Doughnuts are the secret sauce of the CENNZnet protocol. The doughnut protocol addresses the need for seamless authentication and access control within blockchain-powered applications. Doughnut enables a unified UX for users while also enabling a trustless decentralised storage system that keeps users in control of their on-chain assets.
So how does it work? This article will explain:
Doughnuts are an example of proof of delegation. In simple terms, they can be best described as digital certificates created off-chain (offline). The Doughnut module allows users to create and sign digital on-chain certificates (doughnuts) that give permission for one identity (such as a DApp) to perform certain actions on behalf of the user’s identity using their assets. For example, if a user wanted to purchase an NFT for 10 CENNZ within a DApp, they can be prompted to create and sign a doughnut which would authorise the chosen DApp to withdraw up to 10 of their CENNZ tokens to buy the NFT. The doughnut means that, while the DApp has permission to access tokens from the user’s wallet, they are protocol bound to only use 10 and only for the specific purpose of buying the NFT.
The amazing thing about doughnuts is that it takes trust and permissions to the protocol level. As we know from our exploration of blockchain protocol, all nodes must adhere to protocol to be part of the blockchain. As doughnut permissions are part of the protocol, every node must first check if a transaction has a doughnut attached to it. If it does, then the contents of the doughnut must be respected and performed. Once created, doughnuts are also stored on-chain within a block. Each block can be checked to see which doughnuts were signed with which transactions, so actions on the chain are clear and verifiable.
Another important aspect of doughnuts is that they are created off-chain (offline). All you need to create a doughnut is a cryptographic keypair. On first and second-generation blockchains, for example, granting permissions to approve a contract to spend up to $10, has to be done on-chain via an approval transaction. This means that every time a permission needs to be granted it costs gas fees. By making doughnuts offline, CENNZnet has made issuing permissions free and part of the transaction, rather than a separate step.
DApp users on CENNZnet can use the doughnut protocol to control exactly how much access to their information the network has. In practice, this is done through a system of what are called session accounts.
A DApp user will have an identity on the CENNZnet network. This identity will have access to all of its on-chain assets such as a wallet and potentially some personal data. To interact with a DApp a user can set up a session account. This is like a shadow account. Using doughnuts the session account can be given certain privileges from the original identity, for example, access to a certain amount of funds from a wallet or specific personal details.
Session accounts are what interact with a DApp on the CENNZnet. So to start using a new DApp a user would create a new session account. They would then provide that session account with the privileges that the specific DApp requires to function using a Doughnut. This means there is no way for a breach of privacy to occur as DApps only have access to an account with the least amount of privilege required to perform the necessary actions.
It’s a pretty funky name for a blockchain protocol right? Doughnuts was decided on as a name because it provides users with benefits similar to browser Cookies or Google’s Macaroons. But unlike these tools, which work only for a centralised system and have some downright worrying privacy implications, doughnuts are designed for a trustless decentralised ledger. As the world’s leading hollow treat, we thought doughnuts symbolised the lack of central control brilliantly.
Get started building with the CENNZnet Doughnut Protocol here.