Hi ZCash Community,
At long last, we are excited to announce the conclusion of Milestones 2 and 3 of the MFKDF2 project! We experienced several unanticipated difficulties during the completion of these milestones, which unfortunately caused us to fall behind schedule, but work on MFKDF2 is continuing.
Milestone 2 - MFKDF2 Client Implementation
- We concluded the MFKDF2.rs client implementation in December. The completed repository can be found at GitHub - multifactor/MFKDF2.rs: Rust Implementation of a Next-Generation Multi-Factor Key Derivation Function (MFKDF2)
- The MFKDF2.rs repository mirrors the functionality of MFKDF2.js, including robust security improvements, and new authentication factors and features. For example, the new passkey factor setup function can be found at MFKDF2.rs/mfkdf2/src/setup/factors/passkey.rs at main · multifactor/MFKDF2.rs · GitHub
- By creating complete JavaScript WASM bindings to MFKDF2.js, we were able to perform comprehensive differential testing between MFKDF2.js and MFKDF2.rs, with all tests finally passing after several revisions. The differential tests can be found at Differential tests by lonerapier · Pull Request #43 · multifactor/MFKDF2.rs · GitHub
Milestone 3 - Red-Team Evaluation
-
We comissioned the creation of a red-team report by Matteo Scarlata, PhD candidate at ETH Zurich and author of the original MFKDF cryptanalysis paper. Matteo’s initial report on MFKDF2 is attached here:
report.pdf (214.8 KB)
-
Several issues were discovered by Matteo in the first version of his report that required additional time and effort to fix. After several rounds of revision, we are confident that most of the addressable issues have been mitigated. We will prepare an updated report documenting the fixes along with our next milestone.
We are excited to proceed with Milestone 4 (Final Publication & Reporting), where we will provide enhanced technical documentation of our journey and ultimate solution, and look forward to keeping the Zcash community in the loop throughout this process. Cheers!