Crypto.com: Technical Architecture of the Crypto.com Chain
We’ll go through how Crypto.com’s blockchain protocol, as well as its emphasis on security and scalability, help to power its mobile wallet and trading services.
The Crypto.com Chain was created to facilitate international transactions between customers and businesses. It’ll also power the Crypto.com mobile wallet payment system, as well as the system’s trading and banking services.
The Cosmos SDK and Tendermint Core’s Byzantine Fault Tolerance (BFT) consensus mechanism are used in the platform. Because of its superior performance, adaptability, use-case applicability, and track record of acceptance by industry leaders, Tendermint’s consensus method was chosen.
Check out our companion pieces on Crypto.com’s ecosystem and user-friendly features and tools for a more comprehensive look at the project.
- Blockchain Protocol Design Axioms
- Crypto.com Chain Settlement and Node Types
- Proof of Goods and Services Delivered
- Crypto.com System Security
Blockchain Protocol Design Axioms
The Crypto.com Chain emphasizes efficiency, scalability, and solid security because it was designed primarily for the purpose of mobile payments. To address the inefficiencies that conventional payment network infrastructure platforms experience, the Crypto.com network employs numerous basic Design Axioms (DAs). The following are listed in order of importance:
- DA1 – State-of-the-Art Security Architecture
- DA2 – A Scalable Network With High Transaction Speeds
- DA3 – Decentralized Foundation
- DA4 – Upgradeable Network Infrastructure
- DA5 – DeFi Readiness
- DA6 – Inclusive Network Design
Crypto.com Chain Settlement and Node Types
The Crypto.com Chain employs two separate node types to help the network maintain consensus and overall security. The Crypto.com Chain and third-party companies use Council Nodes (or Validator Nodes) based on minimum stake requirements and other factors.
Tendermint’s BFT consensus mechanism powers council nodes, which are in charge of promoting network consensus and platform governance.
They’re utilized for things like:
- Transaction settlements
- Order arrangement of transactions and CRO coin rewards
- Verification of all network transactions
- Sending and receiving transactions
- Reading important network data
Any member of the community can use Community Nodes (or Full Nodes), and they are accountable for:
- An individual community member’s self-settlement of their own transactions
- Verifying send and receive transaction types
- Reading data
Proof of Goods and Services Delivered
The provenance of Goods and Services Through the Crypto.com Visa card and Crypto.com mobile wallet, the delivered system helps monitor and verify interactions between payment merchants and clients.
The Crypto.com Chain addresses two main circumstances in order to make this verification procedure easier:
- Goods Are Shipped: The deposit is settled after the buyer places the order and pays for the items. The merchant then ships the goods with or without a customer signature (through Customer and Merchant Acquirer Nodes) (via Merchant Nodes and escrow in order to help resolve potential payment disputes).
- Goods Are Not Shipped/not as Described: The first approach is to algorithmically return the monies to the customer via Customer and Merchant Acquirer Nodes. The second option is to reimburse the monies to the consumer via escrow resolution of a refund dispute by a Customer Acquirer Node.
Crypto.com System Security
Crypto.com is the first cryptocurrency company in the world to obtain ISO/IEC 27701:2019, CCSS Level 3, ISO 27001:2013, and PCI:DSS 3.2.1, Level 1 compliance, and has been independently rated at Tier 4, the highest level for both NIST Cybersecurity and Privacy Frameworks.
Threat modeling is used by the platform to meet the requirements of DA1, DA2, and DA3 (described above), which means that the network systematically strives to predict future attacks in order to promptly identify them and maintain itself secure. It accomplishes this by employing a variety of security mechanisms, notably the STRIDE security paradigm.
The following issues are addressed by this model:
- Spoofing: Mimicking the identity of another user
- Tampering: Data modification by malicious third-party actor
- Repudiation: Attacker declines to confirm an action took place
- Information Disclosure: Uncovering sensitive data
- Denial of Service: Degradation of system performance
- Elevation of Privilege: Obtaining a level of access that one should not have, such as gaining root-level system access privileges
Each of these six components is also rated on a scale of one to five in terms of security and exploitability, assisting the network and its system engineers in identifying the data needed to resolve any potential issues.