Decentralised web cookies

Doughnuts are digital certificates suited for the blockchain and decentralised era.

With Doughnuts users can control and own their data, decide when and to whom would they like to grant permissions to access it, all without relying on a central server.

The problem

With the increase in the use of blockchain technology, blockchain-powered applications need powerful, seamless authentication and access control. Doughnuts are the fundamental enabler for authentication in the digital world.

The dangers of private key transmission, along with the high consumer demand for good UX and ideal security, requires a new system. But it’s not hardware devices and identity contracts.

Our solution

Doughnuts solve this problem. The concept is simple, yet powerful, enabling a classic ‘centralised’ UX on trustless, decentralised technologies.

For a full explanation on how Doughnuts work, read:

Are Doughnuts Better than Cookies?

Satisfying a Growing Appetite for Privacy and User Convenience

Or check the Doughnuts documentation to learn what can be built using Doughnuts.

Use cases

Powerful alternative login mechanism

Doughnuts make it possible to share access or grant tiered permissions to a DeFi DApp in a secure way without having to use hardware authentication device. Doughnuts can allow a flow similar to single sign on solutions without being exposed to an authenticating server attack.


Imagine sharing game assets right between players via seamless permissions management, you’ll also be able to design the scenario for when you want a user to be able to revoke permissions.

Multifactor authentication

Doughnuts can be used to authenticate login as form of 2fa or multifactor authentication setup without relying on authentication by central server or hardware device.

Case study

CentraPass has come up with a digital travel ID solution that saves travellers time and simplifies travel. It helps tourism businesses personalise their customer experience and capture more value, but also requires the authorisation of the user and keeps their identity details anonymous to ensure their privacy.