Guarding against malicious node providers

General DFINITY
2

Hi there @thomas_vdd

TLDR

I usually tell folks is that data inside canisters should be considered "hard to get, but not cryptographically private" from node providers which means that it is not recommended people use it for privacy.

Summary

from what I understood it’s currently possible for node providers to currently sniff the internal state of a canister.

This is correct.

Long term initiatives to address this

From an R&D POV, there are a few ways one could achieve privacy you are looking for. Many of which are long term initiatives.

  1. Threshold and multi party computation - so even if a malicious node provider inspects the data inside their hardware, it does not reveal enough for malicious actions. This is done for certain things like ECDSA and other private keys, not for all data.

There is an ongoing project called VetKeys that will bring threshold decryption and privacy to canister states.

  1. Secure enclaves - It is an ongoing R&D project to have secure enclaves so the execution environment is opaque even to the people who manage the hardware. This is not live on the IC.

To your questions:

How easy is it for a node provider to sniff?

I think technically they are sniffing because sniffing means inspecting the traffic over a network. the traffic over the network is encrypted. I think you mean inspecting. That being said, the traditional answer is “Hard, but not hard enough, and not cryptographically secure.” Since ICP community is all about cryptography, if something is not cryptographically secure, it is considered not private.

Do node providers take a risk by sniffing, meaning it can be traced/discovered that a node provider sniffed?

There is no obvious way for the network to know if a hardware maintainer inspected the state inside their machine.

To retrieve sensitive data in my application a node provider needs to sniff for a long duration, can a node-provider stay in a subnet indefinitely in case it wants to?

Nodes stay in subnets for a long time. Enough that I would not plan on the length in a subnet as a form deterrent or protection.

Are there already possible guards we can add to a canister to guard against sniffing?

yes, a developer could use threshold encryption where possible. Not all data can threshold encrypted triviall yet. vekKeys will help here.

Are there any longterm initiatives to tackle this problem that I can already have a look at? For example if there is a solution planned for next year, I can already take this into consideration for the design of my application

yup! see above.