Confidentiality and privacy for enterprise networks

The docs pages mention that is possible to use Avalanch for a private network as well. I had a couple of questions about this mode of usage.

  • If you have a private subnet, can you contol the nodes that will gain access to the state you have on it? i.e. validator or otherwise.

  • At present within the private subnet, transactions would eventually get propogated to all validators, (and probably non-validators too). Is there a way where only a selected set of nodes could be privy to a confidential transaction? (similar to privacy offered in Corda). This would be essential in an enterprise network where you dont want competiter’s nodes from seeng what business you are doing with a party.

  • If I setup a private subnet, one that is isolated from the rest of the world, would my validators still need to validate the 3 default chains ? or would they now need to validate the 3 default chains in “my” network.

  1. You can set up a permissioned subnet. Then you would have complete control over which validators can do work on it. I’m not 100% sure you could absolutely limit read access to it by anyone else, but also, if you control the VM, then standard cryptography can easily mitigate access of outsiders to your block data, I wouldn’t expect that to be a problem.

  2. Having just a subset of validators access some txs seems like a problem for security standpoint. But again, something I would expect to be solvable by cryptographic means, where only those with required keys being able to decrypt the contents, and others being able to confirm the validity without being able to decrypt the contents.

  3. Every validator on Avalanche must be a validator on the Primary Network. Also, other subnets don’t have to mimic the setup of the Primary, so no need to replicate X, P and C chains there. You can just have one chain of your own that does the work you need it to.

1 Like

Thanks for the response. @jpop!

Being part of the primary network would mean that validators from my private network would have to validate transactions on the main net right ? I’m trying to avoid that.

Is it possible to have an isolated private network ? what would that entail?