Domain encryption enables controllers to securely store sensitive settings for Digital Entities using Interchain Identifiers (IIDs). IIDs are fully conformant DIDs specifically designed for Digital Entity domains within blockchain namespaces, extending the W3C DID standard with cross-chain resolution and Interchain ecosystem features while maintaining complete DID specification compatibility.

Overview

Domain encryption provides privacy features for Digital Twins through:

  • IID-compliant document structure (following W3C DID standards with IXO extensions)
  • Privacy-preserving domain tokenization
  • Verifiable linked resources
  • Polymorphic service mediation
  • Herd privacy protection

Domain Settings Encryption

Domain settings encryption uses pairwise key agreement and authenticated encryption to ensure that sensitive configuration data is only accessible to authorized parties, while maintaining IID compliance.

  1. Setup Encryption Keys

    • Generate key agreement key pair
    • Generate authentication key pair
    • Register in IID document
    • Secure private keys

  2. Encrypt Settings

    • Perform key agreement
    • Derive encryption key
    • Encrypt with authentication
    • Generate proof

  3. Store Encrypted Data

    • Create encrypted resource
    • Store via mediator
    • Update hashgraph
    • Maintain privacy

  4. Access Control

    • Verify recipient
    • Validate authorization
    • Check proofs
    • Enforce permissions

Security Considerations

Key Management

  • Regular key rotation
  • Secure key storage
  • Authorization validation
  • Access revocation

Encryption

  • Authenticated encryption
  • Fresh nonces
  • Additional data
  • Integrity checks

Storage

  • Off-chain encryption
  • Mediator security
  • Proof verification
  • Backup strategy

Future Proofing

  • Post-quantum readiness
  • Protocol upgrades
  • Version management
  • Migration support

Prerequisites

IID Knowledge

  • Interchain Identifier specification
  • Domain tokenization concepts
  • Linked resources
  • Privacy-preserving features

Cryptography

  • Key agreement methods
  • Content-derived identifiers
  • Hashgraph verification
  • Tor network integration

Domain IID Setup

Privacy-Preserving Features

  1. Polymorphic Mediation

    • Single service endpoint
    • Tor network integration
    • Blind request routing
    • Service negotiation

  2. Resource Hashgraph

    • Content-derived identifiers
    • Verifiable resource linking
    • Private resource count
    • Proof verification

  3. Herd Privacy

    • Standardized document structure
    • Common service patterns
    • Minimal correlation data
    • Population-based obscurity

  4. Secure Storage

    • Off-chain encryption
    • Content addressing
    • Distributed storage
    • Access control

Implementation Guide

import { IIDDocument, LinkedResource } from '@ixo/iid-sdk';

async function createPrivateDomain(
  controller: string,
  properties: DomainProperties
): Promise<IIDDocument> {
  // Create hashgraph for domain resources
  const resourceHashgraph = await createResourceHashgraph(properties.resources);

  // Setup polymorphic mediator
  const mediator = await setupPolymorphicMediator(controller);

  // Create IID document
  const iidDoc = await IIDDocument.create({
    controller,
    mediator,
    resourceHashgraph,
    properties
  });

  return iidDoc;
}

Domain Capabilities

Asset Identification

  • Unique digital asset typing
  • Token class specification
  • Verifiable identifiers
  • Namespace registration

Resource Linking

  • On-chain/off-chain resources
  • Verifiable content addressing
  • Private resource metadata
  • Proof verification

Rights Management

  • Machine-executable rights
  • Capability delegation
  • Service invocation
  • Access control

Entity Relationships

  • Spatial Web integration
  • Graph relationships
  • Edge definitions
  • Node connections

Security Considerations

Best Practices

IID Compliance

  • Follow IID specification
  • Implement privacy features
  • Use content addressing
  • Enable service mediation

Resource Management

  • Content-derived identifiers
  • Hashgraph implementation
  • Private metadata
  • Proof generation

Privacy

  • Minimize correlation
  • Use Tor endpoints
  • Implement mediation
  • Protect metadata

Integration

  • Spatial Web compatibility
  • Cross-chain interoperability
  • Standard representations
  • Proper verification

Developer Resources

IID Specification

Interchain Identifiers specification

Implementation Guide

IID implementation details

Privacy Guide

Privacy-preserving features

Resource Guide

Resource management

For technical support or questions about domain encryption and IIDs, join our Developer Community or contact our Developer Relations Team.

Next Steps

IID Documentation

Learn more about Interchain Identifiers

Privacy Guide

Explore privacy best practices

Resources

Additional developer resources