Is data truly private on IC?

Hey everyone!

In the latest Dominic’s post about Badlands there is the following point:

  • It will not be possible for Badlands to host smart contracts in a manner that provides any degree of privacy for their computations and data, since the data will be replicated many times, and the node hardware used will not include technology that can protect the privacy of the data they process from those with access to the device, such as SEV-SNP (although this is also the case for nearly every blockchain in production today other than the Internet Computer).

This knowledge was new to me. I thought, that IC works the same way any other blockchain would - everything is public; want to make it private - encrypt it yourself.

  1. Is this true that the data is private?
  2. Is this why IC nodes only have RAMs installed, without other storage devices?
  3. Is this correct to assume that in the case when it is true, the IC implements Secure Enclave paradigm and there is no need in software based solutions for this (like a special subnet type operating over homomorphically encrypted data)?
  4. Are there any risk analytics (with numbers and costs) which approve this decision? Because in the case when it is true, data privacy fully relies on a single vendor (AMD) which the entire internet should trust. If the IC becomes that big as Dominic said here the prize for stop being honest for such a trusted third party may become super tasty.
  1. No. Not yet. Encrypt if you don’t want node providers to have access.
  2. RAM can be accessed via side channel.
  3. Coming soon(maybe not that soon, but planned)
  4. Not sure I understand. Enclaves will change the game.
1 Like

I would really like to see this ‘side channel’ McGuffin in action, it would be Tom Cruise level spycraft fer sure. SEV-SNP is kind of like paying for the hot wax when u r going thru the NVRAM car wash … but it is a cool way for folks who maybe have never been in a switch room to feel comfortable.

Thanks. Where did you get these insights from?

Echo what @skilesare said.

Side channel attacks are currently possible. If someone (or even an node operator) wants to prove a point (that there is no data privacy at the moment), there is this challenge Capture the Token: Hack this canister for 1 ICP.


When you say not yet, do you know what are plans about this feature? Are they planning to integrate zksnark or something else?
Also, what is use of private data in canisters for now except for code encapsulation?

I think there are lots of different plans for lots of different things. You can see a discussion about zk at Zero Knowledge Internet Computer Virtual Machine - #14 by jzxchiang. In addition I know a lot of research has gone into using digitally secure enclaves as well.