This article is currently a work in progress and subject to frequent change.
See changelog for details.
As you go through our documentation you'll probably find some unfamiliar terms, or familiar ones used in surprising ways. Here are the definitions we use.
The relative power of an agent to participate in their world.
Anything with agency, such as a human or bot.
The public/private key pair that represents an agent (definition 2).
Describes a distributed system that puts agents at the center of the design, giving them agency over their online identity and the data they create. Agent-centric systems are usually distributed and use public-key cryptography to identify agents. Git, Holochain, and Secure Scuttlebutt are highly agent-centric, while client/server systems are less so.
An entry near the beginning of an agent's source chain that identifies them. It contains their public key and other identifying information. This entry becomes an agent's unique identifier in the app. The address of this entry is also the agent's address on the DHT.
Describes any data structure that can only be written to. Once written, data is 'immutable', which means it can't be modified or deleted. An agent's source chain and the DHT are both append-only, which makes them logically monotonic.
Synonymous with hApp.
A distributed system that promises Byzantine fault tolerance by using a coordination protocol to get all nodes to agree on a single, shared history of events. This history is stored as a hash chain of 'blocks', or bundles of state changes. A blockchain can be public (anyone can join) or permissioned/private (membership is controlled). Public blockchains are usually trustless, ensuring tamper-resistance by making cheating more costly than honesty.
A hApp bundle.
A group of commits that succeed or fail 'atomically', like a transaction in an SQL database (not yet supported).
Byzantine fault tolerance (BFT)¶
A security model that allows the owner of a resource to grant others access while still maintaining ultimate control. Instead of allowing direct access to the resource, it mediates access and manages privileges by issuing 'capabilities'. In Holochain, an agent's conductor protects their running DNA instances and authorizes subjects' access to them by issuing and checking tokens.
A special private entry that an agent writes to their source chain to record the issuing of a capability and its terms, including the intended subject. The address of this grant becomes a capability token.
The entity that is given permission to access a resource via capability-based security. In Holochain, this can be a client or bridged DNA instance on the same machine, or it can be another agent who exercises a capability by communicating with the grantor via node-to-node messaging.
A proof that a subject has been given a capability. It's synonymous with the ability to exercise that capability.
The degree to which agency, decision-making power, or responsibility in a distributed system is concentrated in certain nodes. Client/server systems are highly centralized. The complement of centralization is, of course, decentralization.
Any piece of software that accesses a DNA instance's zome functions. It makes function calls over the conductor's RPC interface. This client can be a GUI, a shell script, a service, or a scheduled task. This client lives on the same machine as the conductor.
A highly centralized distributed system architecture in which certain nodes are responsible for most of the processing, storage, and decision-making. Client/server systems typically give low agency to end-users.
Any resource that is used by a group of agents but owned by none. In order to survive, a commons must have rules governing its use. A Holochain DHT is a type of digital commons whose rules are enforced by its DNA.
Conflict-free replicated data type (CRDT)¶
A function that allows two nodes in a distributed system to separately make changes to the same piece of data without creating conflicts. A CRDT is logically monotonic, which means that it satisfies the CALM theorem and doesn't need a coordination protocol.
Agreement among nodes in a distributed system about the state of data. Blockchains enforce a strong form of consistency called global consensus. Holochain prefers small-scale consensus, either between interacting parties or among a small set of third-party validators.
Consistency/availability/partition-tolerance (CAP) theorem¶
A principle that states that all distributed systems are prone to 'partitions' (some groups of nodes becoming unavailable to each other), and that in the presence of a partition a design can only guarantee availability (data can always be accessed and written) or consistency (data is always correct), but not both.
Consistency as logical monotonicity (CALM) theorem¶
A principle that states that, as long as a function is logically monotonic, it can be run on multiple nodes in a distributed system and reach strong eventual consistency without needing coordination protocols.
Content-addressable store (CAS)¶
Any storage system that gives a unique ID to each piece of data and allows it to be retrieved by its ID rather than its physical location. A DHT is a type of CAS.
An algorithm that governs the synchronization of data in a distributed system. It aims to prevent or resolve data conflicts that happen when two nodes are out of sync with each other. Any state change that isn't logically monotonic needs a coordination protocol.
See Holochain Core API.
Create, read, update, delete (CRUD)¶
The four main things an application needs to do with data. Even though all data structures in Holochain are append-only, data can still be updated or deleted by adding a new entry that marks the old data as obsolete.
The act of removing central points of control. Many distributed systems are decentralized to various degrees.
Holochain's standard DPKI library.
Distributed hash table (DHT)¶
A collection of data stored collectively by many nodes in a distributed system. A node retrieves data by address (usually its cryptographic hash), searching for a peer that is responsible for holding the data. Holochain uses a validating DHT to store public entries. Each DNA has its own separate DHT.
Distributed ledger technology (DLT)¶
Any technology that involves many nodes in a distributed system sharing an append-only history of state changes. In Holochain, each agent stores their own history in their source chain and shares copies of it with peers.
Distributed public key infrastructure (DPKI)¶
Any system that involves multiple nodes talking to each other over a network, whether decentralized or centralized. Because communication isn't instantaneous, different nodes can create conflicting data. Many distributed systems use a coordination protocol to come to consistency, while others rely on the CALM theorem.
A package of executable code that defines the shared 'rules of the game' for a group of agents. A DNA is made up of zomes, which define validation rules for data and zome functions for agents to take action.
End-to-end encryption (E2EE)¶
A channel between two nodes in a public network that allows them to transfer secret messages that cannot be decrypted by eavesdroppers. Holochain's node-to-node messaging uses E2EE, as does gossip between nodes.
A basic unit of data in a Holochain app. Each entry has its own defined entry type. When an agent commits an entry, it is written to their source chain. If it's marked as a public entry, it's also published to the DHT.
A specific sort of entry that a DNA recognizes and understands. Like an OOP class or database table, its entries have an enforced data schema and validation rules. Its entries can also be public or private.
Describes a promise made by distributed systems that optimize for availability over consistency (see CAP theorem), meaning that given enough time, every node ought to eventually reach consistency with each other. Strong eventual consistency means nodes are guaranteed to reach consistency without conflicts, which is possible for any system whose state change functions adhere to the CALM theorem.
Synonymous with graphical user interface.
A protocol used by many peer-to-peer networks. Each node knows a few other nodes, who know a few more, and so forth. Whenever any node receives a message, they broadcast it to some or all of their peers. Data propagates slowly at first, but spreads at an exponential rate. Nodes in a Holochain network share entries, metadata, neighborhood health, and peer addresses via gossip.
Graphical user interface (GUI)¶
A client that presents a visual, easy-to-understand way for a user to interact with a DNA instance or collection of instances running in their conductor. As with any client, the GUI always runs on the same machine as the conductor.
A package containing multiple DNA packages that are instantiated together to form the back end for a hApp, along with a UI package for the front end. Holoscape can install and run fully function applications from hApp bundles.
A unique 'fingerprint' for a piece of data, calculated by running the data through a special function. A hash can serve as a unique identifier for that data (such as with addresses of DHT entries) and makes it easy to retrieve data from a hash table and verify its integrity.
Holochain Development Kit (HDK)¶
Holochain's standard software development kit (SDK) for zome and DNA developers. It proides developer-friendly access to the low-level Holochain core API as well as macros for defining entry and link types,validation functions, and init functions.
Holochain application (hApp)¶
Holochain Core API¶
The set of core functions that the nucleus makes available to the ribosome, so the ribosome can make them available to a running DNA instance. These functions allow the DNA to access and manipulate an agent's source chain, run cryptographic functions, retrieve and write DHT entries and links, and send node-to-node messages to peers.
A platform and marketplace where Holochain users offer up their spare computing capacity for a fee. Read more at Holo's website.
A property of Holochain's validating DHT, whereby healthy nodes detect invalid data, share proof of corruption among their peers, and take defensive action against the corrupt nodes that produced it. While each node is individually responsible for taking action, the cumulative effect is a collective rejection of the corrupt nodes.
Intrinsic data integrity¶
Synonymous with ledger.
Describes a set of facts in which the truth of prior facts are never negated by the addition of later facts. CALM relies on functions that exhibit this property — that is, monotonically increasing functions.
Any permeable boundary that allows appropriate access and disallows inappropriate access.
Monotonically increasing function¶
A function in which adding things to the input can only increase the output, preserving logical monotonicity and allowing the elimination of coordination protocols in a distributed system by virtue of the CALM theorem. This might seem a bit abstract, so consider an example: the DHT never retracts entries; it only adds new ones. Even a deletion is merely the addition of a new entry that says "please consider the old entry obsolete".
The interplay between the autonomy of the individual and the collective intentions of the group. A successful commons finds a healthy balance between these opposites. Holochain's design is based on this principle, empowering participants to control their own identity and their response to their peers by equipping each of them with a full copy of the application. But those same rules embedded in the application also constitute the group's intentions, so the choice to use a particular also constitutes a participant's consent to help uphold the group.
A group of nodes in a Holochain DHT who are near to each other (in terms of address space, not geography). Neighbors collectively support the resilience of all DHT entries whose address is near to them by storing and validating those entries and gossiping to each other about the entries they have.
Synonymous with DNA.
Synonymous with node.
A public key and a public-key signature, stored as a piece of metadata on a DHT entry. It proves that an agent (represented by the public key) actually authored the entry (as proven by the signature), and also allows anyone to verify that a third party hasn't tampered with it.
A cryptographic system that consists of two keys: a public component and a private or secret component. These keys are mathematically related to each other in a way that's easy for the key pair's owner to prove but nearly impossible for a third-party to reverse-engineer. In Holochain, the public key lives in the DHT as an agent's identity and the private key stays on the agent's device as a proof that they control their public key. Peers can verify an agent's claim of authorship on an entry by checking their provenance, or can use an agent's public key to encrypt a private message that only they can decrypt.
Public-key infrastructure (PKI)¶
A way for agents to share their public keys, prove their authenticity, and revoke old keys if they've been compromised. Most PKIs, such as the global SSL certficate authority system, are centralized. Holochain provides a distributed PKI system.
The hash of a piece of data, encrypted with a private key. It can be decrypted by anyone who has a copy of the public key. In Holochain, this is used in a provenance on each DHT entry to prove authorship and detect third-party tampering.
Public/private key pair¶
To send a public entry to the DHT after it has passed the author's own copy of the validation rules for the entry. The neighborhood of validators who are responsible for that entry's address receive it, validate it, and store a copy of it if it's valid.
Remote procedure call (RPC)¶
A network port that the conductor exposes, allowing clients to call the conductor API or make zome function calls to running DNA instances. This interface only listens for local connections (so it can't be accessed over the internet). That means that clients must be on the same machine as the conductor.
The level of redundancy of a DHT entry, expected to correspond to the resilience factor of the DNA. That is, for a resilience factor of 5, each entry is expected to exist on five nodes with 100% uptime or ten nodes with 50% uptime.
The desired number of copies of a DHT entry that should exist in a DHT. This value is set in the DNA by its creator. Nodes in a neighborhood who are responsible for an entry collectively work to make sure this factor is met at all times.
The 'sandbox' or 'virtual machine' inside which a DNA instance runs. In Holochain's current design, the ribosome is a WebAssembly interpreter that exposes Holochain's core API to the instance and allows the nucleus to call the instance's validation functions, init function, and other callbacks.
The programming language used to build both Holochain and DNAs.
The process of reducing the processing and storage load on individual nodes in a distributed system. While some sharded systems break data into discrete shards, Holochain's DHT shards nodes into overlapping neighborhoods. This increases
A message emitted by a DNA, meant to be received and responded to a client
Source chain entry¶
Source chain header¶
Describes a peer-to-peer distributed system which is Byzantine fault tolerant even when nodes are anonymous and membership is unrestricted. Trust is placed in the quality of the algorithm and the game theory that underpins it, rather than in the .
Holochain's DHT design that creates an immune system for the group. Validators are chosen at random, based on their nearness to the address of the entry to be validated. If an entry fails validation, the validator publishes a warrant against the entry's author, along with proof of invalidity.
A function that checks the correctness of an entry. If validation fails, a validator can publish a warrant proving that the entry's author has broken the 'rules of the game' in the DNA's executable code.
A node in the validating DHT who is chosen at random to validate a DHT entry, based on their agent address' nearness to the address of the entry. After validating, they also store the entry and help maintain its resilience.
An entry created by the validator of a DHT entry, attesting that the entry is invalid according to its validation rule and proving that its author has broken the 'rules of the game' in the DNA's executable code.
A metric used to calculate the distance between two addresses in the DHT's address space. The addresses' binary representations are XORed together, and the resulting value is turned into an integer. This distance is used for determining a node's neighborhood, including entries they are responsible for and nodes they are neighbors with.
A basic unit of modularity inside a DNA. Zome can be mixed and matched from other DNAs into one DNA in the service of the needs of a network. This zome defines entry types, link types, validation functions, public zome functions, and init functions.
A function, created by the author of a zome, that allows a client to take a particular action in a DNA instance. This includes data retrieval and storage, as well as node-to-node messaging. The zome functions act as a public API for the zome, and can be called by another zome within the same DNA, a bridged DNA instance within the same conductor, or a client via the conductor's RPC interface.
Zome function call¶
The act of calling a zome function.