The first implementation of the Enigma Data Marketplace is designed to integrate with Catalyst on the application layer. Until the Enigma network is up and running, a temporary implementation of the functionality that will be provided by the network in the future is offered by an authentication server hosted in the cloud.
When a user running Catalyst on their local machine requests to ingest a data set they are subscribed to, Catalyst routes that request to the authentication server. The authentication scheme used between client and server is an implementation of digest access authentication using the user’s private and public cryptographic keys, without the client ever handling their private key directly.
When the user requests access to a subscribed data set, their Catalyst client
opens a session with the authentication server. The server replies back with a
challenge that includes a
nonce and an
opaque as specified in
RFC 2617. The client then
nonce to be hashed and signed using the user’s private key.
The client replies to the authentication server with the signature of the
nonce and the
opaque untouched. The server validates that the
opaque are valid, and verifies that the signature corresponds
with the user’s public address. If successful, queries the smart contract to
validate that the user’s public address holds and active subscrition to the
requested data set, and if successful responds with the requested data set back
to the client, thereby completing the request.
All blockchain implementations, and Ethereum in particular, use public-key cryptography in their addressing scheme. Each address on the blockchain is associated with a private and a public key, where the private key is secret, the public key can be mathematically derived from the private key, and the public address is a hash+checksum of the public key. It is critical that the private key is not leaked, otherwise whoever has access to the private key gains full control of its associated address.
Instead of Catalyst handling any private keys to authenticate requests, Catalyst supports external wallets that handle the user’s private keys, and can sign transactions on their behalf. Catalyst requests any of the supported wallets to sign a transaction on behalf of the user (the wallet will require the user to enter a password to unlock their account), and returns the signature to Catalyst so that it can continue with the authentication process.
The digest authentication scheme for Enigma’s Data Marketplace uses an Ethereum-compatible signature implementation that adds a custom Ethereum message and length using the following structure:
message_to_sign(message): msg = "\x19Ethereum Signed Message:\n" + str(len(message)) + message return sha3(msg)
The wallets currently supported by Catalyst to access the Data Marketplace are:
- Any other wallet that allows to sign transactions through the MyEtherWallet
- MetaMask / Mist
- Ledger Wallet
- Digital Bitbox
- Keystore / JSON File