Merge pull request 'UpdateLowbandwidthDoc' (#3) from UpdateLowbandwidthDoc into main

Reviewed-on: https://git.infra.nkode.tech/dkelly/pynkode/pulls/3

docs/nkode_unsecure_lowbandwitdh.md

@@ -1,10 +1,10 @@
-# nKode Authentication Over Unencrypted Channel in Low-Bandwidth Environments
+# nKode Authentication Over Unsecured and Low-Bandwidth Network
 
 ## Low-Bandwidth Architecture
 
 The standard nKode architecture will not work in low-bandwidth environments.
-Keypad icons are too large to send from the sever to the client.
+Keypad icons are too large to send from the server to the client.
-To over come this issue, we can move the nKode icons from the serve to the users mobile device.
+To over come this issue, we can move the nKode icons from the server to the users mobile device.
 The server only sends the indices in which the icons need to be arranged.
 
 ```mermaid
@@ -15,8 +15,9 @@ sequenceDiagram
     Note over User,Server: Enrollment
     User ->> Server: Initiate Enrollment
     Server ->> Server: Generate Keypad Icons
+    Note right of Server: Ideally the icons are generated on the users device.<br/>Since current ML models are too compute intense,<br/>a GPU enabled server must run the models during enrollment.
     Server -->> Mobile Client: Store Icons On Device
-    Note right of Server: Server does not store the icons and does not know what they are
+    Note right of Server: The Server does not store the icons
     Server ->> Mobile Client: Keypad Index Array
     Mobile Client ->> User: Render Keypad
     User ->> Server: Set nKode
@@ -37,48 +38,35 @@ A ChaCha20 Deterministic CSPRNG is a cryptographically secure pseudorandom numbe
 
 ## Secure Low-Bandwidth Architecture
 
-We can modify the architecture above to allow secure authentication over an unencrypted network
+We can modify the architecture above to allow secure authentication over an unencrypted network using ChaCha20.
 
 ```mermaid
 sequenceDiagram
     participant User
     participant Mobile Client
     participant Server
-    Note over User,Server: Enrollment
+    Note over User,Server: Enrollment (assume secure network)
     User ->> Server: Initiate Enrollment
     Server ->> Server: Generate Keypad Icons
     Server -->> Mobile Client: Store Icons On Device
-    Note right of Server: Server does not store the icons and does not know what they are
     rect rgb(191, 223, 255)
     Server -->> Mobile Client: Store ChaCha20 256-bit key
     end
-    rect rgb(191, 223, 255)
+    Server ->> Mobile Client: Keypad Index Array
-    Server ->> Server: Ciphered Keypad Index Array =<br/>ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce)
-    Server ->> Mobile Client: Ciphered Keypad Index Array + Nonce
-    end
-    Note right of Server: Server also sends the 96-bit nonce in plain-text.<br/>The Serve must never use the same nonce twice.<br/>It must be randonly generated for every authentication.<br/>The only additional overhead is the 96-bit nonce.
-    rect rgb(191, 223, 255)
-    Mobile Client ->> Mobile Client: Keypad Index Array =<br/>Reverse(Ciphered Keypad Index Array, SharedKey, Nonce)
-    end
     Mobile Client ->> User: Render Keypad
     User ->> Server: Set nKode
     Server ->> Server: Disperse Keypad
-    rect rgb(191, 223, 255)
+    Server ->> Mobile Client: Keypad Index Array
-    Server ->> Server: Ciphered Keypad Index Array =<br/>ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce)
-    Server ->> Mobile Client: Ciphered Keypad Index Array + Nonce
-    end
-    rect rgb(191, 223, 255)
-    Mobile Client ->> Mobile Client: Keypad Index Array =<br/>Reverse(Ciphered Keypad Index Array, SharedKey, Nonce)
-    end
     Mobile Client ->> User: Render Keypad
     User ->> Server: Confirm nKode
-    Note over User,Server: Login
+    Note over User,Server: Login (assume unsecure network)
     rect rgb(191, 223, 255)
-    Server ->> Server: Ciphered Keypad Index Array =<br/>ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce)
+    Server ->> Server: Shuffled Keypad Index Array =<br/>ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce)
-    Server ->> Mobile Client: Ciphered Keypad Index Array + Nonce
+    Server ->> Mobile Client: Shuffled Keypad Index Array + Nonce
     end
+    Note right of Server: Server also sends the 96-bit nonce in plain-text.<br/>The Server must never use the same nonce twice.<br/>It must be randonly generated for every authentication.<br/>The only additional overhead is the 96-bit nonce.
     rect rgb(191, 223, 255)
-    Mobile Client ->> Mobile Client: Keypad Index Array =<br/>Reverse(Ciphered Keypad Index Array, SharedKey, Nonce)
+    Mobile Client ->> Mobile Client: Keypad Index Array =<br/>Unshuffle(Shuffled Keypad Index Array, SharedKey, Nonce)
     end
     Mobile Client ->> User: Render Keypad
     User ->> Server: Successful Login