Doughnuts are the secret sauce of the CENNZnet protocol. The doughnut protocol addresses the need for seamless authentication and access control within blockchain-powered applications. Doughnut enables a unified UX for users while also enabling a trustless decentralised storage system that keeps users in control of their on-chain assets.

So how does it work? This article will explain:

• What is a Doughnut
• How they are used on CENNZnet
• The benefits for users and developers
• The logic behind the name Doughnuts

What is a Doughnut?

Doughnuts are an example of proof of delegation. In simple terms, they can be best described as digital certificates created off-chain (offline). The Doughnut module allows users to create and sign digital on-chain certificates (doughnuts) that give permission for one identity (such as a DApp) to perform certain actions on behalf of the user’s identity using their assets. For example, if a user wanted to purchase an NFT for 10 CENNZ within a DApp, they can be prompted to create and sign a doughnut which would authorise the chosen DApp to withdraw up to 10 of their CENNZ tokens to buy the NFT. The doughnut means that, while the DApp has permission to access tokens from the user’s wallet, they are protocol bound to only use 10 and only for the specific purpose of buying the NFT. 

The amazing thing about doughnuts is that it takes trust and permissions to the protocol level. As we know from our exploration of blockchain protocol, all nodes must adhere to protocol to be part of the blockchain. As doughnut permissions are part of the protocol, every node must first check if a transaction has a doughnut attached to it. If it does, then the contents of the doughnut must be respected and performed. Once created, doughnuts are also stored on-chain within a block. Each block can be checked to see which doughnuts were signed with which transactions, so actions on the chain are clear and verifiable. 

Another important aspect of doughnuts is that they are created off-chain (offline). All you need to create a doughnut is a cryptographic keypair. On first and second-generation blockchains, for example, granting permissions to approve a contract to spend up to $10, has to be done on-chain via an approval transaction. This means that every time a permission needs to be granted it costs gas fees. By making doughnuts offline, CENNZnet has made issuing permissions free and part of the transaction, rather than a separate step. 

How are Doughnuts used on CENNZnet?

DApp users on CENNZnet can use the doughnut protocol to control exactly how much access to their information the network has. In practice, this is done through a system of what are called session accounts.

A DApp user will have an identity on the CENNZnet network. This identity will have access to all of its on-chain assets such as a wallet and potentially some personal data. To interact with a DApp a user can set up a session account. This is like a shadow account. Using doughnuts the session account can be given certain privileges from the original identity, for example, access to a certain amount of funds from a wallet or specific personal details.