key sharing (any visitor can join — disclosed, not blanket E2E)
Messages encrypted client-side → pinned to IPFS (Pinata) → CID committed to a Sui shared object
TTL enforced on-chain: 3d public, 7d private; per-room message cap (1000) with paginated UI
Live polling subscription (5s) — new messages render across devices
Two-step destruct: owner flips room to Closed → can then burn_room_key to zero the on-chain key (Burned); clients wipe local key on RoomClosed event
active_bounty_count invariant on Room — close_room reverts while > 0, so escrowed funds can never be stranded by an abandoned conversation
Chain is source of truth — frontend pulls room list + history from Sui, not localStorage
Upgradeable Sui Move package via AdminCap (Config v3 + Room v5 deployed)
▲ Live on Sui devnet. Package 0x25ac…f8a5f. Config v3 + Room v5 deployed; ephemeral_chat + bounty modules composed via public(package) integrity hooks. Next: PTB-native tipping + paid-DM (Phase 03) + mainnet deploy.
PHASE 02
Bounty Escrow + Admin-Arbitrated Disputes
in progress
Turn every room into a programmable task channel — lock SUI bounties, ship encrypted deliverables, settle atomically. When parties disagree, an AdminCap holder issues a split verdict on chain.
Timeline: Sui Overflow 2026 submission · deadline 2026-06-21
Core features
Post bounty with locked SUI — encrypted brief (AES-GCM 256) uploaded to IPFS, only the CID anchored on chain
Open lifecycle: any non-poster claims first-come, submits encrypted deliverable, poster releases funds
Anti-squat — claim window deadline; anyone can reopen a stalled bounty back to OPEN
Anti-ghost — review window deadline; claimer self-releases if poster doesn't respond in time
Either side can dispute mid-flight — funds frozen, encrypted reason CID anchored on chain
AdminCap split verdict — any 0–100% ratio between claimer / poster paid out in a single tx, with verdict text on chain
close_room invariant — blocked while any bounty is non-terminal; counter is mutated via public(package) hooks, not exposed to user PTBs
PTB-atomic composition — post bounty + encrypted chat announcement land in one user-signed tx
22/22 Move unit tests green; deployed on Sui devnet; mainnet path planned before final judging
PHASE 03
Programmable Atomic Payments
next up
Beyond bounty escrow — turn every interaction in a room into a payment surface. Tip per message, paid-DM creator model, encrypted memos, multi-coin support — all PTB-atomic.
Timeline: 4 – 6 weeks after Phase 2
Core features
PTB-native tip-a-message — send + transfer SUI in one tx, non-repudiable receipt anchored on chain
Paid DM rooms — per-message fee, sender pays per send (creator paid-DM model)
Encrypted payment memo — attach AES-256 encrypted note to any SUI transfer; only counterparty decrypts
Auto fee split — room fees + bounty fees atomically routed owner ↔ protocol treasury via PTB
Multi-coin generics — bounties + tips in USDC and other Coin<T>, not just SUI
PHASE 04
Account Abstraction & Recurring Payments
planned
Kill signature fatigue. Stack Sui's native AA primitives — zkLogin, sponsored transactions, session keys, and USDsui gasless transfer — so users tip, subscribe, and stream payments without seeing a wallet popup after the first session approval.
Timeline: 4 – 6 weeks after Phase 3
Core features
USDsui gasless transfer — pay and receive in Stripe-issued stablecoin with no SUI required on the user side; gas handled at the protocol level
zkLogin onboarding — sign up with Google / Apple OAuth, no seed phrase, ed25519 keypair derived from the OIDC claim
Sui sponsored transactions — gas station (sui-gas-pool / Shinami) pays SUI gas for add_message and tip txs
Session keys — one wallet popup per room session generates an ephemeral signer scoped to that room
Per-session and per-room spending caps to bound sponsorship cost and abuse
Subscription rooms — monthly USDsui auto-debit via session-key delegation; auto-expire if unpaid
SUI / USDsui streaming payroll — continuous per-second transfer, room as payroll dashboard
Graceful fallback to user-paid mode when relayer is down or session revoked
PHASE 05
Token Economy & DAO
planned
Token flywheel — pay for rooms with $SOSUI at discount, stake to earn free-room allowances, protocol fees buy-back-and-burn.