incubator-general mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Patrick Hilt <>
Subject Re: [DISCUSS] OpenMiracl for Incubation
Date Thu, 03 Dec 2015 20:24:13 GMT
Hi Jan, thanks for your interest! :-)

To answer your question...
Already noted in the proposal for being donated is the baseline platform for Milagro, which,
on a high level, consists of the following:
Milagro libraries and tools consisting of:
	- Distributed Key Management platform and service API
	- Distributed Key Management CLI
	- Software Defined Distributed Security Module (SD-DSM) build platform
	- Distributed Key Management Endpoints (software)
	- Crypto application stacks (some more info below)

COMPLETED and production ready components contributed to the project include:
- M-Pin Authentication and distributed trust platform - delivering password-less 2FA (see
below for some more context…)
	* M-Pin-in-Mobile Client Libraries for iOS, Android and Windows Phone
	* M-Pin-in-Javascript Libraries for Browsers
- Generic library for IoT cryptography (the crypto lib that’s at the core of basically all
the components)

IN BETA DEVELOPMENT and to be completed with Apache:
- Distributed Key Management platform and service API
- Distributed Key Management CLI
- Software Defined Distributed Security Module (SD-DSM) build platform
- Distributed Key Management Endpoints (software)

IN ALPHA DEVELOPMENT and to be completed with Apache:
- M-Pin Secure Channel - delivering certificate-less TLS-PSK
- M-Pin Secure Channel libraries for Linux, other embedded and mobile OS
- Distributed Trust Authority Crypto App
- Cloud Encryption Gateway

There is some nuance to the above.
First, the M-Pin Auth Platform uses a 2 D-TA model (i.e. a model with two sources of distributed
trust). That architecture is being refined to incorporate a 3 D-TA model for cryptographic
and data residency / customer requirement reasons. This shouldn't have much of an impact but
that development is ongoing. In essence, the M-Pin auth platform is the basis for and ultimately
evolving into the Milagro platform. Just like the 2 D-TA M-Pin platform supports the M-Pin
authentication crypto app stack, the Milagro platform is designed to support a number of crypto
app stacks.

One of those is the Distributed Trust Authority crypto app which is essentially a way for
any 3rd party to create a D-TA and publicly register it as a community or commercial D-TA
and in turn enable crypto applications (like the M-Pin Platform) to obtain shares of keys
from the D-TAs. We are investigating using the Ethereum platform to do this, but any suggestions
would be welcome as we flesh out the details.

We also have an internal M-Pin Secure Channel work stream and we have an alpha version using
the 2 D-TA model providing TLS-PSK (with perfect forward secrecy) for the MQTT protocol. The
plan is to evolve that further into a IoT secure channel crypto app on the Milagro platform.

And finally a word on patents:
Additionally, MIRACL will be licensing the M-Pin Authentication patents to the Apache Foundation
under the terms of the contributor agreement. Those patents are US 9154302, US 9106644 and
potentially others in our portfolio. NTT may contribute some of their IP as needed, that's
in review.
The M-Pin IETF Informational draft is up on Datatracker at this link:

I realize there is a lot to take in. Please respond back with any requests for more information
or clarification.


Patrick Hilt
Chief Technology Officer

> On Dec 2, 2015, at 3:53 PM, Jan Willem Janssen <> wrote:
> Hi,
>> On 10 Nov 2015, at 10:29, Nick Kew <> wrote:
>> On Tue, 2015-11-10 at 01:33 +0000, Nick Kew wrote:
>>> I should like to propose that we consider OpenMiracl for incubation.
>> This proposal is now at
> I’ve read the proposal with great interest, but am still curious about
> what exactly is donated upon entering the incubator and what is
> intended for future development in the Apache community. Can anybody
> shed some light on this?
> --
> Met vriendelijke groeten | Kind regards
> Jan Willem Janssen | Software Architect
> +31 631 765 814
> My world is revolving around INAETICS and Amdatu
> Luminis Technologies B.V.
> Churchillplein 1
> 7314 BZ   Apeldoorn
> +31 88 586 46 00
> KvK (CoC) 09 16 28 93
> BTW (VAT) NL8169.78.566.B.01

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message