MPIN256

Kind: global class
this: {MPIN256}

new MPIN256()

Creates an instance of MPIN256

MPIN256.today() ⇒

Get epoch time for day

Kind: static method of MPIN256
Returns: time in slots since epoch
this: {MPIN256}

MPIN256.bytestostring(b) ⇒

Convert byte array to string

Kind: static method of MPIN256
Returns: s string
this: {MPIN256}

ParamDescription
bbyte array

MPIN256.stringtobytes(s) ⇒

Convert a string to byte array

Kind: static method of MPIN256
Returns: b byte array
this: {MPIN256}

ParamDescription
sstring

MPIN256.comparebytes(a, b) ⇒

Convert byte arrays

Kind: static method of MPIN256
Returns: true if equal
this: {MPIN256}

ParamDescription
abyte array
bbyte array

MPIN256.mpin_hash(c, U) ⇒

Hash values

Kind: static method of MPIN256
Returns: R hash value
this: {MPIN256}

ParamDescription
cFP8 instance
UECP unstancebyte array

MPIN256.hashit(sha, n, B) ⇒

General purpose hash function

Kind: static method of MPIN256
Returns: R hash value
this: {MPIN256}

ParamDescription
shais the hash type
nInteger
Bbyte array

MPIN256.map(u, cb) ⇒

maps a random u to a point on the curve

Kind: static method of MPIN256
Returns: P ECP pointhash value
this: {MPIN256}

ParamDescription
uBIG numberInteger
cban integer representing the “sign” of y, in fact its least significant bit.

MPIN256.unmap(u, P) ⇒

returns u derived from P. Random value in range 1 to return value should then be added to u

Kind: static method of MPIN256
Returns: r Value that should be added to u to derive P
this: {MPIN256}

ParamDescription
uBIG numberInteger
PECP pointhash value

MPIN256.RECOMBINE_G1(R1, R2, R) ⇒

Add two members from the group G1

Kind: static method of MPIN256
Returns: 0 or an error code
this: {MPIN256}

ParamDescription
R1Input member of G1
R2Input member of G1
ROutput member of G1. R=R1+R2

MPIN256.RECOMBINE_G2(W1, W2, W) ⇒

Add two members from the group G2

Kind: static method of MPIN256
Returns: 0 or an error code
this: {MPIN256}

ParamDescription
W1Input member of G2
W2Input member of G2
WOutput member of G2. W=W1+W2

MPIN256.HASH_ID(sha, ID) ⇒

Hash the identity

Kind: static method of MPIN256
Returns: hash value
this: {MPIN256}

ParamDescription
shais the hash type
IDIdentity as byte array

MPIN256.RANDOM_GENERATE(rng, S) ⇒

Create random secret

Kind: static method of MPIN256
Returns: O for success or else error code
this: {MPIN256}

ParamDescription
rngcryptographically secure random number generator
SRandom secret value

MPIN256.EXTRACT_PIN() ⇒

Extract a PIN number from a client secret

Kind: static method of MPIN256
Returns: token
this: {MPIN256}
Parameter: sha hash type
Parameter: CID Client identity
Parameter: pin PIN value
Parameter: TOKEN Client secret

MPIN256.EXTRACT_FACTOR() ⇒

Extract factor from TOKEN for identity CID

Kind: static method of MPIN256
Returns: token
this: {MPIN256}
Parameter: sha hash type
Parameter: CID Client identity
Parameter: factor Value to extract
Parameter: facbits Number of bits in factor
Parameter: TOKEN Token value

MPIN256.RESTORE_FACTOR() ⇒

Restore factor to TOKEN for identity CID

Kind: static method of MPIN256
Returns: token
this: {MPIN256}
Parameter: sha hash type
Parameter: CID Client identity
Parameter: factor Value to extract
Parameter: facbits Number of bits in factor
Parameter: TOKEN Token value

MPIN256.GET_SERVER_SECRET(S, SST) ⇒

Create a server secret in G2 from a master secret

Kind: static method of MPIN256
Returns: O for success or else error code
this: {MPIN256}

ParamDescription
SMaster secret
SSTServer secret = s.Q where Q is a fixed generator of G2

MPIN256.GET_G1_MULTIPLE(type, x, G, W) ⇒

Find a random multiple of a point in G1

Kind: static method of MPIN256
Returns: O for success or else error code
this: {MPIN256}
Parameter: rng cryptographically secure random number generator

ParamDescription
typedetermines type of action to be taken
xan output internally randomly generated if R!=NULL, otherwise must be provided as an input
Gif type=0 a point in G1, else an octet to be mapped to G1
Wthe output =x.G or x.M(G), where M(.) is a mapping

MPIN256.GET_CLIENT_SECRET(S, CID, CST) ⇒

Create a client secret in G1 from a master secret and the client ID

Kind: static method of MPIN256
Returns: O for success or else error code
this: {MPIN256}

ParamDescription
Sis an input master secret
CIDis the input client identity
CSTis the full client secret = s.H(ID)

MPIN256.GET_CLIENT_PERMIT(sha, date, S, CID, CTT) ⇒

Create a Time Permit in G1 from a master secret and the client ID

Kind: static method of MPIN256
Returns: O for success or else error code
this: {MPIN256}

ParamDescription
shais the hash type
dateis input date, in days since the epoch.
Sis an input master secret
CIDis the input client identity
CTTis a Time Permit for the given date = s.H(d

MPIN256.CLIENT_1(sha, date, CLIENT_ID, rng, X, pin, TOKEN, SEC, xID, xCID, PERMIT) ⇒

Perform first pass of the client side of the 3-pass version of the M-Pin protocol

Kind: static method of MPIN256
Returns: O for success or else error code
this: {MPIN256}

ParamDescription
shais the hash type
dateis input date, in days since the epoch. Set to 0 if Time permits disabled
CLIENT_IDis the input client identity
rngis a pointer to a cryptographically secure random number generator
Xan output internally randomly generated if R!=NULL, otherwise must be provided as an input
pinis the input PIN number
TOKENis the input M-Pin token (the client secret with PIN portion removed)
SECis output = CS+TP, where CS=is the reconstructed client secret, and TP is the time permit
xIDis output = x.H(ID)
xCIDis output = x.(H(ID)+H(d
PERMITis the input time permit

MPIN256.CLIENT_2(X, Y, SEC) ⇒

Perform second pass of the client side of the 3-pass version of the M-Pin protocol

Kind: static method of MPIN256
Returns: O for success or else error code
this: {MPIN256}

ParamDescription
Xan input, a locally generated random number
Yan input random challenge from the server
SECon output = -(x+y).V

MPIN256.SERVER_1(sha, date, CID, HID, HTID) ⇒

Perform first pass of the server side of the 3-pass version of the M-Pin protocol

Kind: static method of MPIN256
Returns: O for success or else error code
this: {MPIN256}

ParamDescription
shais the hash type
dateis input date, in days since the epoch. Set to 0 if Time permits disabled
CIDis the input claimed client identity
HIDis output H(ID), a hash of the client ID
HTIDis output H(ID)+H(d

MPIN256.SERVER_2(date, HID, HTID, Y, SST, xID, xCID, mSEC, E, F, Pa) ⇒

Perform third pass on the server side of the 3-pass version of the M-Pin protocol

Kind: static method of MPIN256
Returns: O for success or else error code
this: {MPIN256}

ParamDescription
dateis input date, in days since the epoch. Set to 0 if Time permits disabled
HIDis input H(ID), a hash of the client ID
HTIDis input H(ID)+H(d
Yis the input server's randomly generated challenge
SSTis the input server secret
xIDis input from the client = x.H(ID)
xCIDis input from the client= x.(H(ID)+H(d
mSECis an input from the client
Eis an output to help the Kangaroos to find the PIN error, or NULL if not required
Fis an output to help the Kangaroos to find the PIN error, or NULL if not required
Pais the input public key from the client, z.Q or NULL if the client uses regular mpin

MPIN256.KANGAROO(E, F) ⇒

Use Kangaroos to find PIN error

Kind: static method of MPIN256
Returns: 0 if Kangaroos failed, or the PIN error e
this: {MPIN256}

ParamDescription
Ea member of the group GT
Fa member of the group GT = E^e

MPIN256.GET_TIME() ⇒

Time since epoch

Kind: static method of MPIN256
Returns: time since epoch
this: {MPIN256}

MPIN256.CLIENT(sha, date, CLIENT_ID, rng, X, pin, TOKEN, SEC, xID, xCID, PERMIT, TimeValue, Y, Message) ⇒

Perform client side of the one-pass version of the M-Pin protocol

Kind: static method of MPIN256
Returns: O for success or else error code
this: {MPIN256}

ParamDescription
shais the hash type
dateis input date, in days since the epoch. Set to 0 if Time permits disabled
CLIENT_IDis the input client identity
rngis a pointer to a cryptographically secure random number generator
Xan output internally randomly generated if R!=NULL, otherwise must be provided as an input
pinis the input PIN number
TOKENis the input M-Pin token (the client secret with PIN portion removed)
SECis output = -(x+y)(CS+TP), where CS is the reconstructed client secret, and TP is the time permit
xIDis output = x.H(ID)
xCIDis output = x.(H(ID)+H(d
PERMITis the input time permit
TimeValueis input epoch time in seconds - a timestamp
Yis output H(t
Messageis the message to be signed

MPIN256.SERVER(sha, date, HID, HTID, Y, SST, xID, xCID, mSEC, E, F, CID, TimeValue, MESSAGE, Pa) ⇒

Perform server side of the one-pass version of the M-Pin protocol

Kind: static method of MPIN256
Returns: O for success or else error code
this: {MPIN256}

ParamDescription
shais the hash type
dateis input date, in days since the epoch. Set to 0 if Time permits disabled
HIDis output H(ID), a hash of the client ID
HTIDis output H(ID)+H(d
Yis output H(t
SSTis the input server secret
xIDis input from the client = x.H(ID)
xCIDis input from the client= x.(H(ID)+H(d
mSECis an input from the client
Eis an output to help the Kangaroos to find the PIN error, or NULL if not required
Fis an output to help the Kangaroos to find the PIN error, or NULL if not required
CIDis the input claimed client identity
TimeValueis input epoch time in seconds - a timestamp
MESSAGEis the message to be signed
Pais input from the client z.Q or NULL if the key-escrow less scheme is not used

MPIN256.PRECOMPUTE(TOKEN, CID, G1, G2) ⇒

Precompute values for use by the client side of M-Pin Full

Kind: static method of MPIN256
Returns: O for success or else error code
this: {MPIN256}

ParamDescription
TOKENis the input M-Pin token (the client secret with PIN portion removed)
CIDis the input client identity
G1precomputed output
G2precomputed output

MPIN256.HASH_ALL(sha, HID, xID, xCID, SEC, Y, R, W) ⇒

Hash the session transcript

Kind: static method of MPIN256
Returns: H the output is the hash of all of the above that apply
this: {MPIN256}

ParamDescription
shais the hash type
HIDis the hashed input client ID = H(ID)
xIDis the client output = x.H(ID)
xCIDis the client output = x.(H(ID)+H(T
SECis the client part response
Yis the server challenge
Ris the client part response
Wis the server part response

MPIN256.CLIENT_KEY(sha, G1, G2, pin, R, X, H, wCID, CK) ⇒

Calculate Key on Client side for M-Pin Full

Kind: static method of MPIN256
Returns: 0 or an error code
this: {MPIN256}

ParamDescription
shais the hash type
G1precomputed input
G2precomputed input
pinis the input PIN number
Ris an input, a locally generated random number
Xis an input, a locally generated random number
His an input, hash of the protocol transcript
wCIDis the input Server-side Diffie-Hellman component
CKis the output calculated shared key

MPIN256.SERVER_KEY(h, Z, SST, W, H, HID, xID, xCID, SK) ⇒

Calculate Key on Server side for M-Pin Full

Kind: static method of MPIN256
Returns: 0 or an error code
this: {MPIN256}

ParamDescription
his the hash type
Zis the input Client-side Diffie-Hellman component
SSTis the input server secret
Wis an input random number generated by the server
His an input, hash of the protocol transcript
HIDis the hashed input client ID = H(ID)
xIDis input from the client = x.H(ID)
xCIDis input from the client= x.(H(ID)+H(d
SKis the output calculated shared key

MPIN256.GET_DVS_KEYPAIR(rng, Z, Pa) ⇒

Generates a random public key for the client z.Q

Kind: static method of MPIN256
Returns: 0 or an error code
this: {MPIN256}

ParamDescription
rngcryptographically secure random number generator
Zan output internally randomly generated if R!=NULL, otherwise it must be provided as an input
Pathe output public key for the client