A securely stored identity in a User's Wallet allows anyone to easily establish a secure end-to-end encrypted communication channel with the Wallet.
This can be achieved because anyone can now resolve a human readable CRUX ID to the Public Key of the ID owner. Elliptic-curve Diffie–Hellman (ECDH) helps the Application and the Wallet both derive the same shared secret.
This means, independent of the transport layer used, at CRUX's level we can implement secure communication between Application and Wallet.
We use WebRTC as the transport layer for CRUXGateway. WebRTC allows two peers to exchange data without intermediaries. The peers need the assistance of an entity generalised as the 'Bridge Server' which helps the peers discover each other on the network. Once discovered, the two peers can independently speak to each other without need the Bridge Server, until network conditions change such that they can no longer find each other.
Users can whitelist individual Applications in their Wallet to whom they want to grant communication rights to.
Applications can connect to User's CRUX ID residing in the User's Wallet and communicate with the wallet in three ways -
- RawTransactionRequest - Applications can request the user to sign and send any raw Transaction - like Web3 standard
- PaymentRequest - For financial transactions, Applications can request a specific standardised currency, and a specific amount. The User will get a Payment Request notification on their Website.
- IdentityProofRequest - The Application can ask the User to prove the ownership of the identity with this. This can be used to authenticate users securely for any use case.
CRUXGateway can be consumed as a Web3Provider, which means any dApp using web3 and web3-like standards can integrate CRUX as a web3 provider with a few lines of code change. That means any existing Ethereum, TRON, or EOS dApp will be able to connect to any Wallet which supports CRUX protocol, and make the desired smart contract or currency transfer transactions.
Section 2.5 of the Risk Analysis document walks through the new risks introduced with CRUXGateway protocol, and how those risks are mitigated.
Updated about a year ago