dkelly/pynkode
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: dkelly:NKodeLowBandwidthDoc
Branches Tags
dkelly:main dkelly:UpdateDocs dkelly:UpdateLowbandwidthDoc dkelly:NKodeLowBandwidthDoc dkelly:NumpyRefactor
..
compare: dkelly:UpdateLowbandwidthDoc
Branches Tags
dkelly:UpdateDocs dkelly:main dkelly:UpdateLowbandwidthDoc dkelly:NKodeLowBandwidthDoc dkelly:NumpyRefactor

11 Commits
NKodeLowBa ... UpdateLowb

Author SHA1 Message Date
Donovan
10c84e4535 update title 2025-06-26 15:18:30 -05:00
Donovan
437d8b0f31 update name 2025-06-26 13:44:58 -05:00
Donovan
81829c81b8 update network assumptions 2025-06-26 13:41:52 -05:00
Donovan
13a1a64772 remove dangling end 2025-06-26 13:38:47 -05:00
Donovan
d22ec80ee7 remove chacha from enrollment 2025-06-26 13:37:50 -05:00
Donovan
6777a19f5b reverse to unshuffle 2025-06-26 13:35:35 -05:00
Donovan
6ea7486d76 ciphered to shuffled 2025-06-26 13:34:23 -05:00
Donovan
1e5fd26464 fix mermaid notes 2025-06-26 13:31:01 -05:00
Donovan
d1b6f192af fix typos 2025-06-26 13:29:10 -05:00
Donovan
9a12b3b5e4 update document 2025-06-26 13:24:36 -05:00
dkelly
203973effa Merge pull request 'add nkode over unecrypted channel' (#2) from NKodeLowBandwidthDoc into main 
Reviewed-on: https://git.infra.nkode.tech/dkelly/pynkode/pulls/2
 2025-06-26 17:58:50 +00:00
1 changed files with 14 additions and 26 deletions
Expand all files Collapse all files

40
docs/nkode_over_unencrypted_channel.md → docs/nkode_unsecure_lowbandwitdh.md
View File

@@ -1,10 +1,10 @@
# nKode Authentication Over Unencrypted Channel in Low-Bandwidth Environments
# nKode Authentication Over Unsecured and Low-Bandwidth Network
## Low-Bandwidth Architecture
The standard nKode architecture will not work in low-bandwidth environments.
Keypad icons are too large to send from the sever to the client.
To over come this issue, we can move the nKode icons from the serve to the users mobile device.
Keypad icons are too large to send from the server to the client.
To over come this issue, we can move the nKode icons from the server to the users mobile device.
The server only sends the indices in which the icons need to be arranged.
```mermaid
@@ -15,8 +15,9 @@ sequenceDiagram
Note over User,Server: Enrollment
User ->> Server: Initiate Enrollment
Server ->> Server: Generate Keypad Icons
Note right of Server: Ideally the icons are generated on the users device.<br/>Since current ML models are too compute intense,<br/>a GPU enabled server must run the models during enrollment.
Server -->> Mobile Client: Store Icons On Device
Note right of Server: Server does not store the icons and does not know what they are
Note right of Server: The Server does not store the icons
Server ->> Mobile Client: Keypad Index Array
Mobile Client ->> User: Render Keypad
User ->> Server: Set nKode
@@ -37,48 +38,35 @@ A ChaCha20 Deterministic CSPRNG is a cryptographically secure pseudorandom numbe
## Secure Low-Bandwidth Architecture
We can modify the architecture above to allow secure authentication over an unencrypted network
We can modify the architecture above to allow secure authentication over an unencrypted network using ChaCha20.
```mermaid
sequenceDiagram
participant User
participant Mobile Client
participant Server
Note over User,Server: Enrollment
Note over User,Server: Enrollment (assume secure network)
User ->> Server: Initiate Enrollment
Server ->> Server: Generate Keypad Icons
Server -->> Mobile Client: Store Icons On Device
Note right of Server: Server does not store the icons and does not know what they are
rect rgb(191, 223, 255)
Server -->> Mobile Client: Store ChaCha20 256-bit key
end
rect rgb(191, 223, 255)
Server ->> Server: Ciphered Keypad Index Array =<br/>ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce)
Server ->> Mobile Client: Ciphered Keypad Index Array + Nonce
end
Note right of Server: Server also sends the 96-bit nonce in plain-text.<br/>The Serve must never use the same nonce twice.<br/>It must be randonly generated for every authentication.<br/>The only additional overhead is the 96-bit nonce.
rect rgb(191, 223, 255)
Mobile Client ->> Mobile Client: Keypad Index Array =<br/>Reverse(Ciphered Keypad Index Array, SharedKey, Nonce)
end
Server ->> Mobile Client: Keypad Index Array
Mobile Client ->> User: Render Keypad
User ->> Server: Set nKode
Server ->> Server: Disperse Keypad
rect rgb(191, 223, 255)
Server ->> Server: Ciphered Keypad Index Array =<br/>ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce)
Server ->> Mobile Client: Ciphered Keypad Index Array + Nonce
end
rect rgb(191, 223, 255)
Mobile Client ->> Mobile Client: Keypad Index Array =<br/>Reverse(Ciphered Keypad Index Array, SharedKey, Nonce)
end
Server ->> Mobile Client: Keypad Index Array
Mobile Client ->> User: Render Keypad
User ->> Server: Confirm nKode
Note over User,Server: Login
Note over User,Server: Login (assume unsecure network)
rect rgb(191, 223, 255)
Server ->> Server: Ciphered Keypad Index Array =<br/>ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce)
Server ->> Mobile Client: Ciphered Keypad Index Array + Nonce
Server ->> Server: Shuffled Keypad Index Array =<br/>ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce)
Server ->> Mobile Client: Shuffled Keypad Index Array + Nonce
end
Note right of Server: Server also sends the 96-bit nonce in plain-text.<br/>The Server must never use the same nonce twice.<br/>It must be randonly generated for every authentication.<br/>The only additional overhead is the 96-bit nonce.
rect rgb(191, 223, 255)
Mobile Client ->> Mobile Client: Keypad Index Array =<br/>Reverse(Ciphered Keypad Index Array, SharedKey, Nonce)
Mobile Client ->> Mobile Client: Keypad Index Array =<br/>Unshuffle(Shuffled Keypad Index Array, SharedKey, Nonce)
end
Mobile Client ->> User: Render Keypad
User ->> Server: Successful Login