Hash and OTP generation using encrypted values
Using FHE we perform operations on the encrypted secret key, timestamp, and dapp ID to generate an encrypted TOTP code.This Time based One Time Password can be verified on-chain without accessing the
Current Industry Standards for TOTP
TOTP is an extension of HMAC
hash-based message authentication code (HMAC) based one-time password
The HOTP value is the human-readable design output, a d-digit decimal number (without omission of leading 0s):
That is, the value is the d least significant base-10 digits of HOTP.
HOTP is a truncation of the HMAC of the counter C (under the key K and hash function H):
Truncation first takes the 4 least significant bits of the MAC and uses them as a byte offset i:
where ":" is used to extract bits from a starting bit number up to and including an ending bit number, where these bit numbers are 0-origin. The use of "19" in the above formula relates to the size of the output from the hash function. With the default of SHA-1, the output is 20 bytes, and so the last byte is byte 19 (0-origin).
That index i is used to select 31 bits from MAC, starting at bit i × 8 + 1:
31 bits are a single bit short of a 4-byte word. Thus the value can be placed inside such a word without using the sign bit (the most significant bit). This is done to definitely avoid doing modular arithmetic on negative numbers, as this has many differing definitions and implementations.
Current Approach
The final 6-digit result (R) can be calculated as:
Convert the timestamp to a 6-digit number
Perform bitwise AND operation on the secret key and the converted timestamp
Perform bitwise XOR operation on the result from Step 2 and the app ID
Ensure the result from Step 3 is a 6-digit number
Add the secret key to the result from Step 4
Perform a right shift operation on the result from Step 5
Ensure the final result is a 6-digit number
Last updated