Skip to main content
Selling machine data has a trust problem on both sides. A buyer needs to know the data really came from a specific machine and was not tampered with, before paying. A seller needs to hand over exactly what was bought and nothing more, without leaking the rest or trusting a middleman to hold the plaintext. Stream solves both with signatures, hashes, and per-chunk encryption. Trust comes from the machine’s and verifiable hashes — no shared secrets, no trusted intermediary.

Roles

RoleDescription
MachineThe robot or device generating data. Holds a and signing key from Activate.
Machine Owner / Proxy OperatorSets the data policy, runs the , lists data for sale, and configures recovery recipients.
Context Provider (buyer)Buys access, verifies it, and normalizes the data into datasets for consumption such as AI training. DataHive is one.
peaqOS backendStores policies, manifests, receipts, and access grants, and emits audit events. It does not store raw plaintext data.

The trust model

1. Signed data packages. As data is captured, the machine bundles it with its identity — peaqID, timestamp, schema version, sequence number — and signs it. Anyone can verify the signature using the public key derived from the machine’s DID, with no account or login. Field rules are applied before signing, so a buyer can detect tampering without the seller having to reveal protected fields. 2. Field-level rules. A defines, per topic and field, whether to include, exclude, encrypt, or anonymize (by hash, generalize, or redact). Sensitive values are protected before they ever leave the machine. 3. Chunks and chunk chains. Continuous data is grouped into bounded — by size, message count, or time window. Each chunk links to the previous one, forming a : reordering, gaps, or edits become detectable. A chunk is the unit a buyer purchases. 4. Per-chunk encryption. Each chunk is encrypted under its own random key. That key is then wrapped separately for each authorized recipient using their public key. Granting access to a new buyer re-wraps the key to their key — the chunk data is never re-encrypted, and no master key is ever shared. This is . 5. Manifests and datasets. Each chunk gets a signed recording its hashes (ciphertext and a plaintext commitment), storage reference, and encryption metadata — never the data itself. Chunks roll up into a for one topic and time range, with a committing to every chunk. The owner lists the dataset; buyers verify against the manifests before paying.

The chunk envelope

A chunk is stored and shared as a self-describing envelope: the encrypted bytes plus everything needed to verify and (with the right key) decrypt them. 
{
  "chunkId": "…",
  "previousChunkId": "…",
  "index": 0,
  "encryptedDataHash": "sha256:…",
  "plaintextHash": "sha256:…",
  "storageRef": "walrus://…",
  "encryption": {
    "algorithm": "xchacha20-poly1305",
    "nonce": "…",
    "keyCommitment": "sha256:…",
    "keyRecipients": [
      {
        "recipientId": "…",
        "recipientType": "owner",
        "algorithm": "x25519-sealedbox",
        "publicKeyHex": "…",
        "wrappedKeyHex": "…"
      }
    ]
  },
  "signature": { "algorithm": "ed25519", "machineDid": "did:peaq:0x…", "keyId": "did:peaq:0x…#keys-1", "publicKeyHex": "…", "value": "…" }
}
The encrypted bytes live off-chain — local disk, owner storage, (walrus://), or a cloud adapter. The backend tracks only the manifest: hashes, storage reference, and the per-recipient wrapped keys. Adding a buyer to keyRecipients is how an access grant is issued — no data is re-encrypted.

Buyer–seller flow

1

Capture and chunk

The Edge Agent captures allowed topics, applies field rules, and groups messages into encrypted chunks with signed manifests.
2

Package into a dataset

Chunks for a topic and time range roll up into a dataset with a Merkle root. The owner signs and lists it.
3

Discover and verify

A buyer browses the listing, fetches the dataset and chunk manifests, verifies the machine’s signatures, and checks chunk hashes against the Merkle root. Optional sample chunks can be inspected before purchase.
4

Pay and grant access

The buyer submits their public key and pays. After payment, an re-wraps the purchased chunk keys to the buyer’s key. The backend records the grant and an audit event.
5

Deliver and decrypt

The buyer fetches the encrypted chunks from storage, unwraps the chunk keys with their private key, and decrypts only the chunks they bought, one at a time.
Owner and operator recovery recipients can be configured before chunks are created: the chunk key is also wrapped to their keys, so data stays recoverable if the machine goes offline.

Build it

The cryptographic operations — signing, chunk chains, encryption, key wrapping — are exposed by the stream SDK module for JavaScript and Python. The on-machine Edge Agent runs this pipeline automatically from a Data Event Map. Buyers and Context Providers integrate through the Stream data marketplace API.