HYDROGEN PLATFORM - THE VERY SOLID SECURITY-RELATED LIQUID PROJECT

in #news7 years ago

HYDRO: Etymology - From Ancient Greek ὑδρο- (hudro-), from ὕδωρ
(húdōr, “water”)
Hydro enables new and existing private systems to seamlessly integrate and
leverage the immutable & transparent dynamics of a public blockchain to enhance
application and document security, identity management, transactions, and
artificial intelligence.
In this paper, a case will be made for private systems, such as APIs, to use
the Hydro public blockchain to enhance security through public authentication.
The proposed technology is called “Raindrop” - a transaction performed through
a smart contract that validates private system access publicly, and can
complement existing private authentication methods. The technology is intended
to provide additional security for sensitive financial data that is
increasingly at risk from hacking and breaches.
Initial implementation of the Hydro Raindrop is performed on the Hydrogen API
Platform. This modular set of APIs is available to enterprises and developers
globally to prototype, build, test, and deploy sophisticated financial
technology platforms and products.
The Hydro Raindrop will be made available to the world developer community as
open source software, to allow developers to integrate the Hydro Raindrop with
any REST API.

Blockchain & Ethereum

Hydro is implemented on the Ethereum network. Before providing more detail on
the project, it is important to understand some fundamental ideas about
blockchain and Ethereum.
Building on Ethereum
Much as apps like Snapchat were built with Swift and other tools offered on top
of the Apple iOS platform, so too can blockchain applications be built on top
of Ethereum. Snap Inc. didn’t need to build iOS, it used it as infrastructure
to launch a game-changing social media application.
Project Hydro is similar. It relies on the thousands of developers globally
that are working to make underlying blockchain technology faster, stronger, and
more efficient. Hydro leverages this constantly improving infrastructure by
developing product-focused interactions around blockchain technology that can
offer tangible benefits to financial services applications.
Merkle Trees
Merkle trees are used in distributed systems for efficient data verification.
They are efficient because they use hashes instead of full files. Hashes are
ways of encoding files that are much smaller than the actual file itself.
Every block header in Ethereum contains three Merkle Trees for Transactions,
Receipts, and States:

Source: Merkling in Ethereum; Vitalik Buterin, Ethereum Founder

This makes it easy for a light client to get verifiable answers to queries,
such as:
● Does this account exist?
● What is the current balance?
● Has this transaction been included in a particular block?
● Has a particular event happened in this address today?
Smart Contracts
A key concept enabled by Ethereum and other blockchain-based networks is that
of smart contracts. These are self-executing blocks of code that multiple
parties can interact with, cutting out the need for trusted middlemen. Code in
a smart contract can be seen as similar to the legal clauses in a traditional
paper contract, but can also achieve much more expansive functionality.
Contracts can have rules, conditions, penalties for non-compliance, or can
kickstart other processes. When triggered, contracts execute as originally
stated at the time of deployment on the public chain, offering built-in
elements of immutability and decentralization.
The smart contract is a vital tool for building on the Ethereum infrastructure.
Core functionality of the Hydro blockchain layer is achieved via custom
contracts, as discussed later in this paper.
Ethereum Virtual Machine
The Ethereum Virtual Machine (EVM) is the runtime environment for smart
contracts on Ethereum. The EVM helps to prevent Denial of Service (DoS)
attacks, ensures programs remain stateless, and enables communication that
cannot be interrupted. Actions on the EVM have costs associated with them,
called gas, which depend on the computational resources required. Every
transaction has a maximum amount of gas allotted to it, known as a gas limit.
If the gas consumed by a transaction reaches the limit, it will cease to
continue processing.

Public Ledger
A Public Ledger for Private Systems
The systems that power financial services platforms, websites, and applications
can often be described as mediums of data flow - they send, retrieve, store,
update, and process data for the entities they interface with. Because of the
nature of this data, and of financial services more generally, these systems
often house complex operations in a private and centralized manner. Reliance on
private structures, in turn, opens the door for a variety of security,
transparency, and efficiency gains to be had by incorporating external forces
that exceed the reach of the internal system.
Such is the case with Hydrogen’s API Platform. Hydro aims to tap into the
aforementioned gains by allowing Hydrogen users to interface with a blockchain
in ways that are seamlessly integrated into the fundamentally private Hydrogen
ecosystem.

Public blockchain-based operations can occur before, during, or after private
operations. The interplay between private and public elements can serve to
validate, stamp, record, or enhance processes within an ecosystem.
The ethos of this model is making processes more robust by tapping into the
benefits of blockchain technology specifically where it can produce the most
positive impact. While this hybrid framework may not be applicable to all
platforms, Hydro focuses on providing value for the cases in which it is.
Architecting for Adoption
Hydro differs from many existing blockchain initiatives, because it can exist
independently and layer around new or existing systems without requiring
systemic change. Rather than replace, Hydro aims to augment. Platforms and
institutions that plug into the Hydrogen APIs can automatically access the
blockchain.

The scope of financial services platforms that can leverage Hydrogen is broad.
These platforms can power virtually any experience, house any number of
proprietary services, perform any private data operation, and deploy in any
environment. This is enabled by Hydrogen's structural modularity and is
synergistic with Hydro, acting as a complementary driver of adoption.

The Hydro Raindrop

Rain contains packets of condensed water ranging from 0.0001 to 0.005
centimeters in diameter. In a typical rainstorm, there are billions of these
packets, each of random size, velocity, and shape. Because of that, one cannot
reliably predict the exact nature of rain. Similarly, every Hydro
authentication transaction is unique and virtually impossible to have occurred
by chance - that is why we call them Raindrops.
Financial services platforms commonly utilize micro-deposit verification to
validate client accounts. The concept is simple: the platform makes small
deposits of random amounts into a user's claimed bank accounts. In order to
prove the user indeed owns said account, he or she must relay the deposit
amounts back to the platform, which are then validated. The only way the user
can know the valid amounts (besides guessing) is by accessing the bank accounts
in question.
Raindrop-based verification with Hydro is analogous. Rather than sending the
user an amount and having it relayed back, we define a transaction and the user
must execute it from a known wallet. The only way the user can conduct a valid
transaction is by accessing the wallet in question.
By using Raindrops, both the system and the accessor can monitor authorization
attempts on an immutable public ledger. This blockchain-based transaction is
decoupled from the basic system operations, occurs on a distributed network,
and depends upon the ownership of private keys. Therefore, it serves as a
useful validation vector.

A Detailed Look

There are four entities involved in the Hydro authentication process:

  1. Accessor - The party attempting to access a system. In the case of
    Hydrogen, the accessor is a financial institution or app utilizing the
    Hydrogen APIs for its core digital infrastructure.
  2. System - The system or gateway that is being accessed by the Accessor.
    For Hydrogen, the system is the Hydrogen API itself.
  3. Hydro - The module that is utilized by the System to communicate and
    interface with the blockchain.
  4. Blockchain - The distributed public ledger that processes HYDRO
    transactions and contains the Hydro smart contracts, through which
    information may be pushed, pulled, or otherwise operated upon.
    Each Raindrop, in its entirety, is a set of five transactional parameters:
  5. Sender - The address that must initiate the transaction.
  6. Receiver - The transaction's destination. This corresponds to calling a
    method in a Hydro smart contract.
  7. ID - An identifier that is associated with the System.
  8. Quantity - A precise number of HYDRO to send.
  9. Challenge - A randomly generated alphanumeric string.
    Below is an outline of the authentication process, which can be generally
    classified into three stages:
  10. Initialization
  11. Raindrop
  12. Validation
    Initialization begins with a System (e.g. Hydrogen) registering to use Hydro
    and obtaining credentials, enabling the system to communicate with the
    blockchain via the Hydro module. The System onboards an Accessor (e.g. a
    financial institution) who registers a public address, and then passes the
    registered address to Hydro. This address is immutably written onto the
    blockchain to a whitelist stored in a Hydro smart contract. The System receives
    a confirmation that the address was whitelisted, which can also be verified as
    a publicly viewable event. System registration need only occur once, while
    Accessor whitelisting need only occur once per Accessor.

Opening The Raindrop To The Public
While this blockchain-based authentication service was architected to help
secure the Hydrogen API ecosystem, it is widely applicable to different
platforms and systems. Because we feel that others can potentially benefit from
this verification layer, we are opening it up for use.
Just as Hydrogen will integrate it as a precondition for access to its API
ecosystem, so too can any system add it to existing procedures and protocols.
Any platform - be it an API, application, enterprise software, gaming platform,
etc. - can leverage Hydro for authentication purposes. Formal documentation
will be available on GitHub for those who wish to incorporate this blockchain
layer into an authentication framework or REST API.

Case Study - Raindrop With OAuth 2.0

There are dozens of ways the Raindrop release can be used by private
organizations. Private APIs, databases, and networks have created elaborate
systems of tokens, keys, apps, and protocols over the last decade, in an
attempt to secure sensitive data. Google, for example, became one of the most
popular product providers in the market with the Google Authenticator app. As
mentioned previously, there is little to no reason to compete with or replace
these existing protocols.
As a case study, here is a brief overview of how Hydrogen implements Hydro
authentication as a security layer in its overall API security framework:

  1. Hydrogen API partners must first have the IP addresses of their various
    environments whitelisted.
  2. Partners must request to whitelist a public Hydro address.
  3. All calls to the Hydrogen APIs and transfers of data are encrypted and
    transmitted through the HTTPS protocol.
  4. Partners must complete a valid Hydro raindrop transaction from the
    registered Hydro address.
  5. Partners must use OAuth 2.0 validation. OAuth (Open Authorization) is an
    open standard for token-based authentication and authorization. Hydrogen
    supports the “Resource Owner Password Credentials” and “Client
    Credentials” grant types, and each API user must provide credentials for
    an authentication request

**Risks **
Much like any nascent technology, such as the early days of social media,
email, and streaming applications (which were reliant on dial-up connectivity),
it is important that the core development team closely track new developments
in Ethereum transaction speeds and volumes. Could you imagine YouTube
attempting to launch in 1995? Or Instagram being first offered on the
Blackberry?
Core Ethereum developers such as Vitalik Buterin and Joseph Poon have proposed
the Plasma: Scalable Autonomous Smart Contracts upgrade to the Ethereum
protocol:

Plasma is a proposed framework for incentivized and enforced execution
of smart contracts which is scalable to a significant amount of state
updates per second (potentially billions) enabling the blockchain to be
able to represent a significant amount of decentralized financial
applications worldwide. These smart contracts are incentivized to
continue operation autonomously via network transaction fees, which is
ultimately reliant upon the underlying blockchain (e.g. Ethereum) to
enforce transactional state transitions.

Others, such as The Raiden Network, have proposed an off-chain scaling solution
designed to power faster transactions and lower fees. At this time, the
Raindrop will put very minimal strain on the Ethereuem framework, thus
scalability is a very small risk to the success of the technology.

**Conclusion **
The immutability of a public blockchain offers new ways to enhance security of
private systems like APIs.
Note these three things:

  1. Public blockchains can add value in financial services.
  2. The Hydro Raindrop can enhance security of private systems.
  3. There are immediate applications of the Hydro Raindrop within the
    In addition,
    The Hydro team believes the framework set forth can be the standard security
    infrastructure for a new model of hybrid private-public systems, which will
    benefit all stakeholders in the financial services industry and beyond.
    Hydrogen is building the global financial platform of the Web 3.0. To enable Hydrogen to augment its APIs with decentralized blockchain functionality, Project Hydro was founded. Hydro launched an ERC-20 token in order to build the necessary functionality to close the gap between public blockchains and real-world businesses. Hydro enables new and existing private systems to seamlessly integrate and leverage the immutable & transparent dynamics of a public blockchain to enhance application and document security, identity management, transactions, and artificial intelligence. https://www.hydrogenplatform.com/hydro

Social Media
Reddit: http://www.reddit.com/r/projecthydro
Blog: https://medium.com/hydrogen-api
Twitter: https://twitter.com/@hydrogenapi
Telegram: https://t.me/projecthydro
Discord: https://discordapp.com/invite/gxAUagw
YouTube: https://www.youtube.com/channel/UChDPAVs_qKREy9zAQsc6VVw
BitcoinTalk: https://bitcointalk.org/index.php?topic=2778123.0

Important Links

Website: https://hydrogenplatform.com/hydro
Github: https://github.com/hydrogen-dev
Raindrop White Paper: https://www.hydrogenplatform.com/white-papers/Hydro_Raindro
p_White_Paper_English.pdf
Hydro API Documentation: https://www.hydrogenplatform.com/docs/hydro/v1/
Hydro Community Development Program: https://medium.com/hydrogen-api/introducing-the-hydro-community-development-program-d774909c67b8
Hydro Smart Contract: https://etherscan.io/token/0xebbdf302c940c6bfd49c6b165f457fdb324649bc

Token Tracking: https://coinmarketcap.com/currencies/hydrogen/

Where To Obtain HYDRO
CoinEx: https://www.coinex.com/trading
Mercatox: https://mercatox.com/
ForkDelta: https://forkdelta.github.io/#!/trade/HYDRO-ETH
Joyso: https://joyso.io/trade/en/m