As 2021 comes to an end, and the Internet Computer crosses its 6-month mark, the DFINITY foundation has been self-assessing how to best be a contributor within the IC ecosystem where the foundation juggles three goals:
- Support the developer community and other users of the IC
- Facilitate other parties to contribute to the IC
- Contribute to the Internet Computer Protocol’s development for scalability, usability, and security.
As a key contributor to the IC, the DFINITY foundation is seeking feedback from the community on its entire R&D plans for the next few years by means of forum discussion and ultimately motion proposals. Having a shared understanding of the building blocks would help the entire IC community to be aligned on a common path towards our grand vision of Blockchain Singularity in which the majority of the world’s systems and services will be rebuilt entirely from smart contracts.
Previous motion proposals have revolved around specific features and tended to have clear, finite goals that are delivered and completed. They tended to be measured in days, weeks, or months.
These motion proposals are different and are defining the long term plan that the foundation will use, e.g., for hiring and organisational build out. They have the following traits and patterns:
- Their scope is years, not weeks or months as in previous NNS motions
- They have a broad direction, but are active areas of R&D so they do not have an obvious line of execution.
- They involve deep research in cryptography, networking, distributed systems, language, virtual machines, operating systems.
- They are meant to match the strengths of where the DFINITY foundation’s expertise is best suited.
- Work on these proposals will not start immediately.
- There will be many follow-up discussions and proposals on each topic when work is underway and smaller milestones and tasks get defined.
An example may be the R&D for “Scalability” where there will be a team investigating and improving the scalability of the IC at various stages. Different bottlenecks will surface and different goals will be met.
We want to double down on the behaviors we think have worked well. These include:
- Publicly identifying owners of subject areas to engage and discuss their thinking with the community
- Providing periodic updates to the community as things evolve, milestones reached, proposals are needed, etc…
- Presenting more and more R&D thinking early and openly.
This has worked well for the last 6 months so we want to repeat this pattern…
ETH integration - Chain Key cryptography facilitates consensus among IC nodes. Through an extension of the Chain Key cryptography, the IC will be able to directly interact with the Ethereum network. Smart contracts on the IC will be able to submit transactions on Ethereum. Additional work areas include supporting the Ethereum Virtual Machine (EVM) on the Internet Computer, and more. Discussion lead: @dieter.sommer
General Integration - This project is about integration efforts of the IC with systems outside the IC: The Web, other blockchains, and end-user devices. The IC, like any other blockchain, cannot directly interact with machines on the Internet per se, e.g., by making API calls via HTTP(S). Integrations with outside systems are crucial for certain applications that rely on data from those systems and can help create value in multiple ways for the IC and smart contracts executed on it. The main areas of integration are HTTP support for canisters, supporting other protocols for canisters to communicate with the “outside world”, oracle integrations, integrations with other blockchains, alternatives for cloud SDKs. Discussion lead: @dieter.sommer
Decentralized CA and DNS - The Internet Computer (IC) offers dapp developers a possibility to build and host Web dapps on the Internet Computer that are served completely end-to-end through blockchain to a browser. This project aims to provide mechanisms that ensure seamless verification of the content that is served from the Internet Computer blockchain to any browser and guarantee end-2-end security without additional tooling, using built-in mechanisms only. This includes making the IC a decentralized Certificate Authority and providing a decentralized DNS on the IC. Discussion lead: Maria Dubovitskaya
TEE enhanced IC - This project focuses on the integration of a hardware-aided Trusted Execution Environment (TEE) into the IC nodes. It will provide confidentiality and offer additional integrity protection for all hosted code and data. In particular the integration of trusted execution will protect against attacks from rogue data centers operators and intrusions at the level of the host operating system. Discussion lead: Rüdiger Kapitza
Dapp gov (SNS) - Tokenization enables powerful incentive systems that set dapps apart from traditional applications. A tokenized dapp allows anyone in the world to purchase tokens and thereby contribute to the dapp’s funding. Moreover, tokens can be paid to early adopters and active users, which will help to attract more users. By giving voting rights to users who have (locked) tokens, open and decentralized governance is established. With this project, we plan to realize and extend the currently planned Service Nervous System (SNS) work and to create all the building blocks that allow dapp developers to operate a decentralized and open governance system. Discussion lead: @lara
DeFi enhancements - Decentralized finance is a main use case in the blockchain space. DeFi dapps can be deployed as canister smart contracts on the Internet Computer blockchain to take advantage of the ICs features including scalability and on-chain web support. This proposal recommends adapting the Internet Computer and its ecosystem to further support DeFi applications, the goal is to make it as easy as possible to develop and deploy capable DeFi dapps and participate in the DeFi ecosystem. Discussion lead: @JensGroth
Node performance - The current design and implementation of the IC protocol has been focused on simplicity and low engineering effort. While this suffices to demonstrate the possibilities of canister smart contracts, unleashing the full capacity of the IC requires a high-performance design and implementation. The goal of this project is to address bottlenecks and thus increase the performance of individual IC nodes, so that more query and update requests can be executed in the same amount of time.
This will involve improvements to the orthogonal persistence mechanism, NIC virtualization, OS and Canister scheduling, caching and the investigation of HW accelerators for compute-intensive tasks. Discussion lead: @stefan-kaestle
Scalability - In order to be able to serve millions of smart contracts, the scalability of the Internet Computer protocol and implementation will be improved to support more nodes per subnet to be able to tolerate a higher number malicious nodes, higher throughput and less overhead for users as well as for network operations. Discussion lead: @yvonneanne
Storage Subnets - Currently the Internet Computer has two types of subnet blockchains: system (with high replication) and application (with medium replication). This project is to add support for a third subnet type to support dapps with high storage requirements. Discussion lead: @akhilesh.singhania
Secure OS - This project aims to complement the security of the IC by focusing on the IC providing virtual machines and the associated host operating system. To strengthen the security it is planned to compartmentalize the IC software and holistically secure the system. As a part of this process, a clearly defined and fine-grained security policy has to be devised to detect and prevent security breaches. In case the former cannot be achieved, for example, due to a zero-day vulnerability, the aim is to limit the impact and launch countermeasures to prevent further damage. Discussion lead: @hcb
Tokenomics - This project is about monitoring, designing, and reacting to the economics of the IC’s ecosystem. Example areas include:
- a. adaptive inflation and deflation control
- b. market-based remuneration parameter changes (node providers, neuron rewards, …)
- c. modeling of ICP market and its movements
- d. staking and neuron reward management functionality
- e. proposals, voting and reward modeling and tuning
Discussion lead: @jwiegley
SDK - Significant investment into the developer experience as the SDK is the main tool and interface used by developers when building on the IC. The SDK shall provide a better debugging and testing environment, allow profiling of dapps, ensure reliable canister upgrades and canister state retrieval. The SDK shall come with an improved documentation and example code for more use cases, frameworks and languages. Discussion lead: @kpeacock
Motoko - Extend and improve the native language of the IC, Motoko, which includes: better IDE integration, package manager, logging and monitoring support, improved scalability of garbage collection and upgrades, and maintaining parity with new IC features such as heartbeat messages. Discussion leads: @claudio @rossberg
PQ security - In the future attackers may be aided by quantum computers. Quantum algorithms can break some of the cryptographic assumptions the Internet Computer relies on, specifically they can break the discrete logarithm assumption. A quantum-capable adversary could thus forge signatures used in the IC. Predictions of when quantum computers will be powerful enough to break the discrete logarithm problem vary, with a small minority of experts believing it could be within the next 5 years. The IC must therefore be hardened against quantum-capable attackers. Discussion lead: @JensGroth
Internet Identity - Internet Identity is a blockchain authentication system built for and on the Internet Computer.This project suggests focusing R&D efforts in the following years to the following topics:
- a. Improve security of recovery method management in the II canister.
- b. Provide stronger, cryptographic unlinkability guarantees with weaker trust assumptions.
- c. Performance improvement in generating delegations.
- d. Secure account recovery using external identity verification providers.
- e. Decentralized anonymous credential-based authentication.
- f. Better mechanisms against bots, e.g. based on web auth attestations.
- g. Support for devices without web authentication.
- h. Support Internet Identity use in native apps.
Discussion lead: @bjoern
Privacy: MPC - Since computation is replicated on many nodes, users risk one of the nodes may leak data. Cryptographic protocols for multi-party computation enable several nodes to jointly compute a function on confidential data without revealing the input or intermediate data. In theory, any function can be securely evaluated with MPC but users pay a performance overhead. This research will provide MPC functionality on the IC for users who need strong privacy guarantees aiming at both versatility and practicality. Discussion lead: @JensGroth
Formal Verification - This project is about machine-checked verification of the IC’s properties. Examples include:
- a. Machine-checked verification of NNS on abstract level
- b. Model based testing of NNS canisters via reference implementations
- c. Machine-checked verification the Wasm code of NNS canisters adhere to formally specified properties
- d. Machine-check interface aspects of the IC abstractly (replay protection, authentication)
- e. Create tools to aid building formally verified canisters on the IC for critical applications (e.g., DeFI, auctions, SNS, etc)
- f. Verify execution, message routing, state manager, consensus as close to code level as possible, Develop abstract model of the full replica
- g. Abstractly model sharding and interaction between subnets
- h. Formal and informal linking of models to the actual IC implementation, in particular critical parts of the NNS
- i. Maintain link between models and evolving implementation
Discussion lead: @JensGroth
- Security Proofs - The Internet Computer is a complex beast that requires several non-standard cryptographic primitives to come together in order to provide its strong security guarantees. Provable security, also known as reductionist security, is a technique from theoretical cryptography where a new scheme, protocol, or system is mathematically proved to be secure as long as some precisely stated hardness assumptions hold. In this project, the Foundation will first provide security proofs for the IC’s core components, and then prove that the IC securely glues these components together to provide precisely stated security guarantees.
**Discussion lead: @gregory **
Malicious Node Security - This project is about the IC monitoring, reacting, and handling malicious behavior from nodes in a subbety. Examples include: handle equivocating block makers more efficiently or detect and act upon malicious behavior. Discussion lead: @Manu
"People Parties" Proof of Human - Virtual people parties, coordinated by the Internet Computer, establish the personhood of otherwise pseudonymous identities. In a virtual people party, a small group of users validates each others’ personhood in a process that is fast, easy, and anonymous. Discussion lead: @bjoern
Decentralized Node Management - Enabling node providers to deploy and operate IC nodes independently is key to the growth of the IC network. At the same time, the growth should further improve decentralization (new geographies, new data centers, etc.). This shall be achieved by new onboarding and deployment processes and tooling that make heavy use of the NNS, the IC’s governance system. Discussion lead: @samuelburri @Luis @yvonneanne
Boundary Nodes - The boundary nodes are the gateways to the IC. Their main purpose is to translate HTTP requests from users into calls to canister smart contracts on the IC and route calls to nodes on the corresponding subnet. In addition, boundary nodes provide load balancing, caching, rate limiting, IPv4-IPv6 translation (as IC nodes all use IPv6), and integrity verification for content served to users. This motion proposal sets the future roadmap for boundary nodes. It is proposed to enhance the design and implementation of the boundary nodes in several aspects, to make their deployment and operation more decentralized, make them easier to deploy and upgrade, and increase their security. Discussion lead: Yotam Harchol
Subnet splitting - In the near future, subnets with heavy load can be split into two subnets via multiple NNS proposals, to balance the load. This project is about upgrading the mechanisms for subnet splitting such as splitting via a single proposal or subnet splitting taking into consideration which canisters together form a single dapp, and should remain on the same subnet. Discussion lead: @Manu
Canister Migration - This project is about Canisters moving from one subnet to another subnet to take load off a subnet by moving popular or offending canisters to separate subnets, but in a way which is transparent to users, developers, or other canisters sending messages. Discussion lead: @derlerd-dfinity1
Each of these topics will get its own forum thread for community feedback, dialogue, and iterations, and (eventually) proposals. Frankly, we do not expect many nitty-gritty details because these are meant to address projects that go on for long time horizons.
The DFINITY foundation’s only goal is to improve the adoption of the IC so we want to sanity-check the projects we see necessary for growing the IC by having you (the ICP community) tell us what you all think of these active R&D threads we have.
In terms of the current roadmap and proposals executed, those are still being worked on and have priority. You will also realize that some of the topics we discuss are an extension of projects that are already on the roadmap.
An intellectually honest way to look at these long-term R&D projects is to see them as the upstream or “primordial soup” from which more baked projects emerge from. With this lens, these proposals are akin to asking, “what kind of specialties or strengths do we want to make sure DFINITY foundation has built up?”
Most (if not all) projects that the DFINITY foundation has executed or is executing are borne from long-running R&D threads. Even when community feedback tells the foundation, “we need X” or “Y does not work”, it is typically the team with the most relevant R&D area that picks up the short-term feature or project.