Realizing the Vision of the World Computer
Learn how the Internet Computer blockchain realizes the vision of the World Computer. Dive into its technology, open-source repositories, in-depth video academy sessions, white papers, publications, and detailed technology articles.
Architecture
Architecture of the Internet Computer
The Internet Computer (IC) realizes the vision of a World Computer – an open and secure blockchain-based network that can host programs and data in the form of smart contracts, perform computations on smart contracts in a secure and trustworthy way, and scale infinitely. To achieve this, blockchain technology – the foundation of the IC – had to be reconceived from ground up, building on many lessons learnt from earlier blockchain projects.
Smart contracts on the Internet Computer are called canister smart contracts, or canisters, each consisting of a bundle of WebAssembly (Wasm) bytecode and smart contract data storage. Each canister has its own, isolated, data storage that is only changed when the canister executes code.
Canisters are hosted on subnets, the top-level architectural building block of the IC. A subnet is an independent blockchain, running on node machines, or nodes, deployed in globally-distributed data centers. A single subnet can securely host tens of thousands of canister smart contracts, totalling in hundreds of gigabytes of memory – there are currently dozens of subnets, growing to thousands in the future. For each canister hosted on a subnet, its code and data is stored on every node in the subnet, and its code is executed by every node in the subnet. This replication of storage and computation is essential to achieve fault tolerance, so that canister smart contracts will continue to execute even if some nodes in the subnet are faulty (either because they crash, or even worse, are hacked by a malicious party). This replication is powered by the core Internet Computer Protocol (ICP), which implements a high-throughput, low-latency consensus mechanism and an efficient virtual machine for WebAssembly execution, backed by a blockchain.
The IC's multi-subnet architecture is much more powerful than the well-known sharding approach because it enables smart contracts on different subnets to communicate with each other seamlessly – much like services in a traditional microservices architecture, but fully on chain. Canisters communicate via asynchronous messages, i.e., they don't block on sending a message, but process the response when it eventually arrives. This novel approach to inter-canister calls allows for scaling out the IC by simply adding more subnets.
The core ICP makes heavy use of chain-key cryptography, a toolbox of advanced cryptographic protocols (based on threshold cryptography) that enables the decentralized operation of the IC with unprecedented scalability. Chain-key cryptography also includes a sophisticated collection of technologies for robustly and securely addressing operational concerns, such as how to deal with faulty nodes or protocol upgrades, which we call chain-evolution technology (for example, enabling nodes to easily join a subnet without validating every block beginning from the genesis block, as in other blockchains). Another building block in the chain-key crypto toolbox are chain-key transactions. They enable a canister to interact with (write to) other blockchains using threshold cryptography.
Having scalable and decentralized technology to power the operation of the network is not enough. In order to meet the requirements of complete decentralization, the IC needs a fully decentralized approach to governance. Governance of the IC platform and its R&D roadmap is accomplished through a tokenized Decentralized Autonomous Organization (DAO), which is called the Network Nervous System (NNS). Each individual dApp on the IC can have its own governance system similar to the NNS by customizing and deploying an out-of-the-box tokenized DAO based on the Service Nervous System (SNS) for the dApp.
Learn more about how the Internet Computer works and realizes the vision of a World Computer!
The Internet Computer was launched and open-sourced on May 10th 2021 by the DFINITY Foundation.
Core IC Protocol
Overview
The Internet Computer is powered by the Internet Computer Protocol (ICP), from which its utility token, the ICP token, derives its name. The core part of the IC protocol, the core IC protocol, is a 4-layer protocol that is running on the nodes of each subnet. By running the core IC protocol, the nodes of a subnet realize a blockchain-based replicated state machine that makes progress independently of the other subnets (but communicates asynchronously with them). This architecture of many concurrently-operating subnets enables the IC to scale practically without limits. Subnets process messages, which are submitted by users or come from other subnets.
The core IC protocol comprises the following four layers, from bottom to top:
- Peer-to-peer
- Consensus
- Message routing
- Execution
The lower two layers, P2P and consensus, together implement a selection and ordering of incoming messages and provide messages to the upper two layers in the form of blocks. The upper two layers, message routing and execution, receive blocks containing ordered messages from the lower part of the stack and execute them in a completely deterministic manner on every node of the subnet. This realizes a replicated state machine, where every node in the subnet transitions from the same starting state to the same ending state in every round (it must be ensured that every node executes the same messages in the same order, i.e., fully deterministically).
Peer-to-peer
The peer-to-peer layer (P2P) of the Internet Computer, the bottommost layer in the protocol stack, is responsible for the secure and reliable communication between the nodes of a subnet. The P2P layer realizes a virtual peer-to-peer broadcast network between the nodes of a subnet, building upon the Internet Protocol (IP) connectivity between the nodes. This makes the P2P layer the communications fabric that connects all the nodes of a subnet. Using P2P, a node can broadcast a network message, also called artifact, to all the nodes in the subnet. Artifacts can be things like input to canisters submitted by users or protocol messages (e.g., block proposals) generated by the IC protocol. P2P ensures that artifacts to be broadcast are eventually delivered to all nodes of the subnet. Eventual delivery reflects the asynchronous nature of real-world communication networks, which we assume for the Internet Computer protocol.
Every blockchain needs a consensus mechanism that allows the nodes to agree on the messages to be processed, as well as their ordering. Consensus is the component of the core IC protocol that drives the subnets of the IC. Each subnet is a blockchain that runs the IC core protocol, including consensus, independently of the other subnets. The purpose of the consensus protocol is to output the same block of ordered messages on each node of a subnet in a given round so that each node can make the same state transition when deterministically executing those messages.
The IC’s consensus protocol is designed to meet the following requirements: low latency (almost instant finality); high throughput; robustness (graceful degradation of latency and throughput in the presence of node or network failures).
The IC consensus protocol achieves these goals by leveraging chain-key cryptography.
The IC consensus protocol provides cryptographically guaranteed finality. The option of choosing probabilistic finality – similar to what is done in Bitcoin-like protocols, by considering a block final once a sufficient number of blocks have built on top of it in the blockchain – is not acceptable for the IC for two reasons: (1) probabilistic finality is a very weak notion of finality and (2) probabilistic finality would increase the time to finality drastically.
The IC consensus protocol achieves all of these goals making only minimal assumptions about the communication network. In particular, it does not assume any bounds on the time it takes for protocol messages to be delivered – that is, it only assumes an asynchronous network rather than a synchronous network. Indeed, for a decentralized network that is globally distributed, synchrony is simply not a realistic assumption. While it is possible to design consensus protocols that work in a purely asynchronous setting, these protocols generally have very poor latency. In order to achieve good latency, the IC consensus protocol requires protocol messages to be delivered in a timely manner to make progress. However, the correctness of the protocol is always guaranteed, regardless of message delays, so long as less than a third of the nodes in the subnet are faulty.
Message routing
The message routing layer implements the routing of inter-canister messages between subnets. This layer is also often referred to as cross-subnet messaging or simply XNet messaging. Secure XNet messaging is a key ingredient for the architecture of loosely-coupled subnets and thus a prerequisite for the scalability of the IC. In every IC round, message routing receives a block of messages to be processed from consensus – the same on each node of the subnet – and places the messages into the input queues of their target canisters, a process called induction. Then, it triggers the execution round which will potentially lead to new canister messages in the executed canisters' output queues. Once execution is done, the messages in the output queues will be routed to the respective subnet-to-subnet streams to be processed by the consensus protocol instances running on other subnets.
Another crucial functionality implemented by the message routing layer is state certification, that is, the subnet certifying parts of the replicated subnet state in every round in a decentralized manner. Among others, this certification is used by other subnets to verify the authenticity of the subnet-to-subnet streams or to allow users to authentically read the processing status of messages previously submitted by them. In addition to the partial state certification, the full state of the subnet is certified every multiple hundred rounds. This certification is, among others, used to allow fallen behind or newly joining replicas to verify the authenticity of the state they sync over via the state sync protocol. Details regarding the cryptography behind state certification can be found in the section on chain-key cryptography.
State certification and secure XNet messaging enable, among others, the secure and transparent communication of canisters across subnet boundaries, a challenge that any blockchain that has multiple shards struggles with. It also provides crucial building blocks to allow users to read certified parts of the replicated state, e.g., responses to messages submitted by them. Furthermore, it allows nodes to join a subnet efficiently without replaying all blocks since genesis or fallen behind nodes to catch up to the most recent state of a subnet. All of this makes message routing an integral layer of the core IC protocol crucial for realizing some of the IC's unique and distinguishing features.
Execution
The execution layer, the topmost layer of the core IC protocol stack, is responsible for executing canister smart contract code. Code execution is done by a WebAssembly (Wasm) virtual machine deployed on every node. WebAssembly bytecode can be executed deterministically, which is important for a blockchain system, and with near-native speed. Canister messages, i.e., ingress messages by users or messages by other canisters, have been inducted into the queues of the canisters on the subnet by message routing. Message routing then hands over control to the execution layer, which deterministically executes messages, either until all messages in the canisters' queues are consumed or the cycles limit for the round has been reached, to ensure bounded round times. The execution of very large messages requiring billions of Wasm instructions to be executed can be split across multiple IC rounds through a novel technique called deterministic time slicing (DTS). This capability of executing messages over multiple rounds is unique to the Internet Computer blockchain.
Execution of canister Wasm bytecode is done concurrently on multiple CPU cores, which is possible due to each canister having its own, isolated, state – recall that a canister is a bundle of code and its state. A canister's state can only be changed when it executes messages delivered using an asynchronous messaging semantics, thereby leading to a loose coupling between canisters allowing for the concurrent execution and high throughput of messages.
In every IC round, each node of a subnet has the same starting state, which is transformed to the ending state of the round through the execution of messages. Message scheduling and execution is completely deterministic, that is, makes exactly the same state changes on every node of the subnet. This is crucial for achieving the properties of a replicated state machine, a core property of a blockchain. Another powerful feature in the execution layer is the availability of an unpredictable and unbiasable pseudorandom number generator, which sets apart the IC from other blockchains.
Chain-key technology
Chain-key cryptography
The Internet Computer protocol uses a toolbox of advanced cryptographic mechanisms, collectively known as chain-key cryptography, which allows the IC to achieve functionalities and scalability that are impossible on other blockchains.
A key component of chain-key cryptography is a threshold signature scheme, which is like an ordinary digital signature scheme, except that the secret signing key is distributed among all the replicas in a subnet in such a way that the key cannot be stolen by compromising one (or even a large fraction) of the replicas in the subnet.
Each subnet in the IC is associated with the public verification key of such a threshold signature scheme, which is used in several ways:
- Most importantly, this public key may be used to verify the outputs of the IC, including responses to ingress messages from external users, as well as messages from one canister to another. This is one of the fundamental differences between the IC and other blockchains: the state of other blockchains can only be validated by running the entire protocol from the genesis block, whereas on the IC, it can be validated just by verifying a single digital signature. As such, this is one of the key technologies that enables unprecedented scalability on the Internet Computer.
- This public key is also used to verify the entire state of a subnet at regular intervals, which enables a number of functions, such as adding new nodes to a subnet and allowing crashed nodes to quickly catch up to the rest. This enhances both the scalability of the IC and is crucial to enable the topology of the IC to autonomously evolve over time as orchestrated by the NNS.
In addition, these threshold signatures are used as a way to create a source of unpredictable pseudo-random numbers, which is used in two ways:
- as a source of unpredictable and unbiasable pseudo-random numbers available to any smart contract, which is a totally unique feature in the blockchain world that enables applications that would be impossible to implement on other blockchains (for example, an NFT raffle);
- as a mechanism for pseudo-randomly selecting the leader in the IC consensus protocol, which enhances the efficiency and fairness properties of consensus.
Chain-key transactions
Chain-key transactions extends chain-key technology to allow transactions targeted at other blockchains to be computed fully on-chain using the Internet Computer Protocol. Using chain-key transactions, the IC can integrate with other blockchains in a completely trustless manner. Indeed, using chain-key transactions is the strongest, most decentralized way of integrating blockchains as no additional trust assumptions besides that of the two blockchains are required, particularly no additional parties that manage signature keys or their shares.
Just like chain-key technology, a key component of chain-key transactions is threshold signatures. However, in order to work with other blockchains, the IC must use threshold signatures that are compatible with the digital signature schemes of those other blockchains. By far, the most commonly used signature scheme used on other blockchains (including Bitcoin and Ethereum) is the ECDSA signature scheme. Because of this, threshold ECDSA signatures are currently supported on the IC, with implementations of other threshold signature schemes in the planning stages.
ECDSA signatures are widely used in the blockchain industry. This feature will enable canister smart contracts to have an ECDSA public key and to sign with regard to it. The corresponding secret key is threshold-shared among the nodes of the subnet holding the canister smart contract. This is a prerequisite for the direct integration between the Internet Computer and Bitcoin and Ethereum.
Tokenomics & Governance
Tokenomics
The Internet Computer (IC) is underpinned by advanced tokenomics. It makes use of an utility token called ICP, which is used for a variety of functions on the platform including participation in governance and paying for computation & storage. In addition, the IC's tokenomic model provides a funding framework for exciting Web3 projects being built on the Internet Computer.
Network Nervous System
The Internet Computer is a decentralized system run by many independent machines. These machines all have to know certain facts, for example to which subnet they contribute (the topology), which protocol version they should run, and when they should upgrade to a new protocol version. On the Internet Computer these decisions are made by an open, tokenized governance system that is called the Network Nervous System (NNS). The NNS is one of the largest decentralized autonomous organizations (DAOs). Anyone can become a participant of the NNS and contribute to decisions by staking ICP tokens.
Service Nervous System (SNS)
Similarly to how the Internet Computer (IC) is controlled by the Network Nervous System, an individual application on the IC (called dapp) can be controlled by a decentralized community. The Internet Computer’s built-in solution for a DAO (decentralized autonomous organization) that tokenizes and decentralizes a dapp is called the Service Nervous System (SNS). In the process of creating an SNS, new tokens are minted and sold in a community-based fundraising. The dapp’s control is handed over to the SNS and everyone who has SNS tokens can contribute to decisions on how the dapp evolves going forward. This allows distributing the power and ownership of the dapp over a number of parties, thereby eliminating single points of failure and gaining censorship resistance. Moreover, the newly created tokens can be used to create incentives to foster user adoption and participation.
Chain-evolution technology
Infinite scalability
The Internet Computer scales its capacity horizontally by creating new subnets that host additional canisters - just like traditional cloud infrastructure scales by adding new machines. Once the IC's Network Nervous System (NNS) decided to create a new subnet, it selects a group of spare nodes that have joined the IC but have not yet been allocated to any subnet and creates the initial configuration of the new subnet. The selected group of nodes then begins to form a new subnet blockchain.
Fault tolerance
In any large-scale distributed system, it is inevitable that individual nodes fail due to hardware breaking, network connectivity issues, or even the owner deciding to remove the nodes from the network. In such cases, the IC's Network Nervous System selects a spare node that replaces the failed node in its subnet. The new node then performs a state synchronization with the existing nodes on the subnet and begins contributing to the subnet blockchain's consensus protocol.
Protocol upgrade
The Internet Computer blockchain is governed by the Network Nervous System (NNS), its algorithmic governance system. One of the many duties of the NNS is to orchestrate upgrades to the Internet Computer to a new protocol version when the community has adopted an upgrade proposal. Making upgrades to any blockchain requires solutions to several challenging problems posed by the nature of decentralized systems including how to allow arbitrary changes to the protocol, preserve state of all canister smart contracts, minimize downtime, and roll out upgrades autonomously.
Smart contracts
Canisters
Smart contracts on the Internet Computer come in the form of canisters: computational units that bundle together code and state. Each canister defines functions that can be called by other canisters and parties external to the IC, such as browsers or mobile apps. Canisters communicate with one another via asynchronous messages but the execution of each such message is done in complete isolation, allowing for massive levels of concurrent execution. Canisters are managed by controllers. Control structure of canisters could be centralized (e.g. when the controllers include some centralized entity), decentralized (when the controller is a DAO) or even non-existent, in which case the canister is an immutable smart contract. Controllers are the only entities which can deploy the canister to the Internet Computer, start/stop their execution and update their code. The controllers also need to ensure that canisters hold sufficient cycles. These are the unit used on the IC to acquire resources for canister execution (memory, network bandwidth and computational power). To this end the IC monitors the resource usage of canisters and deducts their cost from a cycle balance maintained locally by each canister.
Motoko
Motoko is a new programming language for smart contracts. It is designed to seamlessly support the programming model of the Internet Computer and makes it easier to take advantage of the unique features of the blockchain. Motoko is strongly typed, actor-based, and has built-in support for orthogonal persistence and asynchronous message passing. Productivity and safety features include automatic memory management, generics, type inference, pattern matching, and both arbitrary- and fixed-precision arithmetic. Messaging transparently employs the Internet Computer’s Candid interface definition language and wire format for typed, high-level, and cross-language interoperability.
Certified variables
Canister smart contracts can declare variables as certified. Whenever set, these variables will automatically get a Merkle tree certificate, signed by the Internet Computer blockchain. This allows anyone to verify the authenticity of this type of data using the Internet Computer's public key.
Web access
Smart Contracts Serve the Web
The Internet Computer is the only blockchain that can host a full dapp – frontend, backend and data. This is a crucial and distinguishing feature allowing dapps to run 100% on-chain inheriting the security and decentralization of blockchain without sacrificing speed or affordability. This is possible because the IC can securely serve HTTP requests.
Asset certification
Assets are served from the Internet Computer in a tamper-proof way using certification: Each asset is accompanied by a certificate, which is signed by the entire subnet allowing the user to verify that a response is correct and authentic even when communicating with a malicious node.
Boundary nodes
The boundary nodes are the gateway to the Internet Computer and enable seamless access to the canister smart contracts with stock browsers. They provide an HTTP endpoint and translate all incoming user requests to API canister calls, which are processed on-chain. In addition, the boundary nodes act as a cache to improve the performance of the dapps hosted on the Internet Computer.
Internet Identity
The main means of identity and authentication used on the web are usernames and passwords, which are hard to manage and well-known for their security vulnerabilities. To solve these pitfalls, the Internet Computer blockchain pioneered a more advanced and much more secure method of cryptographic authentication, known as Internet Identity, which is more convenient to use, works across all of a user's devices, and helps to protect user privacy.
Internet Identity is a gateway to applications on the Internet Computer. When you use Internet Identity, websites cannot collect and share information about your online activity. This is because Internet Identity helps you create and manage anonymous, independent accounts for every website so that you get the privacy of having many different accounts without the burden of managing them.