certified-variables
Installation
SKILL.md
Certified Variables & Certified Assets
What This Is
Query responses on the Internet Computer come from a single replica and are NOT verified by consensus. A malicious or faulty replica could return fabricated data. Certification solves this: the canister stores a hash in the subnet's certified state tree during update calls, and then query responses include a certificate signed by the subnet's threshold BLS key proving the data is authentic. The result is responses that are both fast (no consensus delay) AND cryptographically verified.
Prerequisites
- Rust:
ic-certified-mapcrate (for Merkle tree),ic-cdk(forcertified_data_set/data_certificate) - Motoko:
CertifiedDatamodule (included in mo:core/mo:base),ic-certificationpackage (mops add ic-certification) for Merkle tree with witness support - Frontend:
@icp-sdk/core(>= 5.0.0) (agent, principal),@dfinity/certificate-verification(>= 3.1.0)
Canister IDs
No external canister IDs required. Certification uses the IC system API exposed through CDK wrappers:
ic_cdk::api::certified_data_set(Rust) /CertifiedData.set(Motoko) -- called during update calls to set the certified hash (max 32 bytes)ic_cdk::api::data_certificate(Rust) /CertifiedData.getCertificate(Motoko) -- called during query calls to retrieve the subnet certificate