Is the canister data / state secret or public?

Hello! I have 2 quick questions:

  • is the data that constitutes the state of a canister secret/encrypted or public?
  • how about the actual canister code?

Data is not public, but also should not be considered cryptographically secure. There is no way to access canister state for an arbitrary canister, but the machines that run canisters do have access to unencrypted state, so please don’t store sensitive private keys or personal health data without encrypting the data before sending it to the canister (i.e. in the front end, e.g. like this: encrypted notes sample dapp).

The canister code is also not public by default, but the hash of the code is publicly available. You can get the hash of a canister’s installed code e.g. with dfx canister --network ic info <canister id>. This hash allows you to verify that some public code actually matches what is running live.


Hi Severin, can you please share any technical documentation around this? I am trying to better understand data privacy in the IC. Also, if this was part of any design decisions, is there anything documenting the discussion around this?

I guess the best we have for that topic is this: AMD SEV Virtual Machine Support

Related topics:

So far the design decision was that we’d rather have a working system instead of delaying the launch of the IC by a long time until FHE or SEV is ready. One step at a time. But since the IC shall be a computation platform for any use case we’re well aware that there needs to be some way to work with data privately. That’s why there’s work going into SEV right now, and hopefully at some point in the future even FHE or something of similar strength.