Crypto.com (CRO): Technical Architecture of the Crypto.com Chain

Blockchain Protocol Design Axioms

Because the Crypto.com Chain is built specifically for the use of mobile payments, the platform focuses on efficiency, scalability, and robust security. The Crypto.com network utilizes several foundational Design Axioms (DAs) to solve the inefficiencies that most payment network infrastructure platforms face. These are, in order of importance:

• DA1 - State-of-the-Art Security Architecture

• DA2 - A Scalable Network With High Transaction Speeds

• DA3 - Decentralized Foundation

• DA4 - Upgradeable Network Infrastructure

• DA5 - DeFi Readiness

• DA6 - Inclusive Network Design

Crypto.com Chain Settlement and Node Types

The Crypto.com Chain makes use of two distinct node types that help maintain consensus and overall security in the network.

Council Nodes (or Validator Nodes) are utilized by the Crypto.com Chain and third-party entities as determined by minimum staking requirements and other criteria. Council nodes run on Tendermint’s BFT consensus mechanism and are responsible for facilitating network consensus and overall governance of the platform. They are used for:

• Transaction settlements

• Order arrangement of transactions and CRO coin rewards

• Verification of all network transactions

• Sending and receiving transactions

• Reading important network data

Community Nodes (or Full Nodes) can be used by any member of the community and are responsible for:

• An individual community member’s self-settlement of their own transactions

• Verifying send and receive transaction types

• Reading data

Proof of Goods and Services Delivered

The Proof of Goods and Services Delivered mechanism helps monitor and verify interactions between payment merchants and customers via the Crypto.com Visa card and Crypto.com mobile wallet. In order to facilitate this verification process, the Crypto.com Chain deals with two main scenarios:

1. Goods Are Shipped: The customer places the order and pays for the goods, at which point the deposit is settled. The merchant then ships the item with (via Customer and Merchant Acquirer Nodes) or without a customer signature (via Merchant Nodes and escrow in order to help resolve potential payment disputes).

2. Goods Are Not Shipped/not as Described: The first option is to give back the funds to the customer algorithmically via Customer and Merchant Acquirer Nodes. The second option is to return the funds to the customer through a refund dispute that a Customer Acquirer Node resolves through escrow.

Crypto.com System Security

Crypto.com is built on a solid foundation of security, privacy, and compliance and is the first cryptocurrency company in the world to have ISO/IEC 27701:2019, CCSS Level 3, ISO 27001:2013 and PCI:DSS 3.2.1, Level 1 compliance, and independently assessed at Tier 4, the highest level for both NIST Cybersecurity and Privacy Frameworks.

For the system to fulfill the requirements of DA1, DA2, and DA3 (detailed above), the platform makes use of threat modeling, meaning that the network systematically works to predict potential threats in order to quickly identify them and keep itself secure. It does this by making use of various security measures, including the STRIDE security model. This model focuses on the following problems:

• Spoofing: Mimicking the identity of another user

• Tampering: Data modification by malicious third-party actor

• Repudiation: Attacker declines to confirm an action took place

• Information Disclosure: Uncovering sensitive data

• Denial of Service: Degradation of system performance

• Elevation of Privilege: Obtaining a level of access that one should not have, such as gaining root-level system access privileges

Each of these six components is also graded on a scale of one-to-five in terms of both security and exploitability, helping the network and its system engineers identify the information required to fix any potential problems that might occur.