multifactor.abi.json

Overview

This file defines the Application Binary Interface (ABI) version 2.4 for a multifactor authentication smart contract. The contract manages cryptographic keys and proofs related to zero-knowledge proof (ZKP) factors, JSON Web Key (JWK) moduli, security cards, recovery phrases, and transaction submission/confirmation. It supports lifecycle management operations such as adding, deleting, cleaning expired keys, updating recovery and seed phrases, and handling complex multi-signature transaction workflows.

The ABI describes the contract's functions, inputs, outputs, and storage fields, enabling interaction with the contract on-chain by clients or other smart contracts.

Detailed Explanation of Functions

The contract exposes a comprehensive set of functions grouped by their main responsibilities:

1. Constructor and Initialization

• constructor(zkid, proof, epk, epk_sig, epk_expire_at, jwk_modulus, kid, jwk_modulus_expire_at, index_mod_4, iss_base_64, provider, header_base_64, pub_recovery_key, pub_recovery_key_sig, jwk_update_key, jwk_update_key_sig, value, root_provider_certificates)

  Initializes the contract state with the provided zero-knowledge identity (zkid), proof, ephemeral public key (epk) and signature, JWK modulus and associated metadata, provider information, recovery keys, and root provider certificates.

  • Inputs:

    • zkid (string): Zero-knowledge identity identifier.

    • proof (bytes): Cryptographic proof data.

    • epk (uint256): Ephemeral public key.

    • epk_sig (bytes): Signature of the ephemeral public key.

    • epk_expire_at (uint64): Expiration timestamp for the ephemeral public key.

    • jwk_modulus (bytes): Modulus part of a JSON Web Key.

    • kid (bytes): Key ID associated with the JWK.

    • jwk_modulus_expire_at (uint64): Expiration timestamp for the JWK modulus.

    • index_mod_4 (uint8): Index mod 4, possibly for sharding or categorization.

    • iss_base_64 (string): Base64-encoded issuer identifier.

    • provider (string): Name or ID of the authentication provider.

    • header_base_64 (string): Base64-encoded header data.

    • pub_recovery_key (uint256): Public key used for recovery.

    • pub_recovery_key_sig (bytes): Signature for recovery key.

    • jwk_update_key (uint256): Key used for JWK updates.

    • jwk_update_key_sig (bytes): Signature for JWK update key.

    • value (uint64): Initial value or balance.

    • root_provider_certificates (map(uint256, bytes)): Mapping of root certificates by serial number.

  • Outputs: None.

  • Usage: Called once to initialize the contract with secure key data and configuration.

2. JWK Modulus Management

• addJwkModulus(root_cert_sn, lv_kid, tls_data) → bool

  Adds a new JWK modulus entry validated against a root certificate.

  • Inputs:

    • root_cert_sn (uint256): Serial number of the root certificate.

    • lv_kid (bytes): Key ID of the JWK.

    • tls_data (bytes): TLS data related to the JWK.

  • Outputs:

    • success (bool): Indicates if the addition was successful.

• deleteJwkModulusByUpdateJwkKey(kid)

  Deletes a JWK modulus identified by the given key ID, authorized by the JWK update key.

• deleteJwkModulus(kid)

  Deletes a JWK modulus by its key ID.

• cleanAllExpiredJwks(epk_expire_at)

  Removes all JWK moduli that have expired before the specified timestamp.

• cleanAllJwks()

  Deletes all stored JWK moduli.

3. Zero-Knowledge Proof Factors Management

• addZKPfactor(proof, epk, kid, header_base_64, epk_expire_at) → bool

  Adds a new ZKP factor with associated keys and proof.

  • Inputs:

    • proof (bytes): ZKP proof data.

    • epk (uint256): Ephemeral public key.

    • kid (bytes): Key ID associated with this factor.

    • header_base_64 (string): Base64-encoded header.

    • epk_expire_at (uint64): Expiration timestamp.

  • Outputs:

    • success (bool): Addition success status.

• deleteZKPfactor(epk_expire_at, epk)

  Deletes a ZKP factor matching the specified ephemeral key and expiration time.

• deleteZKPfactorByItself(epk_expire_at)

  Deletes a ZKP factor by expiration timestamp.

• deleteZKPfactor_(epk)

  Deletes a ZKP factor solely by ephemeral public key.

• cleanAllExpiredZKPFactors(epk_expire_at)

  Cleans all expired ZKP factors up to a given timestamp.

• cleanAllZKPFactors()

  Removes all stored ZKP factors.

4. Recovery and Seed Phrase Management

• updateRecoveryPhrase(new_pub_recovery_key, new_pub_recovery_key_sig)

  Updates the recovery phrase's public key and signature.

• updateSeedPhrase(new_owner_pubkey, new_owner_pubkey_sig)

  Updates the seed phrase with a new owner public key and signature.

• changeSeedPhrase(epk_expire_at, new_owner_pubkey, new_owner_pubkey_sig)

  Begins the process to change the seed phrase, with expiration control.

• acceptCandidateSeedPhrase(new_owner_pubkey)

  Accepts a candidate seed phrase for ownership transfer.

• deleteCandidateSeedPhrase(epk_expire_at)

  Deletes a candidate seed phrase based on expiration timestamp.

5. Security Card Management

• addSecurityCard(pubkey, pubkey_sig)

  Adds a security card identified by a public key and its signature.

• turnOffSecurityCards()

  Disables all security cards.

• turnOnSecurityCards()

  Enables security cards.

• deleteSecurityCard(pubkey)

  Deletes a security card by its public key.

• deleteAllSecurityCards()

  Clears all security cards.

6. Transaction Management

• sendTransaction(epk_expire_at, dest, value, cc, bounce, flags, payload) → address

  Sends a transaction from the contract.

  • Inputs:

    • epk_expire_at (uint64): Expiration timestamp for ephemeral key.

    • dest (address): Destination address.

    • value (uint128): Transaction value.

    • cc (map(uint32, varuint32)): Currency codes or additional data.

    • bounce (bool): Bounce flag for failed transactions.

    • flags (uint8): Flags for send operation.

    • payload (cell): Payload data for the transaction.

  • Outputs:

    • value0 (address): Resulting transaction address.

• submitTransaction(epk_expire_at, dest, value, cc, bounce, allBalance, payload) → uint64

  Submits a new transaction for confirmation.

  • Outputs:

    • transId (uint64): Identifier of the submitted transaction.

• confirmTransaction(transactionId)

  Confirms a submitted transaction by ID.

• getTransaction(transactionId) → tuple

  Retrieves detailed information about a transaction.

• getTransactions() → tuple[]

  Returns all stored transactions.

• getTransactionIds() → uint64[]

  Retrieves all transaction IDs.

7. Token Exchange and Configuration

• exchangeToken(epk_expire_at, value)

  Exchanges tokens with ephemeral public key validation.

• exchangeTokenWithOwner(value)

  Exchanges tokens directly with the owner.

• setMaxCleanupTxns(epk_expire_at, value)

  Sets the maximum number of transactions to clean up.

• setMinValue(epk_expire_at, value)

  Configures the minimum transaction value.

8. Root Provider Certificates Management

• addRootProviderCertificate(sn, root_provider_certificate)

  Adds a root provider certificate by serial number.

• deleteRootProviderCertificate(sn)

  Deletes a root provider certificate by serial number.

• cleanRootProviderCertificates()

  Cleans all root provider certificates.

9. Metadata and Utility Accessors

• setWasmHash(wasm_hash)

  Sets the hash of the WASM module associated with this contract.

• setForceRemoveOldest(flag)

  Enables or disables forced removal of the oldest factors or entries.

• getZKPEphemeralPublicKeys() → uint256[]

  Retrieves all ephemeral public keys used in ZKP factors.

• getTimeStamp() → uint32

  Returns the current timestamp stored in the contract.

• getSecurityCardKeys() → uint256[]

  Returns a list of all security card public keys.

• get_epk_expire_at(epk) → uint64

  Returns expiration time for a given ephemeral public key.

• getVersion() → (string, string)

  Returns version information, possibly for contract and ABI.

• Various getters for internal state fields:

  Functions prefixed with _ such as _factors_ordered_by_timestamp, _owner_pubkey, _min_value, _max_cleanup_txns, _force_remove_oldest, _wasm_hash, etc., provide read-only access to contract internal state variables.

Fields and State Variables

The contract maintains multiple state variables with types and initializations as follows:

• _pubkey (uint256): Public key of the contract owner, initialized during deployment.

• _timestamp (uint64): Timestamp state variable for internal tracking.

• _constructorFlag (bool): Indicates if constructor logic has run.

• _factors_ordered_by_timestamp (map(uint256,uint256)): Maps timestamps to factor identifiers for ordered management.

• _factors_len (uint8): Number of active factors.

• _owner_pubkey (uint256): Public key of the owner.

• _candidate_new_owner_pubkey_and_expiration (optional tuple): Optional tuple holding a candidate new owner's public key and expiration timestamp.

• _pub_recovery_key (uint256): Recovery public key.

• _jwk_update_key (uint256): Key to authorize JWK updates.

• _root_provider_certificates (map(uint256,bytes)): Root provider certificates indexed by serial number.

• _jwk_modulus_data (map(uint256, tuple)): Mapping of JWK modulus entries with modulus bytes and expiration time.

• _jwk_modulus_data_len (uint8): Number of JWK modulus entries.

• _start_point_jwk (optional tuple): Optional initial JWK state.

• _zkid (string): Zero-knowledge identity string.

• _index_mod_4 (uint8): Index mod 4 value.

• _iss_base_64 (string): Base64 encoded issuer.

• _lv_provider_bytes (bytes): Provider bytes data.

• _use_security_card (bool): Flag indicating if security cards are in use.

• _m_security_cards (map(uint256,bool)): Map of security card keys and their active state.

• _m_security_cards_len (uint8): Count of active security cards.

• _m_transactions (map(uint64, tuple)): Map of transactions by ID.

• _m_transactions_len (uint8): Number of stored transactions.

• _min_value (uint128): Minimum transaction value accepted.

• _max_cleanup_txns (uint256): Maximum transactions to cleanup.

• _force_remove_oldest (bool): Flag to force removal of oldest entries.

• _verification_key_index (uint32): Verification key index.

• _wasm_hash (bytes): Hash of the WASM code for integrity verification.

Implementation Details and Algorithms

• Expiration-Based Cleanup: Several functions remove expired keys or factors based on timestamps (epk_expire_at), maintaining security by ensuring obsolete keys cannot be used.

• Key and Factor Management: The contract differentiates between JWK moduli and ZKP factors, maintaining mappings and ordered lists for efficient lookups and management.

• Security Cards: A separate mechanism exists for managing security cards, which are likely additional authentication factors, with enable/disable and bulk delete capabilities.

• Transaction Workflow: Transactions are submitted, stored, and require explicit confirmation before execution, allowing multi-factor approval or delayed execution strategies.

• Recovery and Seed Phrase Updates: Support for updating recovery keys and seed phrases includes candidate acceptance workflows, enhancing security in ownership transfer.

• Version and Hashing: The contract stores and allows updating the WASM hash for code integrity and version strings to track contract evolution.

Interaction with Other System Components

• Root Provider Certificates: The contract interacts with external certification authorities via root provider certificates stored in a map. These certificates validate JWK moduli and other cryptographic keys.

• Transactions: The contract interacts with the blockchain's token and message-passing system to send, submit, and confirm transactions, potentially interacting with other smart contracts or wallet addresses.

• ZKP Systems: Incorporates zero-knowledge proof mechanisms for authentication factors, interacting with cryptographic proof verification logic external to this ABI.

• Security Cards and Recovery Systems: Interacts with off-chain or on-chain components that manage security cards and recovery mechanisms, enabling multifactor authentication flows.

• WASM Module: The contract maintains a hash of its WASM module, indicating a relationship with the underlying execution environment and possibly upgrade mechanisms.

Visual Diagram of Contract Structure and Functionality

flowchart TD
A[Contract Initialization] --> B[Add/Update Keys & Factors]
B --> C[JWK Modulus Management]
B --> D[ZKP Factor Management]
B --> E[Security Card Management]
B --> F[Recovery & Seed Phrase Management]
B --> G[Transaction Management]
B --> H[Root Provider Certificates]
B --> I[Configuration & Metadata]
C --> C1[addJwkModulus]
C --> C2[deleteJwkModulus]
C --> C3[cleanAllExpiredJwks]
D --> D1[addZKPfactor]
D --> D2[deleteZKPfactor]
D --> D3[cleanAllExpiredZKPFactors]
E --> E1[addSecurityCard]
E --> E2[turnOnSecurityCards]
E --> E3[turnOffSecurityCards]
E --> E4[deleteSecurityCard]
F --> F1[updateRecoveryPhrase]
F --> F2[updateSeedPhrase]
F --> F3[changeSeedPhrase]
F --> F4[acceptCandidateSeedPhrase]
G --> G1[sendTransaction]
G --> G2[submitTransaction]
G --> G3[confirmTransaction]
G --> G4[getTransaction]
H --> H1[addRootProviderCertificate]
H --> H2[deleteRootProviderCertificate]
H --> H3[cleanRootProviderCertificates]
I --> I1[setWasmHash]
I --> I2[getVersion]
I --> I3[setForceRemoveOldest]

This flowchart highlights the primary functional areas and their related key functions, showing how the contract's features are organized and interlinked.

Usage Examples

Adding a New JWK Modulus

const success = contract.methods.addJwkModulus(
    root_cert_sn,
    lv_kid,
    tls_data
).call();
if (success) {
    console.log('JWK modulus added successfully');
}

Submitting and Confirming a Transaction

const transactionId = await contract.methods.submitTransaction(
    epk_expire_at,
    destinationAddress,
    value,
    ccMap,
    bounceFlag,
    allBalanceFlag,
    payloadCell
).call();

await contract.methods.confirmTransaction(transactionId).send();
console.log('Transaction confirmed');

Updating the Recovery Phrase

await contract.methods.updateRecoveryPhrase(
    newPubRecoveryKey,
    newPubRecoveryKeySig
).send();
console.log('Recovery phrase updated');

Reference

For cryptographic concepts such as zero-knowledge proofs and JSON Web Keys, see Zero-Knowledge Proofs and JSON Web Key (JWK).

For transaction management and smart contract interaction models, refer to Smart Contract Transactions.

For security card authentication and multi-factor authentication concepts, see Multi-Factor Authentication.