Motion Proposals on Long Term R&D Plans

1. Introduction

As 2021 comes to an end, and the Internet Computer crosses its 6-month mark, the DFINITY foundation has been self-assessing how to best be a contributor within the IC ecosystem where the foundation juggles three goals:

  1. Support the developer community and other users of the IC
  2. Facilitate other parties to contribute to the IC
  3. Contribute to the Internet Computer Protocol’s development for scalability, usability, and security.

As a key contributor to the IC, the DFINITY foundation is seeking feedback from the community on its entire R&D plans for the next few years by means of forum discussion and ultimately motion proposals. Having a shared understanding of the building blocks would help the entire IC community to be aligned on a common path towards our grand vision of Blockchain Singularity in which the majority of the world’s systems and services will be rebuilt entirely from smart contracts.

2. How these R&D proposals are different

Previous motion proposals have revolved around specific features and tended to have clear, finite goals that are delivered and completed. They tended to be measured in days, weeks, or months.

These motion proposals are different and are defining the long term plan that the foundation will use, e.g., for hiring and organisational build out. They have the following traits and patterns:

  1. Their scope is years, not weeks or months as in previous NNS motions
  2. They have a broad direction, but are active areas of R&D so they do not have an obvious line of execution.
  3. They involve deep research in cryptography, networking, distributed systems, language, virtual machines, operating systems.
  4. They are meant to match the strengths of where the DFINITY foundation’s expertise is best suited.
  5. Work on these proposals will not start immediately.
  6. There will be many follow-up discussions and proposals on each topic when work is underway and smaller milestones and tasks get defined.

An example may be the R&D for “Scalability” where there will be a team investigating and improving the scalability of the IC at various stages. Different bottlenecks will surface and different goals will be met.

3. How these R&D proposals are similar to what we have seen

We want to double down on the behaviors we think have worked well. These include:

  1. Publicly identifying owners of subject areas to engage and discuss their thinking with the community
  2. Providing periodic updates to the community as things evolve, milestones reached, proposals are needed, etc…
  3. Presenting more and more R&D thinking early and openly.

This has worked well for the last 6 months so we want to repeat this pattern…

4. List of Proposals

  1. ETH integration - Chain Key cryptography facilitates consensus among IC nodes. Through an extension of the Chain Key cryptography, the IC will be able to directly interact with the Ethereum network. Smart contracts on the IC will be able to submit transactions on Ethereum. Additional work areas include supporting the Ethereum Virtual Machine (EVM) on the Internet Computer, and more. Discussion lead: @dieter.sommer

  2. General Integration - This project is about integration efforts of the IC with systems outside the IC: The Web, other blockchains, and end-user devices. The IC, like any other blockchain, cannot directly interact with machines on the Internet per se, e.g., by making API calls via HTTP(S). Integrations with outside systems are crucial for certain applications that rely on data from those systems and can help create value in multiple ways for the IC and smart contracts executed on it. The main areas of integration are HTTP support for canisters, supporting other protocols for canisters to communicate with the “outside world”, oracle integrations, integrations with other blockchains, alternatives for cloud SDKs. Discussion lead: @dieter.sommer

  3. Decentralized CA and DNS - The Internet Computer (IC) offers dapp developers a possibility to build and host Web dapps on the Internet Computer that are served completely end-to-end through blockchain to a browser. This project aims to provide mechanisms that ensure seamless verification of the content that is served from the Internet Computer blockchain to any browser and guarantee end-2-end security without additional tooling, using built-in mechanisms only. This includes making the IC a decentralized Certificate Authority and providing a decentralized DNS on the IC. Discussion lead: Maria Dubovitskaya

  4. TEE enhanced IC - This project focuses on the integration of a hardware-aided Trusted Execution Environment (TEE) into the IC nodes. It will provide confidentiality and offer additional integrity protection for all hosted code and data. In particular the integration of trusted execution will protect against attacks from rogue data centers operators and intrusions at the level of the host operating system. Discussion lead: Rüdiger Kapitza

  5. Dapp gov (SNS) - Tokenization enables powerful incentive systems that set dapps apart from traditional applications. A tokenized dapp allows anyone in the world to purchase tokens and thereby contribute to the dapp’s funding. Moreover, tokens can be paid to early adopters and active users, which will help to attract more users. By giving voting rights to users who have (locked) tokens, open and decentralized governance is established. With this project, we plan to realize and extend the currently planned Service Nervous System (SNS) work and to create all the building blocks that allow dapp developers to operate a decentralized and open governance system. Discussion lead: @lara

  6. DeFi enhancements - Decentralized finance is a main use case in the blockchain space. DeFi dapps can be deployed as canister smart contracts on the Internet Computer blockchain to take advantage of the ICs features including scalability and on-chain web support. This proposal recommends adapting the Internet Computer and its ecosystem to further support DeFi applications, the goal is to make it as easy as possible to develop and deploy capable DeFi dapps and participate in the DeFi ecosystem. Discussion lead: @JensGroth

  7. Node performance - The current design and implementation of the IC protocol has been focused on simplicity and low engineering effort. While this suffices to demonstrate the possibilities of canister smart contracts, unleashing the full capacity of the IC requires a high-performance design and implementation. The goal of this project is to address bottlenecks and thus increase the performance of individual IC nodes, so that more query and update requests can be executed in the same amount of time.
    This will involve improvements to the orthogonal persistence mechanism, NIC virtualization, OS and Canister scheduling, caching and the investigation of HW accelerators for compute-intensive tasks. Discussion lead: @stefan-kaestle

  8. Scalability - In order to be able to serve millions of smart contracts, the scalability of the Internet Computer protocol and implementation will be improved to support more nodes per subnet to be able to tolerate a higher number malicious nodes, higher throughput and less overhead for users as well as for network operations. Discussion lead: @yvonneanne

  9. Storage Subnets - Currently the Internet Computer has two types of subnet blockchains: system (with high replication) and application (with medium replication). This project is to add support for a third subnet type to support dapps with high storage requirements. Discussion lead: @akhilesh.singhania

  10. Secure OS - This project aims to complement the security of the IC by focusing on the IC providing virtual machines and the associated host operating system. To strengthen the security it is planned to compartmentalize the IC software and holistically secure the system. As a part of this process, a clearly defined and fine-grained security policy has to be devised to detect and prevent security breaches. In case the former cannot be achieved, for example, due to a zero-day vulnerability, the aim is to limit the impact and launch countermeasures to prevent further damage. Discussion lead: @hcb

  11. Tokenomics - This project is about monitoring, designing, and reacting to the economics of the IC’s ecosystem. Example areas include:

  • a. adaptive inflation and deflation control
  • b. market-based remuneration parameter changes (node providers, neuron rewards, …)
  • c. modeling of ICP market and its movements
  • d. staking and neuron reward management functionality
  • e. proposals, voting and reward modeling and tuning

Discussion lead: @jwiegley

  1. SDK - Significant investment into the developer experience as the SDK is the main tool and interface used by developers when building on the IC. The SDK shall provide a better debugging and testing environment, allow profiling of dapps, ensure reliable canister upgrades and canister state retrieval. The SDK shall come with an improved documentation and example code for more use cases, frameworks and languages. Discussion lead: @kpeacock

  2. Motoko - Extend and improve the native language of the IC, Motoko, which includes: better IDE integration, package manager, logging and monitoring support, improved scalability of garbage collection and upgrades, and maintaining parity with new IC features such as heartbeat messages. Discussion leads: @claudio @rossberg

  3. PQ security - In the future attackers may be aided by quantum computers. Quantum algorithms can break some of the cryptographic assumptions the Internet Computer relies on, specifically they can break the discrete logarithm assumption. A quantum-capable adversary could thus forge signatures used in the IC. Predictions of when quantum computers will be powerful enough to break the discrete logarithm problem vary, with a small minority of experts believing it could be within the next 5 years. The IC must therefore be hardened against quantum-capable attackers. Discussion lead: @JensGroth

  4. Internet Identity - Internet Identity is a blockchain authentication system built for and on the Internet Computer.This project suggests focusing R&D efforts in the following years to the following topics:

  • a. Improve security of recovery method management in the II canister.
  • b. Provide stronger, cryptographic unlinkability guarantees with weaker trust assumptions.
  • c. Performance improvement in generating delegations.
  • d. Secure account recovery using external identity verification providers.
  • e. Decentralized anonymous credential-based authentication.
  • f. Better mechanisms against bots, e.g. based on web auth attestations.
  • g. Support for devices without web authentication.
  • h. Support Internet Identity use in native apps.

Discussion lead: @bjoern

  1. Privacy: MPC - Since computation is replicated on many nodes, users risk one of the nodes may leak data. Cryptographic protocols for multi-party computation enable several nodes to jointly compute a function on confidential data without revealing the input or intermediate data. In theory, any function can be securely evaluated with MPC but users pay a performance overhead. This research will provide MPC functionality on the IC for users who need strong privacy guarantees aiming at both versatility and practicality. Discussion lead: @JensGroth

  2. Formal Verification - This project is about machine-checked verification of the IC’s properties. Examples include:

  • a. Machine-checked verification of NNS on abstract level
  • b. Model based testing of NNS canisters via reference implementations
  • c. Machine-checked verification the Wasm code of NNS canisters adhere to formally specified properties
  • d. Machine-check interface aspects of the IC abstractly (replay protection, authentication)
  • e. Create tools to aid building formally verified canisters on the IC for critical applications (e.g., DeFI, auctions, SNS, etc)
  • f. Verify execution, message routing, state manager, consensus as close to code level as possible, Develop abstract model of the full replica
  • g. Abstractly model sharding and interaction between subnets
  • h. Formal and informal linking of models to the actual IC implementation, in particular critical parts of the NNS
  • i. Maintain link between models and evolving implementation

Discussion lead: @JensGroth

  1. Security Proofs - The Internet Computer is a complex beast that requires several non-standard cryptographic primitives to come together in order to provide its strong security guarantees. Provable security, also known as reductionist security, is a technique from theoretical cryptography where a new scheme, protocol, or system is mathematically proved to be secure as long as some precisely stated hardness assumptions hold. In this project, the Foundation will first provide security proofs for the IC’s core components, and then prove that the IC securely glues these components together to provide precisely stated security guarantees.

**Discussion lead: @gregory **

  1. Malicious Node Security - This project is about the IC monitoring, reacting, and handling malicious behavior from nodes in a subbety. Examples include: handle equivocating block makers more efficiently or detect and act upon malicious behavior. Discussion lead: @Manu

  2. "People Parties" Proof of Human - Virtual people parties, coordinated by the Internet Computer, establish the personhood of otherwise pseudonymous identities. In a virtual people party, a small group of users validates each others’ personhood in a process that is fast, easy, and anonymous. Discussion lead: @bjoern

  3. Decentralized Node Management - Enabling node providers to deploy and operate IC nodes independently is key to the growth of the IC network. At the same time, the growth should further improve decentralization (new geographies, new data centers, etc.). This shall be achieved by new onboarding and deployment processes and tooling that make heavy use of the NNS, the IC’s governance system. Discussion lead: @samuelburri @Luis @yvonneanne

  4. Boundary Nodes - The boundary nodes are the gateways to the IC. Their main purpose is to translate HTTP requests from users into calls to canister smart contracts on the IC and route calls to nodes on the corresponding subnet. In addition, boundary nodes provide load balancing, caching, rate limiting, IPv4-IPv6 translation (as IC nodes all use IPv6), and integrity verification for content served to users. This motion proposal sets the future roadmap for boundary nodes. It is proposed to enhance the design and implementation of the boundary nodes in several aspects, to make their deployment and operation more decentralized, make them easier to deploy and upgrade, and increase their security. Discussion lead: Yotam Harchol

  5. Subnet splitting - In the near future, subnets with heavy load can be split into two subnets via multiple NNS proposals, to balance the load. This project is about upgrading the mechanisms for subnet splitting such as splitting via a single proposal or subnet splitting taking into consideration which canisters together form a single dapp, and should remain on the same subnet. Discussion lead: @Manu

  6. Canister Migration - This project is about Canisters moving from one subnet to another subnet to take load off a subnet by moving popular or offending canisters to separate subnets, but in a way which is transparent to users, developers, or other canisters sending messages. Discussion lead: @derlerd-dfinity1

5. What we are asking the community

Each of these topics will get its own forum thread for community feedback, dialogue, and iterations, and (eventually) proposals. Frankly, we do not expect many nitty-gritty details because these are meant to address projects that go on for long time horizons.

The DFINITY foundation’s only goal is to improve the adoption of the IC so we want to sanity-check the projects we see necessary for growing the IC by having you (the ICP community) tell us what you all think of these active R&D threads we have.

6. What this means for the existing Roadmap or Projects

In terms of the current roadmap and proposals executed, those are still being worked on and have priority. You will also realize that some of the topics we discuss are an extension of projects that are already on the roadmap.

An intellectually honest way to look at these long-term R&D projects is to see them as the upstream or “primordial soup” from which more baked projects emerge from. With this lens, these proposals are akin to asking, “what kind of specialties or strengths do we want to make sure DFINITY foundation has built up?”

Most (if not all) projects that the DFINITY foundation has executed or is executing are borne from long-running R&D threads. Even when community feedback tells the foundation, “we need X” or “Y does not work”, it is typically the team with the most relevant R&D area that picks up the short-term feature or project.

32 Likes

Having a shared understanding of the building blocks would help the entire IC community to be aligned on a common path towards our grand vision of Blockchain Singularity in which the majority of the world’s systems and services will be rebuilt entirely from smart contracts.

I’ve heard this from Dom and others at DFINITY over a hundred times, and I still get goosebumps each time. What an exciting time to be in this space.

It’s pretty incredible how DFINITY (especially @diego) aligns on and communicates its vision to external parties better than most companies align on and communicate visions to their own internal employees.

11 Likes

Just wanted to highlight areas I find underrated but super important:

  1. Storage Subnets - Currently the Internet Computer has two types of subnet blockchains: system (with high replication) and application (with medium replication). This project is to add support for a third subnet type to support dapps with high storage requirements. Discussion lead: @akhilesh.singhania

Great to hear DFINITY is considering this. Storing images and videos is surely a common use case that I and other developers I’ve talked to have. There’s actually two potentially contradictory goals of a storage subnet: lower costs and faster reads. Right now, it takes significantly longer to serve an image stored on the IC via HTTP than from a centralized cloud, at least from this thread.

  1. Security Proofs - The Internet Computer is a complex beast that requires several non-standard cryptographic primitives to come together in order to provide its strong security guarantees. Provable security, also known as reductionist security, is a technique from theoretical cryptography where a new scheme, protocol, or system is mathematically proved to be secure as long as some precisely stated hardness assumptions hold. In this project, the Foundation will first provide security proofs for the IC’s core components, and then prove that the IC securely glues these components together to provide precisely stated security guarantees. Discussion lead: @gregory

I wonder if this could somehow also include the idea proposed here of a VM (i.e. WASM runtime) that can provide zero-knowledge proofs? I know the goal of this is more along the lines of formal verification, but it could be related.

  1. Boundary Nodes - The boundary nodes are the gateways to the IC. Their main purpose is to translate HTTP requests from users into calls to canister smart contracts on the IC and route calls to nodes on the corresponding subnet. In addition, boundary nodes provide load balancing, caching, rate limiting, IPv4-IPv6 translation (as IC nodes all use IPv6), and integrity verification for content served to users. This motion proposal sets the future roadmap for boundary nodes. It is proposed to enhance the design and implementation of the boundary nodes in several aspects, to make their deployment and operation more decentralized, make them easier to deploy and upgrade, and increase their security. Discussion lead: Yotam Harchol

This is so important. Every ingress request goes through a boundary node. Boundary nodes were partially responsible for the ICPunks “outage” a couple months ago. But right now, boundary nodes are owned by DFINITY and their inner workings aren’t transparent (at least to me). A great first step would be to release more information about these nodes.

11 Likes

These are some mighty kind and generous words. We truly appreciate it.

3 Likes

Not sure I have pinged @JensGroth

2 Likes

This is very exciting. I love how DF is so inclusive and wants feedback from the community. I’ll be happy to contribute to many of these discussions, especially internet identity and tokenomics. It would be nice to form subcommittees and/or engage in video or voice conferences in addition to having periodic forum discussions. I would really like to learn more about DF current and future thinking in some of these areas. Having that insight would enable me to do a better job developing analytical and strategic thoughts about what R&D efforts might be in the long term best interest of the IC community. I could see myself getting highly engaged in these activities if that is the desired outcome for community support.

7 Likes
  1. Security Proofs - The Internet Computer is a complex beast that requires several non-standard cryptographic primitives to come together in order to provide its strong security guarantees. Provable security, also known as reductionist security, is a technique from theoretical cryptography where a new scheme, protocol, or system is mathematically proved to be secure as long as some precisely stated hardness assumptions hold. In this project, the Foundation will first provide security proofs for the IC’s core components, and then prove that the IC securely glues these components together to provide precisely stated security guarantees. Discussion lead: @gregory

I wonder if this could somehow also include the idea proposed here of a VM (i.e. WASM runtime) that can provide zero-knowledge proofs? I know the goal of this is more along the lines of formal verification, but it could be related.

Yes, this is exactly the kind of research questions that are in scope. I’ll comment in the thread you linked.

5 Likes

In my humble opinion the most important issue by far is : 3. Decentralized CA and DNS … Without this, projects dev’d on IC are viewed as a ‘work in progress’, SEO will not work right, and it’s tough to get users to trust cryptic ic0 domains. It’s a great barrier to mass adoption. Technical challenges stop us from pointing centralized A or CNAMES records to an IC project, so this is important.

My second most important issue as a dev is 9. Storage Subnets - Working with larger files greater than 2mb on IC chunking files into smaller pieces on upload/download and, storing in hashmaps etc is intimidating, for me anyways, as a developer. Also scaling up beyond container limits causes concern, although there are those who have built solutions around this independently. If we end up with Tb’s of data after launching and gaining popularity, it would be nice to have much more convenient solutions to manage the data. It would be great to see storage subnets with ‘easy integration tools’ for developers

Thirdly, 15 Internet Identity - ease of use UI in browser - I beleive a solution is being worked on currently by dostro - it would be great if II for mobile apps could be easy to implement as well for developers

It would be great to officially support mobile through foundation audited packages for React Native, Flutter (which astrox has done a fantastic job AstroxNetwork · GitHub), Unity and maybe even native building tools. IC could be huge as a mobile backend.

I always appreciate and am amazed by the hard work and complex challenges the foundation tackles, thank you for your great foresight and heavy brains

10 Likes

A quick thing to do, is to add derived Bitcoin blockchain on ICP… Like Litecoin, Dogecoin, Bitcoin Cash… I’m not an expert, but work must be very similar once you did it for Bitcoin…

This is very exciting. I love how DF is so inclusive and wants feedback from the community. I’ll be happy to contribute to many of these discussions, especially internet identity and tokenomics. It would be nice to form subcommittees and/or engage in video or voice conferences in addition to having periodic forum discussions. I would really like to learn more about DF current and future thinking in some of these areas. Having that insight would enable me to do a better job developing analytical and strategic thoughts about what R&D efforts might be in the long term best interest of the IC community. I could see myself getting highly engaged in these activities if that is the desired outcome for community support.

2 Likes

For those watching, some of the threads have started to be created. I will post them here:

Current Developer forum threads:

  1. ETH integration - Long Term R&D: Integration with the Ethereum Network
  2. General Integration - Long Term R&D: General Integration (Proposal)
  3. Decentralized CA and DNS - Long Term R&D: Decentralized CA and DNS (proposal)
  4. TEE enhanced IC - Long term R&D: TEE enhanced IC (proposal)
  5. Dapp gov (SNS) - Long Term R&D: Dapp governance (SNS) (proposal)
  6. DeFi enhancements - Long Term R&D: DeFi enhancements (proposal)
  7. Node performance - Long Term R&D: Node Performance (proposal)
  8. Scalability - Long Term R&D: Scalability (proposal)
  9. Storage Subnets - Long Term R&D: Storage Subnets (proposal)
  10. Secure OS - Long Term R&D: Secure OS (proposal)
  11. Tokenomics - Long Term R&D: Tokenomics (proposal)
  12. SDK - Long Term R&D: SDK (proposal)
  13. Motoko - Long Term R&D: Motoko (proposal)
  14. PQ security - Long Term R&D: PQ security (proposal)
  15. Internet Identity - Long Term R&D: Internet Identity (proposal)
  16. Privacy: MPC - Long Term R&D: Privacy: MPC (proposal)
  17. Formal Verification - Long Term R&D: Formal Verification (proposal)
  18. Security Proofs - Long Term R&D: Security Proofs (proposal)
  19. Malicious Node Security - Long Term R&D: Malicious Node Security (proposal)
  20. “People Parties" Proof of Human - Long Term R&D: "People Parties" Proof of Human (proposal)
  21. Decentralized Node Management - The State and Direction of Decentralization & Nodes on the Internet Computer
  22. Boundary Nodes - Long Term R&D: Boundary Nodes (proposal)
  23. Subnet splitting - Long Term R&D: Subnet splitting (proposal)
  24. Canister Migration - Long Term R&D: Canister Migration (proposal)
  25. Subnet Recovery - WIP
8 Likes

I want to let folks know the current thinking:

Instead of having 25 days with many proposals, we are thinking it would make more sense to have one day with all the proposals (or at least the ones that are sufficiently baked), that way people have to go to the NNS Dapp once (and vote a few times), rather than spreading it out.

We are thinking Monday, December 20, 2021, and posting an associated blogpost on dfinity’s medium as well as starting to promote this week via socials (promotion is a big part of NNS motions as we have found). As always, I try to read what folks think and keep will iterate if needed.

4 Likes

Just added forum for this project: Long Term R&D: Decentralized CA and DNS (proposal)

1 Like

Just added this forum project: Long Term R&D: Internet Identity (proposal)

1 Like

Update:

As mentioned earlier, all of the proposals for the different R&D threads have been submitted for voting:

  1. ETH integration - Internet Computer Network Status
  2. General integration - Internet Computer Network Status
  3. Long Term R&D: Decentralized CA and DNS- Internet Computer Network Status
  4. TEE enhanced IC - Internet Computer Network Status
  5. Dapp Governance - Internet Computer Network Status
  6. Defi Support - Internet Computer Network Status
  7. Node Performance - Internet Computer Network Status
  8. Scalability - Internet Computer Network Status
  9. Storage Subnets - Internet Computer Network Status
  10. Secure OS - Internet Computer Network Status
  11. Tokenomics - Internet Computer Network Status
  12. SDK - Internet Computer Network Status
  13. Motoko - Internet Computer Network Status
  14. PQ Security - Internet Computer Network Status
  15. Internet Identity - Internet Computer Network Status
  16. MPC - Internet Computer Network Status
  17. Formal verification - Internet Computer Network Status
  18. Security proofs - Internet Computer Network Status
  19. Malicious node security - Internet Computer Network Status
  20. People Parties - Internet Computer Network Status
  21. Decentralized node management - Internet Computer Network Status
  22. Boundary Nodes - Internet Computer Network Status
  23. Subnet Splitting - Internet Computer Network Status
  24. Canister Migration - Internet Computer Network Status
  25. Subnet Recovery - Internet Computer Network Status
3 Likes

Update:

All of the proposals passed! Thank you, everyone.

But not all passed equally. In particular, some had enough REJECT votes to make us wonder, so we will dive deeper into those with their respective dev forum threads to understand the main concerns.

In particular, the three which I am referring to are:

  • Motoko
  • SNS
  • People Parties
7 Likes