A Tale of Two Raindrops

Anurag Angara
Hydrogen
Published in
4 min readApr 28, 2018

Raindrop is the first phase of Hydro ecosystem. It exists to enhance private systems with a blockchain-based authentication layer. Within Raindrop, we have created two separate authentication services — one for the client-side and one for the server-side. In this post, I aim to clarify the difference between the two.

Why Two Authentication Services?

When you pass your data to someone — your bank, for instance — there are two general ways for someone to steal it.

  1. They could pretend to be you and access your account. This is what Client-side Raindrop aims to protect against.
  2. They could breach the bank’s database itself to steal everyone’s data, including your own. This is what Server-Side Raindrop aims to protect against.

It wouldn’t make sense to use the same product to protect against both of these types of attacks, because their uses are fundamentally different. In creating Client-side Raindrop, we were aiming to create an intuitive user experience for the end-user. With Server-Side Raindrop, we were aiming to create a largely automated, high-security process that leaves an immutable paper trail whenever an authorized party tries to access a backend system.

Client-side Raindrop is two-factor authentication for your individual account. Server-Side Raindrop is two-factor authentication for large systems, databases, and APIs.

How does each one use the Blockchain?

Client-side: I access my various accounts dozens of times per day along with millions of other people. If each time each one of us tried to log into our account, our access attempt was recorded on the blockchain, that would clog up Ethereum in an instant. It would be unnecessary and tedious to make me pay gas costs every time I want to log into my accounts and also wait 10–20 minutes. Instead, for Client-side Raindrop, we use public key cryptography to secure access to your account. We store a unique identity on your mobile device that nobody else can copy, and when you try to log in, we simply check on the blockchain that you really own this secret identity — it doesn’t require storing any information on-chain except for when you first create your account, so there are no gas costs for you, and it is done instantly.

Server-Side: Server-Side Raindrop is a little different. Not a lot of people are given access to your bank’s database, and when they do access it, your bank should definitely want to know. Without the blockchain, a hacker could erase every record of having accessed, or even tried to access a large system, and the bank would be none the wiser. Server-Side Raindrop acts as an in-between layer. The system (in this case the bank) can keep all of their existing protocols in place; the only difference is that once they have provided their credentials, right before they are granted access to your system, they have to perform a transaction on the blockchain. This transaction must be of a certain, extremely small and specific quantity provided to the accessor by our module as a “challenge”. Since only the accessor sees this challenge, and it occurs outside of the interaction between the accessor and the system, only a true authorized accessor can complete it. Moreover, since they must interact with the blockchain, a hacker would be unable to remove evidence of their access attempt, allowing the bank to quickly mitigate its risks and change access credentials to its database. Just like Client-side Raindrop, this process is 2FA, but it is optimized for an entirely different purpose.

How are these Raindrop products implemented?

If your bank were using Client-side Raindrop, it would contact us and integrate Client-side Raindrop into its login portal. This process is designed to be easy integration with a simple API call and shouldn’t take the bank more than a few hours to complete. Next, you, the end user would need to download our app. That’s even easier and shouldn’t take you more than a few minutes. You would provide your HydroID to your bank and would be able to set up Hydro 2FA instantly. If you are using Hydro 2FA with multiple platforms (your bank, your exchanges, your social media, etc) they will all load automatically into your mobile app.

If your bank wants to use Server-Side Raindrop, it would contact us and integrate Server-Side Raindrop into its backend processes. This, again, is designed to be simply integrated within a few hours and requires no overhaul of existing systems. We will be sharing a video soon that walks developers through the Server-Side Raindrop process, step-by-step.

** update — video available here: https://medium.com/hydrogen-api/server-side-raindrop-walkthrough-e58da52a0dc0 **

How can I start using these products?

Demand more security! Request that your banks, your exchanges, your social media platforms, your travel apps, and more integrate Hydro’s authentication products to enhance their existing security protocols with the power of the blockchain.

Check out our GitHub and the Raindrop documentation, and join our Discord channel for more information on the Raindrop authentication services.

--

--