twitter logo linkedin logo facebook logo

M-PIN Zero Knowledge Proof Protocol

Dr Michael Scott, Chief Crypto Officer

Welcome Sign

Earlier in the month we shared our thoughts on Zero Knowledge Proof, comparing it with Zero Trust and clarifying the significant difference between the two. Our Chief Crypto Officer is Dr Michael Scott. Having working in cryptography for over 30 years, and in fact, as one of the global leaders in this specific discipline, today he shares his in depth white paper on Zero Knowledge Proof. This in depth piece of writing explains exactly how MIRACL Trust works, and why it is the ideal low cost, secure authentication solution for scale.

What is M-Pin? The M-Pin protocol is intended to replace the well-known Username/Password authentication mechanism which is widely considered to be effectively broken. The main problem is the existence of a “password file” on the server, which is commonly stolen and hacked, revealing most user passwords.

The idea behind MPin is that each registered client is issued with a large cryptographic secret. They then prove to a server that they are in possession of this secret using a zero-knowledge proof. This removes the requirement for any information related to client secrets to be stored on the server.

Industry commentators have long advocated a multi-factor solution. The novel feature of M-Pin is that the cryptographic secret may be safely split up into any number of independent factors. Each of these factors has the same form, they are points on an elliptic curve. To recreate the original secret they are simply added together again – it’s as simple as that. One factor might be derived from a short 4-digit PIN. Another might be a “token” conveniently dropped into the users browser. Classic two-factor solutions are in fact often hierarchical and two-level. A key generated from one factor is used to unlock the other. Disjoint technologies are used by each factor.

Typically a password (or a biometric) might be used to unlock an authentication key stored in a file. Strictly speaking this solution is only one-factor, as it is only this authentication key that is required, and an attacker would be satisfied if they could obtain this without knowing the password. However since this is probably not possible we accept that the overall effect is two-factor authentication. Software encryption might be used as the locking mechanism, but since a brute force attack will discover the authentication key, the password must become a large hard-to-remember pass-phrase.

The alternative (which achieves the same functionality as two-factor M-Pin) is to lock the authentication key into a secure hardware vault. Now a short PIN can be used to unlock it. However secure hardware is expensive and may not be supported on all devices. Another downside of this classic approach is that the extension to multi-factor authentication is not at all obvious.

To download and read the full whitepaper either enter your details in the pop-up form or contact us below.

And if you have any questions then do get in touch and we’ll do our best to help or clarify any questions you might have. Email us at sarah.sawrey-cookson@miracl.com

To reach out to MIRACL about potential partnership opportunities email Kate Ellerton on kate.ellerton@miracl.com

Find out more about MIRACL’s quick and friendly Multi-Factor Authentication by visiting www.miracl.com or follow on social media: Twitter @MIRACL | LinkedIn MIRACL

Dr Michael Scott is Chief Crypto Officer at MIRACL, one of the pioneers of Pairing-based Cryptography and the “S” in the widely used BLS and KSS families of elliptic curves. Following a distinguished career of almost 30 years at Dublin City University and an active consultant to both public and private sector, his unmatched depth in knowledge is drawn not only from his academic expertise - he’s published over 100 highly cited papers – but his genuine love of cryptography and the science behind this.

Get the MIRACL memo in your inbox

Get in touch to learn more

You can opt out at any time. See our privacy policy here.