Architecture of the Internet Computer
The Internet Computer (IC) realizes the vision of a World Computer – an open and secure blockchain-based network that can host programs and data in the form of smart contracts, perform computations on smart contracts in a secure and trustworthy way, and scale infinitely.
The Internet Computer Protocol (ICP) takes a revolutionary approach to a highly-scalable blockchain protocol for securely hosting and executing smart contracts. The technology behind ICP has reconceived blockchain protocols from the ground up, considering many lessons learnt from earlier projects, e.g., their lack of scalability. The Internet Computer is the first World Computer, an open and secure public blockchain network that can scale infinitely and be used by everyone to host their smart contracts securely.
Canister smart contracts
A smart contract on ICP is called canister smart contract, or just canister. A canister bundles WebAssembly (Wasm) program code and data storage into a single unit. Anyone can deploy a canister on the Internet Computer. Canisters are stored and their code executed in a replicated, fault-tolerant manner on multiple machines, that is, the nodes of a subnet. Unlike other blockchains, a smart contract on ICP can respect one of several possible mutability policies: it can be completely immutable (cannot be changed by anyone), unilaterally mutable (can be changed unilaterally by the owner), or DAO mutable (it can be changed as authorized by a decentralized autonomous organization).
Canisters pay, using cycles, for the resources they consume. To this end, canisters need to be “topped up” with cycles. Cycles can be acquired with the ICP token, the IC’s utility token. Buying cycles with ICP removes the ICP token from the supply and creates an amount of cycles with the corresponding value. One Trillion cycles can be acquired with ICP worth 1 XDR, where an XDR is a basket comprising major currencies and one XDR is roughly 1.3 USD as of Q3 2022.
Canister smart contracts are more powerful than the smart contracts on other blockchains:
- Canisters paying for their resources, and not the end users, which realizes the reverse gas model of the IC.
- Canisters can hold gigabytes of memory for a low fee.
- A web browser can directly interact with a canister smart contract, without involving any public cloud for serving the web interface and assets. This is in stark contrast to the UI being served from the public cloud as is the case for other blockchains.
- Canisters can be updated and evolve, much like regular software. DAO-based governance schemes can make this upgrade process secure and decentralized.
- Using Internet Identity, canisters can authenticate users based on passkeys contained in secure hardware modules using the Web Authentication (WebAuthn) protocol. This secure authentication service is implemented as a smart contract as well and provides its services to other smart contracts.
See more on canister smart contracts in the developer documentation.
Subnet architecture
ICP is designed to be highly scalable and efficient in terms of hosting and executing canister smart contracts. The top-level building blocks of the IC are subnetworks, or subnets: the IC as a whole consists of many subnets, where each subnet is its own blockchain that operates concurrently with and independently of the other subnets (but can communicate asynchronously with other subnets). Each subnet hosts canister smart contracts, up to a total of hundreds of gigabytes of replicated storage. A subnet consists of node machines, or nodes. Each node replicates all the canisters, state, and computation of the subnet using blockchain technology. This makes a subnet a blockchain-based replicated state machine, that is, a virtual machine that holds state in a secure, fault-tolerant, and non-tamperable manner: the computations of the canisters hosted on a subnet will proceed correctly and without stopping, even if some of the nodes on the subnet are faulty (either because they crash, or even worse, are hacked by a malicious party). New subnets can be created from nodes added to the IC to scale out the protocol, analogous to how traditional infrastructures such as public clouds scale out by adding machines. Such a scale-out architecture is rather the exception than the rule in the blockchain space and allows for limitless scaling, i.e., combining the security and resiliency properties of blockchains with the scalability properties enjoyed by the public cloud.
The IC is composed of subnets, each of which is an independent blockchain. Canisters within and across subnets communicate through asynchronous messaging.
See more on subnets on the IC wiki.
Asynchronous messaging
As mentioned above, a canister bundles its code and data (state). This makes the canister state isolated from that of other canisters. Users interact with canisters by sending ingress messages. Canisters may also interact with other canisters by sending messages to other canisters on the same or different subnets. We collectively refer to messages sent to canisters, either by users or other canisters, as messages or canister messages. Each message can lead to the execution of canister smart contract code and the change of (replicated) canister state. Messages sent to canisters are asynchronous: when a message is sent, the sender is not blocked by this operation, but can perform other computations until the response to the message is received. In most other blockchains, smart contract invocation is synchronous, i.e., a call to another smart contract is blocking, and there is one global state. This asynchronous messaging and isolated canister state results in a “loose coupling” between different canisters and subnets. The secure asynchronous cross-subnet (XNet) messaging between canisters and the resulting loose coupling of subnets are key principles that unlock the scalability of the IC by means of adding new subnets: the state of each canister on a subnet can only be changed through asynchronous messages to the canister and thus canisters on the same or different subnets may execute concurrently. In terms of the programming model, asynchronous communication is a major difference between the IC and most other blockchains; however, it is the key to achieving unprecedented scalability.
Core Internet Computer Protocol
Each ICP subnet is driven by a core blockchain protocol, an implementation of which is running on every node. This protocol consists of the following four layers: (1) peer-to-peer, (2) consensus, (3) message routing, and (4) execution. This core ICP stack is running on all nodes of any subnet and drives the subnet to make progress in terms of consensus and message execution. Each ICP subnet thereby is its own replicated state machine that makes progress independently of the other subnets of the IC (but communicates with other subnets asynchronously).
Chain-Key and chain-evolution technology
Many parts of the protocol of the IC depend on chain-key cryptography, also referred to as chain-key technology. Chain-key cryptography is a collection of cryptographic mechanisms that enable the decentralized operation of Internet Computer Protocol.
Chain-evolution technology refers to specific cryptography-based mechanisms that enable the IC to operate in the long term. For example, chain-evolution technology enables new nodes to efficiently join a subnet or nodes that have been down to efficiently catch up with the remaining part of the subnet.
Both chain-key and chain-evolution technology sets the IC apart from other projects in terms of technology.
Governance
The IC offers governance at multiple levels, the platform level with the Network Nervous System (NNS) and the dapp level with the Service Nervous System (SNS).
Platform governance
The IC is governed by a tokenized DAO, the so-called Network Nervous System (NNS). The NNS DAO is implemented as a set of canister smart contracts that are deployed on a high-replication subnet, i.e., a subnet with many nodes and hence stronger security properties. The NNS allows holders of the staked ICP to make proposals and vote on those proposals.
Dapp governance
dapps on ICP can be governed by an out-of-the-box deployable governance system, the Service Nervous System (SNS), which is similar to the platform’s NNS, but tailored to govern dapps. Everyone controlling a dapp can hand over control over their dapp to a tokenized DAO by parameterizing and deploying an instance of the SNS. The SNS implements tokenized governance at the dapp level and can be used without the dapp engineers implementing a governance system themselves, which is revolutionary. Handing over control of a dapp to an instance of the SNS usually includes running a decentralization swap as an early step where funds can be raised through the swap of the dapp’s governance tokens.
Additional information
If you want to learn in more detail how ICP works and realizes the vision of a World Computer, read through the sections of the page and the referenced Medium articles, or watch the YouTube videos. If you prefer to have a single source of information, the White Paper is highly recommended. However, note that it is a little technical at times.