A few months back, we released (hereto “Raindrop”) on the Hydrogen API, an authentication scheme that leverages several of the major security guarantees provided by the .
Raindrop combines the robustness of a public-key crypto system with an immutable on-chain identity protocol to provide off-chain authentication in an incontestable manner. Since the initial Raindrop release, we have continued to pose questions and look at novel applications for our authentication solution.
How It Works
Although Raindrop inherits many of its security properties from the , the authentication process itself occurs almost entirely off-chain. The off-chain nature of Raindrop authentication makes it immediately useful for many existing centralized portals and applications, but extensibility, to on-chain applications, is a bit more tricky. Since there is no native mechanism for porting off-chain data onto the , using Raindrop to enhance the security of dApp security was difficult, but we were determined to find a solution.
Thankfully, projects like Chainlink exist, a company that a partnership with in November.
What is Chainlink?
Chainlink is a decentralized oracle platform built on . The Chainlink team has built a system of smart contracts and middleware that seamlessly connects the to off-chain data sources.
With Chainlink, off-chain information can be routed onto the in a secure, efficient, and decentralized manner. Through our Chainlink integration, developers can now seamlessly embed our off-chain Raindrop authentication solution directly within their decentralized application infrastructure.
P2P Wallet Implementation
For our first application, our awesome intern, Matt, developed a HYDRO protected with Raindrop for multi-factor authentication. This will allow the to create a P2P application, like Venmo, with based identity and validation.
Currently, there are two prominent solutions available on :
(1) There is your typical address. Storing funds here leaves you exposed to phishing attacks. If your are stored in your address, and someone manages to steal your private key, they will have uninhibited access to your funds. That is very bad!
(2) An alternative solution is to set up a multi-sig . Multi-sig wallets are smart contracts that require explicit authorization from several addresses in order to execute a transaction. Multi-sigs are arguably safer, but they complicate user experience significantly, by forcing you to manage multiple keys at once. Multi-sig wallets also introduce additional existential risks in the form of key loss. If you ever lose access to some of your keys, your funds are most likely irretrievable.
Implications
Our Raindrop-Chainlink provides a novel middle-ground between key management, user experience, and fund security.
Our allows users to securely make HYDRO withdrawals up to a daily limit that you set. Transactions exceeding the daily limit trigger Raindrop authentication before execution. What that means is, in order to send large transactions, you need to provide a signature from the Hydrogen mobile app.
The Raindrop-Chainlink seamlessly integrates with an existing , the aggregate identity standard created by Hydrogen engineers last year. From any of your associated ERC-14848 addresses, you have the ability to initialize new wallets, make deposits, and request withdrawal requests.
The will soon be adding this dApp to their marketplace, with many new features and design elements, so the entire world can feel the power of secure P2P payments! We can’t wait to see where they take this project going forward!
Published at Tue, 26 Feb 2019 15:11:27 +0000
