If I write (backend) code for Dfinity, is that code necessarily readable by everyone? Or only me? (I keep seeing the word “OPEN” everywhere…?)
Yes, everything on chain is public.
For secret data you can use any kind of encryption that fits you.
For secret algorithms there is a “homomorphic encryption”, but this thing is tough.
Are you sure about this?
Any documentation on that?
My understandings is that you’ll have multiple subnets, some might be public or not.
(Data/System/Fiduciary) from the Tungsten Event
I guess the Fiduciary one will be public
System and Data might just expose the Candid interfaces but not the bytecode.
No documentation on that. Just my own speculation.
Quickly went through the Tungsten event videos on YT - I can’t find any evidence of private computation there.
I’m just an amateur, but there are some things that I can predict with a high probability.
What is a subnet? It is a subset of some nodes that are actually responsible for your canister right now. A cluster in other words.
What is a canister? It is a web assembly module + its associated linear memory.
Is it possible to execute some code (possibly very complex) and then prove to other parties that you did it correctly, without revealing the code itself? Yes, but it requires very expensive math.
Is canister’s linear memory also private? If so, how can this be achieved? Maybe we could figure out some kind of shared key encryption for subnet nodes. What about public getters? They should decrypt the memory portion and return it alongside some other type of proof - proof that this portion of data is surely contained inside the cyphertext of this canisters linear memory. But what happens if someone has like 50% of theirs canisters state covered with public getters? What kind of encryption it should be to resist an attacker that knows 50% of the cyphertext’s preimage?
For me it seems possible (in a far future), but very hard.
And also I don’t believe that these features are must-have and are something that could be focused right now. Community needs a reliable and efficient blockchain platform that is easy to develop on. Maybe one day we’ll see like “IC 2.0” with these features, but not now.
@groovee - my understanding is that your canister’s source and data is entirely private. However, should the server hosting your data be compromised, then your data would be accessible. In the future, a private subnet will exist which will encrypt everything so even if the server is compromised it will be safe.
Now, a canisters public functions are callable by anyone, that is the “Open” part. Canisters are designed to be “kit bashed” if you will.
you could also restrict access to publicly callable functions by a set of allowed caller id’s