In Corda, what data is sent to a non-validating notary service?

Question

This question frequently comes up in conversations: When a Corda transaction is sent to a non-validating notary service for finalisation, what can the notary service see and deduce about the world?

Answer 1

You should note that before sending a Corda transaction to a non-validating notary service, each Corda transaction is filtered as 

stx.buildFilteredTransaction(Predicate { 

    it is StateRef || it is TimeWindow || it == notaryParty 

})

 

This means that the non-validating notary service will be able to view the following: 

1. All inputs that are in the form of StateRef 

2. Time-Window

3. Identity of the notary of the transaction

As transactions are in the form of Merkle trees, remaining components are filtered out. And once the notary signature is applied, the content of the transaction can never be altered.