Loading...
private.meDocs
Get xOTP
PRIVATE.ME PLATFORM

xOTP: Multi-Channel Split OTP

Split one-time passwords across SMS, push, and email using XorIDA threshold sharing. SIM-swap attacks capture one share. Email phishing captures one share. Neither is enough.

Platform COMING SOON XorIDA Powered
Section 01

The Problem

SIM-swap attacks make SMS-only OTP dangerous. SS7 network interception can capture any text message. Phishing relay attacks forward OTPs in real-time. Every single-channel OTP is a single point of failure.

The FBI's IC3 reported SIM-swap losses exceeding $68 million in 2023 alone. Attackers social-engineer carriers, port victim numbers, and intercept every SMS OTP sent to that number.

Even push-based MFA is not immune — push fatigue bombing attacks overwhelm users until they approve a fraudulent request. The fundamental problem is that any single channel can be compromised independently.

The Old Way

OTP Generated 6-digit code SMS CHANNEL Single point of failure Complete OTP in transit SIM SWAP / SS7 Intercepted Attacker has full OTP
Section 02

The Solution

xOTP generates a single OTP and splits it into K-of-N shares distributed across independent channels — SMS, push notification, and email. An attacker must compromise 2-of-3 channels simultaneously to reconstruct the OTP. SIM-swap alone gets one share: noise.

The OTP is generated server-side, split via XorIDA, and each share is delivered through a different channel. The user's device collects shares and reconstructs the OTP locally. The server never sends the complete OTP through any single channel.

Channel diversity is the key: SMS travels through carrier networks, push through Apple/Google infrastructure, email through SMTP. Compromising any two simultaneously requires attacking fundamentally different systems.

The New Way

OTP Generated 6-digit code XORIDA SPLIT 2-of-3 threshold SMS Share 1 Push Share 2 Email Share 3 RECONSTRUCT User Device OK NO SINGLE CHANNEL CARRIES THE COMPLETE OTP
Section 03

Architecture

xOTP integrates with existing authentication flows. The server generates and splits; channels deliver shares; the client reconstructs and submits.

AUTH SERVER Generate OTP XORIDA SPLIT 2-of-3 shares SMS Gateway Push Service Email (SMTP) CLIENT HMAC Verify Reconstruct + Submit KEY SECURITY PROPERTIES Complete OTP never in any single channel. HMAC integrity per share. Any 2 of 3 channels suffice.
Key Security Properties
The complete OTP never exists in any single network channel. Each share has independent HMAC integrity. Channel failure is tolerated: any 2 of 3 channels suffice for reconstruction.
Section 04

Use Cases

Banking
Banking MFA

2-of-3 split OTP for high-value transactions. SIM-swap alone cannot authorize wire transfers.

Finance
Enterprise
Enterprise Login

Split OTP across corporate push + personal SMS + email. Compromising the corporate device alone is insufficient.

Enterprise
Recovery
Password Reset

Split verification code across channels. Attacker needs access to 2 channels to hijack an account reset.

Recovery
Approval
Transaction Approval

High-value transaction authorization via 2-of-3 channel verification. Real-time fraud prevention.

Approval
Section 05

Integration

Quick Start
import { generateSplitOTP, verifySplitOTP } from '@private.me/otpsplit';

// Server: Generate and split OTP across 3 channels
const { shares, verifier } = await generateSplitOTP({
  channels: ['sms', 'push', 'email'],
  threshold: 2,
  ttl: 300 // 5-minute expiry
});
// shares[0] → SMS gateway, shares[1] → push, shares[2] → email

// Client: Reconstruct from 2 received shares
const otp = await verifySplitOTP(
  [shares[0], shares[1]], // SMS + push shares
  verifier
);
// otp.ok === true → submit to server
generateSplitOTP(opts: OTPOpts): Promise<Result<SplitOTP, OTPError>>
Generates a cryptographically random OTP, splits it into K-of-N shares via XorIDA, and returns shares for each channel plus a server-side verifier.
verifySplitOTP(shares: OTPShare[], verifier: Verifier): Promise<Result<string, OTPError>>
Reconstructs an OTP from K channel shares, verifies HMAC integrity and TTL expiry, and returns the plaintext OTP for submission.
Section 06

Security Properties

PropertyMechanismGuarantee
Channel DiversityIndependent delivery paths✓ No single-channel intercept
SIM-Swap ResistanceMulti-channel threshold✓ SMS alone = noise
Replay ProtectionNonce + TTL expiry✓ Single-use, time-bound
IntegrityHMAC-SHA256 per share✓ Tamper-evident
Quantum ResistanceGF(2) operations✓ Unconditional security
$68M+
SIM-swap losses/yr
<1ms
Split latency
2-of-3
Default threshold
VERIFIED BY XPROVE

Verifiable Data Protection

Every operation in this ACI produces a verifiable audit trail via xProve. HMAC-chained integrity proofs let auditors confirm that data was split, stored, and reconstructed correctly — without accessing the data itself.

XPROVE AUDIT TRAIL
Every XorIDA split generates HMAC-SHA256 integrity tags. xProve chains these into a tamper-evident audit trail that proves data was handled correctly at every step. Upgrade to zero-knowledge proofs when regulators or counterparties need public verification.

Read the xProve white paper →
GET STARTED

Ready to deploy xOTP?

Talk to Ren, our AI sales engineer, or book a live demo with our team.

Book a Demo
PRIVATE.ME · xOTP WHITE PAPER

© 2026 StandardClouds Inc. dba PRIVATE.ME. All rights reserved.

VERIFIABLE WITHOUT CODE EXPOSURE

Ship Proofs, Not Source

xOtp generates cryptographic proofs of correct execution without exposing proprietary algorithms. Verify integrity using zero-knowledge proofs — no source code required.

XPROVE CRYPTOGRAPHIC PROOF
Download proofs:

Verify proofs online →

Use Cases

🏛️
REGULATORY
FDA / SEC Submissions
Prove algorithm correctness for distributed systems without exposing trade secrets or IP.
Zero IP Exposure
🏦
FINANCIAL
Audit Without Access
External auditors verify secure operations without accessing source code or production systems.
FINRA / SOX Compliant
🛡️
DEFENSE
Classified Verification
Security clearance holders verify distributed systems correctness without clearance for source code.
CMMC / NIST Ready
🏢
ENTERPRISE
Procurement Due Diligence
Prove security + correctness during RFP evaluation without NDA or code escrow.
No NDA Required

Deployment Options

🌐

SaaS Recommended

Fully managed infrastructure. Call our REST API, we handle scaling, updates, and operations.

  • Zero infrastructure setup
  • Automatic updates
  • 99.9% uptime SLA
  • Enterprise SLA available
View Pricing →
📦

SDK Integration

Embed directly in your application. Runs in your codebase with full programmatic control.

  • npm install @private.me/xotp
  • TypeScript/JavaScript SDK
  • Full source access
  • Enterprise support available
Get Started →
🏢

On-Premise Upon Request

Enterprise CLI for compliance, air-gap, or data residency requirements.

  • Complete data sovereignty
  • Air-gap capable deployment
  • Custom SLA + dedicated support
  • Professional services included
Request Quote →

Enterprise On-Premise Deployment

While xOTP is primarily delivered as SaaS or SDK, we build dedicated on-premise infrastructure for customers with:

  • Regulatory mandates — HIPAA, SOX, FedRAMP, CMMC requiring self-hosted processing
  • Air-gapped environments — SCIF, classified networks, offline operations
  • Data residency requirements — EU GDPR, China data laws, government mandates
  • Custom integration needs — Embed in proprietary platforms, specialized workflows

Includes: Enterprise CLI, Docker/Kubernetes orchestration, RBAC, audit logging, and dedicated support.

Contact sales for assessment and pricing →

Other Requirements? Need white-label deployment or custom integration? Contact our enterprise team →