Contents
Crypto.com (CRO): Technical Architecture of the Crypto.com Chain
We discuss how Crypto.com’s blockchain protocol and its focus on security and scalability power its mobile wallet and trading services.
By Eric Anziani, COO, Crypto.com
Updated November 16, 2023 • 1 min read
Summary
The Crypto.com Chain is built to enable transactions between customers and merchants worldwide. It is also designed to power the Crypto.com mobile wallet payment solution and the system’s trading and financial services offerings. The platform utilizes the Cosmos SDK and Tendermint Core’s Byzantine Fault Tolerance (BFT) consensus mechanism. Tendermint’s consensus mechanism was chosen because of its exceptional performance, flexibility, use-case applicability, and track record of adoption by industry leaders. To get a broad overview of this project, be sure to check out our companion pieces that cover Crypto.com’s ecosystem and its user-friendly features and tools.
Contents
Blockchain Protocol Design Axioms
Because the Crypto.com Chain is built specifically for the use of mobile payments, the platform focuses on efficiency, scalability, and robust security. The Crypto.com network utilizes several foundational Design Axioms (DAs) to solve the inefficiencies that most payment network infrastructure platforms face. These are, in order of importance:
DA1 - State-of-the-Art Security Architecture
DA2 - A Scalable Network With High Transaction Speeds
DA3 - Decentralized Foundation
DA4 - Upgradeable Network Infrastructure
DA5 - DeFi Readiness
DA6 - Inclusive Network Design
Crypto.com Chain Settlement and Node Types
The Crypto.com Chain makes use of two distinct node types that help maintain consensus and overall security in the network.
Council Nodes (or Validator Nodes) are utilized by the Crypto.com Chain and third-party entities as determined by minimum staking requirements and other criteria. Council nodes run on Tendermint’s BFT consensus mechanism and are responsible for facilitating network consensus and overall governance of the platform. They are used for:
Transaction settlements
Order arrangement of transactions and CRO coin rewards
Verification of all network transactions
Sending and receiving transactions
Reading important network data
Community Nodes (or Full Nodes) can be used by any member of the community and are responsible for:
An individual community member’s self-settlement of their own transactions
Verifying send and receive transaction types
Reading data
Proof of Goods and Services Delivered
The Proof of Goods and Services Delivered mechanism helps monitor and verify interactions between payment merchants and customers via the Crypto.com Visa card and Crypto.com mobile wallet. In order to facilitate this verification process, the Crypto.com Chain deals with two main scenarios:
Goods Are Shipped: The customer places the order and pays for the goods, at which point the deposit is settled. The merchant then ships the item with (via Customer and Merchant Acquirer Nodes) or without a customer signature (via Merchant Nodes and escrow in order to help resolve potential payment disputes).
Goods Are Not Shipped/not as Described: The first option is to give back the funds to the customer algorithmically via Customer and Merchant Acquirer Nodes. The second option is to return the funds to the customer through a refund dispute that a Customer Acquirer Node resolves through escrow.
Crypto.com System Security
Crypto.com is built on a solid foundation of security, privacy, and compliance and is the first cryptocurrency company in the world to have ISO/IEC 27701:2019, CCSS Level 3, ISO 27001:2013 and PCI:DSS 3.2.1, Level 1 compliance, and independently assessed at Tier 4, the highest level for both NIST Cybersecurity and Privacy Frameworks.
For the system to fulfill the requirements of DA1, DA2, and DA3 (detailed above), the platform makes use of threat modeling, meaning that the network systematically works to predict potential threats in order to quickly identify them and keep itself secure. It does this by making use of various security measures, including the STRIDE security model. This model focuses on the following problems:
Spoofing: Mimicking the identity of another user
Tampering: Data modification by malicious third-party actor
Repudiation: Attacker declines to confirm an action took place
Information Disclosure: Uncovering sensitive data
Denial of Service: Degradation of system performance
Elevation of Privilege: Obtaining a level of access that one should not have, such as gaining root-level system access privileges
Each of these six components is also graded on a scale of one-to-five in terms of both security and exploitability, helping the network and its system engineers identify the information required to fix any potential problems that might occur.
Cryptopedia does not guarantee the reliability of the Site content and shall not be held liable for any errors, omissions, or inaccuracies. The opinions and views expressed in any Cryptopedia article are solely those of the author(s) and do not reflect the opinions of Gemini or its management. The information provided on the Site is for informational purposes only, and it does not constitute an endorsement of any of the products and services discussed or investment, financial, or trading advice. A qualified professional should be consulted prior to making financial decisions. Please visit our Cryptopedia Site Policy to learn more.
Author
Eric Anziani
COO, Crypto.com
Eric Anziani is Chief Operating Officer at Crypto.com. Previously, Eric worked at leading global companies Goldman Sachs, McKinsey, PayPal, and Global Fashion Group in London, Paris, Singapore, and Tokyo. Eric completed his MBA from INSEAD in 2012, and holds a Master of Science degree from the Ecole Superieur d’Electricite (Supelec). Eric has invested in and advised several ventures across Asia and U.S. markets, and actively contributes to the blockchain and startup ecosystem in Singapore in his personal capacity as part of ACCESS, the Singapore Cryptocurrency and Blockchain Industry Association, and BANSEA, a leading angel investment network in Southeast Asia.
Is this article helpful?