From 75168955fa9406e42bf74290b7ddeffdeb7fa330 Mon Sep 17 00:00:00 2001
From: Donovan <donovan.a.kelly@pm.me>
Date: Thu, 26 Jun 2025 12:55:57 -0500
Subject: [PATCH] add nkode over unecrypted channel

---
 .gitignore                             |  2 +
 docs/nkode_over_unencrypted_channel.md | 86 ++++++++++++++++++++++++++
 2 files changed, 88 insertions(+)
 create mode 100644 docs/nkode_over_unencrypted_channel.md

diff --git a/.gitignore b/.gitignore
index 17cd06f..e3fe521 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1,3 +1,5 @@
 .idea
 __pycache__
 .ipynb_checkpoints
+.DS_Store
+
diff --git a/docs/nkode_over_unencrypted_channel.md b/docs/nkode_over_unencrypted_channel.md
new file mode 100644
index 0000000..8c5b89a
--- /dev/null
+++ b/docs/nkode_over_unencrypted_channel.md
@@ -0,0 +1,86 @@
+# nKode Authentication Over Unencrypted Channel in Low-Bandwidth Environments
+
+## Low-Bandwidth Architecture
+
+The standard nKode architecture will not work in low-bandwidth environments.
+Keypad icons are too large to send from the sever to the client.
+To over come this issue, we can move the nKode icons from the serve to the users mobile device.
+The server only sends the indices in which the icons need to be arranged.
+
+```mermaid
+sequenceDiagram
+    participant User
+    participant Mobile Client
+    participant Server
+    Note over User,Server: Enrollment
+    User ->> Server: Initiate Enrollment
+    Server ->> Server: Generate Keypad Icons
+    Server -->> Mobile Client: Store Icons On Device
+    Note right of Server: Server does not store the icons and does not know what they are
+    Server ->> Mobile Client: Keypad Index Array
+    Mobile Client ->> User: Render Keypad
+    User ->> Server: Set nKode
+    Server ->> Server: Disperse Keypad
+    Server ->> Mobile Client: Keypad Index Array
+    Mobile Client ->> User: Render Keypad
+    User ->> Server: Confirm nKode
+    Note over User,Server: Login
+    Server ->> Mobile Client: Keypad Index Array
+    Mobile Client ->> User: Render Keypad
+    User ->> Server: Successful Login
+    Server ->> Server: Split Shuffle Keypad
+```
+
+## Chacha20 Deterministic CSPRNG
+
+A ChaCha20 Deterministic CSPRNG is a cryptographically secure pseudorandom number generator that uses the ChaCha20 stream cipher to produce a reproducible sequence of pseudorandom bytes. Given the same 256-bit key and 96-bit public nonce, it will always generate the same output stream, making it deterministic and suitable for use cases that require both security and repeatability.
+
+## Secure Low-Bandwidth Architecture
+
+We can modify the architecture above to allow secure authentication over an unencrypted network
+
+```mermaid
+sequenceDiagram
+    participant User
+    participant Mobile Client
+    participant Server
+    Note over User,Server: Enrollment
+    User ->> Server: Initiate Enrollment
+    Server ->> Server: Generate Keypad Icons
+    Server -->> Mobile Client: Store Icons On Device
+    Note right of Server: Server does not store the icons and does not know what they are
+    rect rgb(191, 223, 255)
+    Server -->> Mobile Client: Store ChaCha20 256-bit key
+    end
+    rect rgb(191, 223, 255)
+    Server ->> Server: Ciphered Keypad Index Array =<br/>ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce)
+    Server ->> Mobile Client: Ciphered Keypad Index Array + Nonce
+    end
+    Note right of Server: Server also sends the 96-bit nonce in plain-text.<br/>The Serve must never use the same nonce twice.<br/>It must be randonly generated for every authentication.<br/>The only additional overhead is the 96-bit nonce.
+    rect rgb(191, 223, 255)
+    Mobile Client ->> Mobile Client: Keypad Index Array =<br/>Reverse(Ciphered Keypad Index Array, SharedKey, Nonce)
+    end
+    Mobile Client ->> User: Render Keypad
+    User ->> Server: Set nKode
+    Server ->> Server: Disperse Keypad
+    rect rgb(191, 223, 255)
+    Server ->> Server: Ciphered Keypad Index Array =<br/>ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce)
+    Server ->> Mobile Client: Ciphered Keypad Index Array + Nonce
+    end
+    rect rgb(191, 223, 255)
+    Mobile Client ->> Mobile Client: Keypad Index Array =<br/>Reverse(Ciphered Keypad Index Array, SharedKey, Nonce)
+    end
+    Mobile Client ->> User: Render Keypad
+    User ->> Server: Confirm nKode
+    Note over User,Server: Login
+    rect rgb(191, 223, 255)
+    Server ->> Server: Ciphered Keypad Index Array =<br/>ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce)
+    Server ->> Mobile Client: Ciphered Keypad Index Array + Nonce
+    end
+    rect rgb(191, 223, 255)
+    Mobile Client ->> Mobile Client: Keypad Index Array =<br/>Reverse(Ciphered Keypad Index Array, SharedKey, Nonce)
+    end
+    Mobile Client ->> User: Render Keypad
+    User ->> Server: Successful Login
+    Server ->> Server: Split Shuffle Keypad
+```