From 9a12b3b5e460c65085a8eaea2890b7a14dc8b90b Mon Sep 17 00:00:00 2001 From: Donovan Date: Thu, 26 Jun 2025 13:24:36 -0500 Subject: [PATCH 01/10] update document --- docs/nkode_over_unencrypted_channel.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/nkode_over_unencrypted_channel.md b/docs/nkode_over_unencrypted_channel.md index 8c5b89a..4db88bb 100644 --- a/docs/nkode_over_unencrypted_channel.md +++ b/docs/nkode_over_unencrypted_channel.md @@ -37,7 +37,7 @@ A ChaCha20 Deterministic CSPRNG is a cryptographically secure pseudorandom numbe ## Secure Low-Bandwidth Architecture -We can modify the architecture above to allow secure authentication over an unencrypted network +We can modify the architecture above to allow secure authentication over an unencrypted network using ChaCha20. ```mermaid sequenceDiagram -- 2.49.1 From d1b6f192afe4069b2569e4ed4407acf4bf1d248f Mon Sep 17 00:00:00 2001 From: Donovan Date: Thu, 26 Jun 2025 13:29:10 -0500 Subject: [PATCH 02/10] fix typos --- docs/nkode_over_unencrypted_channel.md | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/docs/nkode_over_unencrypted_channel.md b/docs/nkode_over_unencrypted_channel.md index 4db88bb..9a536ba 100644 --- a/docs/nkode_over_unencrypted_channel.md +++ b/docs/nkode_over_unencrypted_channel.md @@ -3,8 +3,8 @@ ## Low-Bandwidth Architecture The standard nKode architecture will not work in low-bandwidth environments. -Keypad icons are too large to send from the sever to the client. -To over come this issue, we can move the nKode icons from the serve to the users mobile device. +Keypad icons are too large to send from the server to the client. +To over come this issue, we can move the nKode icons from the server to the users mobile device. The server only sends the indices in which the icons need to be arranged. ```mermaid @@ -15,8 +15,9 @@ sequenceDiagram Note over User,Server: Enrollment User ->> Server: Initiate Enrollment Server ->> Server: Generate Keypad Icons + Note right of Server: Ideally the icons are generated on the users device.
Since current ML models are too compute intense, a GPU enabled server must run the models during enrollment. Server -->> Mobile Client: Store Icons On Device - Note right of Server: Server does not store the icons and does not know what they are + Note right of Server: The Server does not store the icons Server ->> Mobile Client: Keypad Index Array Mobile Client ->> User: Render Keypad User ->> Server: Set nKode -- 2.49.1 From 1e5fd26464849d3857f3ac7ea0180c46d0b869d9 Mon Sep 17 00:00:00 2001 From: Donovan Date: Thu, 26 Jun 2025 13:31:01 -0500 Subject: [PATCH 03/10] fix mermaid notes --- docs/nkode_over_unencrypted_channel.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/docs/nkode_over_unencrypted_channel.md b/docs/nkode_over_unencrypted_channel.md index 9a536ba..ef3333c 100644 --- a/docs/nkode_over_unencrypted_channel.md +++ b/docs/nkode_over_unencrypted_channel.md @@ -15,7 +15,7 @@ sequenceDiagram Note over User,Server: Enrollment User ->> Server: Initiate Enrollment Server ->> Server: Generate Keypad Icons - Note right of Server: Ideally the icons are generated on the users device.
Since current ML models are too compute intense, a GPU enabled server must run the models during enrollment. + Note right of Server: Ideally the icons are generated on the users device.
Since current ML models are too compute intense,
a GPU enabled server must run the models during enrollment. Server -->> Mobile Client: Store Icons On Device Note right of Server: The Server does not store the icons Server ->> Mobile Client: Keypad Index Array @@ -49,7 +49,6 @@ sequenceDiagram User ->> Server: Initiate Enrollment Server ->> Server: Generate Keypad Icons Server -->> Mobile Client: Store Icons On Device - Note right of Server: Server does not store the icons and does not know what they are rect rgb(191, 223, 255) Server -->> Mobile Client: Store ChaCha20 256-bit key end -- 2.49.1 From 6ea7486d7607a799e9964264873832ff030874a2 Mon Sep 17 00:00:00 2001 From: Donovan Date: Thu, 26 Jun 2025 13:34:23 -0500 Subject: [PATCH 04/10] ciphered to shuffled --- docs/nkode_over_unencrypted_channel.md | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/docs/nkode_over_unencrypted_channel.md b/docs/nkode_over_unencrypted_channel.md index ef3333c..0d08233 100644 --- a/docs/nkode_over_unencrypted_channel.md +++ b/docs/nkode_over_unencrypted_channel.md @@ -53,32 +53,32 @@ sequenceDiagram Server -->> Mobile Client: Store ChaCha20 256-bit key end rect rgb(191, 223, 255) - Server ->> Server: Ciphered Keypad Index Array =
ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce) - Server ->> Mobile Client: Ciphered Keypad Index Array + Nonce + Server ->> Server: Shuffled Keypad Index Array =
ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce) + Server ->> Mobile Client: Shuffled Keypad Index Array + Nonce end - Note right of Server: Server also sends the 96-bit nonce in plain-text.
The Serve must never use the same nonce twice.
It must be randonly generated for every authentication.
The only additional overhead is the 96-bit nonce. + Note right of Server: Server also sends the 96-bit nonce in plain-text.
The Server must never use the same nonce twice.
It must be randonly generated for every authentication.
The only additional overhead is the 96-bit nonce. rect rgb(191, 223, 255) - Mobile Client ->> Mobile Client: Keypad Index Array =
Reverse(Ciphered Keypad Index Array, SharedKey, Nonce) + Mobile Client ->> Mobile Client: Keypad Index Array =
Reverse(Shuffled Keypad Index Array, SharedKey, Nonce) end Mobile Client ->> User: Render Keypad User ->> Server: Set nKode Server ->> Server: Disperse Keypad rect rgb(191, 223, 255) - Server ->> Server: Ciphered Keypad Index Array =
ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce) - Server ->> Mobile Client: Ciphered Keypad Index Array + Nonce + Server ->> Server: Shuffled Keypad Index Array =
ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce) + Server ->> Mobile Client: Shuffled Keypad Index Array + Nonce end rect rgb(191, 223, 255) - Mobile Client ->> Mobile Client: Keypad Index Array =
Reverse(Ciphered Keypad Index Array, SharedKey, Nonce) + Mobile Client ->> Mobile Client: Keypad Index Array =
Reverse(Shuffled Keypad Index Array, SharedKey, Nonce) end Mobile Client ->> User: Render Keypad User ->> Server: Confirm nKode Note over User,Server: Login rect rgb(191, 223, 255) - Server ->> Server: Ciphered Keypad Index Array =
ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce) - Server ->> Mobile Client: Ciphered Keypad Index Array + Nonce + Server ->> Server: Shuffled Keypad Index Array =
ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce) + Server ->> Mobile Client: Shuffled Keypad Index Array + Nonce end rect rgb(191, 223, 255) - Mobile Client ->> Mobile Client: Keypad Index Array =
Reverse(Ciphered Keypad Index Array, SharedKey, Nonce) + Mobile Client ->> Mobile Client: Keypad Index Array =
Reverse(Shuffled Keypad Index Array, SharedKey, Nonce) end Mobile Client ->> User: Render Keypad User ->> Server: Successful Login -- 2.49.1 From 6777a19f5b101cbccab4ef5f78e032511f8e9b4c Mon Sep 17 00:00:00 2001 From: Donovan Date: Thu, 26 Jun 2025 13:35:35 -0500 Subject: [PATCH 05/10] reverse to unshuffle --- docs/nkode_over_unencrypted_channel.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/nkode_over_unencrypted_channel.md b/docs/nkode_over_unencrypted_channel.md index 0d08233..26f1875 100644 --- a/docs/nkode_over_unencrypted_channel.md +++ b/docs/nkode_over_unencrypted_channel.md @@ -58,7 +58,7 @@ sequenceDiagram end Note right of Server: Server also sends the 96-bit nonce in plain-text.
The Server must never use the same nonce twice.
It must be randonly generated for every authentication.
The only additional overhead is the 96-bit nonce. rect rgb(191, 223, 255) - Mobile Client ->> Mobile Client: Keypad Index Array =
Reverse(Shuffled Keypad Index Array, SharedKey, Nonce) + Mobile Client ->> Mobile Client: Keypad Index Array =
Unshuffle(Shuffled Keypad Index Array, SharedKey, Nonce) end Mobile Client ->> User: Render Keypad User ->> Server: Set nKode @@ -68,7 +68,7 @@ sequenceDiagram Server ->> Mobile Client: Shuffled Keypad Index Array + Nonce end rect rgb(191, 223, 255) - Mobile Client ->> Mobile Client: Keypad Index Array =
Reverse(Shuffled Keypad Index Array, SharedKey, Nonce) + Mobile Client ->> Mobile Client: Keypad Index Array =
Unshuffle(Shuffled Keypad Index Array, SharedKey, Nonce) end Mobile Client ->> User: Render Keypad User ->> Server: Confirm nKode @@ -78,7 +78,7 @@ sequenceDiagram Server ->> Mobile Client: Shuffled Keypad Index Array + Nonce end rect rgb(191, 223, 255) - Mobile Client ->> Mobile Client: Keypad Index Array =
Reverse(Shuffled Keypad Index Array, SharedKey, Nonce) + Mobile Client ->> Mobile Client: Keypad Index Array =
Unshuffle(Shuffled Keypad Index Array, SharedKey, Nonce) end Mobile Client ->> User: Render Keypad User ->> Server: Successful Login -- 2.49.1 From d22ec80ee7fd3ddd302568a5a5e240578f51bf9b Mon Sep 17 00:00:00 2001 From: Donovan Date: Thu, 26 Jun 2025 13:37:50 -0500 Subject: [PATCH 06/10] remove chacha from enrollment --- docs/nkode_over_unencrypted_channel.md | 17 +++-------------- 1 file changed, 3 insertions(+), 14 deletions(-) diff --git a/docs/nkode_over_unencrypted_channel.md b/docs/nkode_over_unencrypted_channel.md index 26f1875..136dc3b 100644 --- a/docs/nkode_over_unencrypted_channel.md +++ b/docs/nkode_over_unencrypted_channel.md @@ -52,29 +52,18 @@ sequenceDiagram rect rgb(191, 223, 255) Server -->> Mobile Client: Store ChaCha20 256-bit key end - rect rgb(191, 223, 255) - Server ->> Server: Shuffled Keypad Index Array =
ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce) - Server ->> Mobile Client: Shuffled Keypad Index Array + Nonce - end - Note right of Server: Server also sends the 96-bit nonce in plain-text.
The Server must never use the same nonce twice.
It must be randonly generated for every authentication.
The only additional overhead is the 96-bit nonce. - rect rgb(191, 223, 255) - Mobile Client ->> Mobile Client: Keypad Index Array =
Unshuffle(Shuffled Keypad Index Array, SharedKey, Nonce) + Server ->> Mobile Client: Keypad Index Array end Mobile Client ->> User: Render Keypad User ->> Server: Set nKode Server ->> Server: Disperse Keypad - rect rgb(191, 223, 255) - Server ->> Server: Shuffled Keypad Index Array =
ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce) - Server ->> Mobile Client: Shuffled Keypad Index Array + Nonce - end - rect rgb(191, 223, 255) - Mobile Client ->> Mobile Client: Keypad Index Array =
Unshuffle(Shuffled Keypad Index Array, SharedKey, Nonce) - end + Server ->> Mobile Client: Keypad Index Array Mobile Client ->> User: Render Keypad User ->> Server: Confirm nKode Note over User,Server: Login rect rgb(191, 223, 255) Server ->> Server: Shuffled Keypad Index Array =
ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce) + Note right of Server: Server also sends the 96-bit nonce in plain-text.
The Server must never use the same nonce twice.
It must be randonly generated for every authentication.
The only additional overhead is the 96-bit nonce. Server ->> Mobile Client: Shuffled Keypad Index Array + Nonce end rect rgb(191, 223, 255) -- 2.49.1 From 13a1a64772425836bc6f95d67d761121c7880e27 Mon Sep 17 00:00:00 2001 From: Donovan Date: Thu, 26 Jun 2025 13:38:47 -0500 Subject: [PATCH 07/10] remove dangling end --- docs/nkode_over_unencrypted_channel.md | 1 - 1 file changed, 1 deletion(-) diff --git a/docs/nkode_over_unencrypted_channel.md b/docs/nkode_over_unencrypted_channel.md index 136dc3b..b84b139 100644 --- a/docs/nkode_over_unencrypted_channel.md +++ b/docs/nkode_over_unencrypted_channel.md @@ -53,7 +53,6 @@ sequenceDiagram Server -->> Mobile Client: Store ChaCha20 256-bit key end Server ->> Mobile Client: Keypad Index Array - end Mobile Client ->> User: Render Keypad User ->> Server: Set nKode Server ->> Server: Disperse Keypad -- 2.49.1 From 81829c81b8b7b21669961ec97ddb452c352cb084 Mon Sep 17 00:00:00 2001 From: Donovan Date: Thu, 26 Jun 2025 13:41:52 -0500 Subject: [PATCH 08/10] update network assumptions --- docs/nkode_over_unencrypted_channel.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/docs/nkode_over_unencrypted_channel.md b/docs/nkode_over_unencrypted_channel.md index b84b139..8465ad5 100644 --- a/docs/nkode_over_unencrypted_channel.md +++ b/docs/nkode_over_unencrypted_channel.md @@ -45,7 +45,7 @@ sequenceDiagram participant User participant Mobile Client participant Server - Note over User,Server: Enrollment + Note over User,Server: Enrollment (assume secure network) User ->> Server: Initiate Enrollment Server ->> Server: Generate Keypad Icons Server -->> Mobile Client: Store Icons On Device @@ -59,12 +59,12 @@ sequenceDiagram Server ->> Mobile Client: Keypad Index Array Mobile Client ->> User: Render Keypad User ->> Server: Confirm nKode - Note over User,Server: Login + Note over User,Server: Login (assume unsecure network) rect rgb(191, 223, 255) Server ->> Server: Shuffled Keypad Index Array =
ChaCha20FisherYates(Keypad Index Array, SharedKey, Nonce) - Note right of Server: Server also sends the 96-bit nonce in plain-text.
The Server must never use the same nonce twice.
It must be randonly generated for every authentication.
The only additional overhead is the 96-bit nonce. Server ->> Mobile Client: Shuffled Keypad Index Array + Nonce end + Note right of Server: Server also sends the 96-bit nonce in plain-text.
The Server must never use the same nonce twice.
It must be randonly generated for every authentication.
The only additional overhead is the 96-bit nonce. rect rgb(191, 223, 255) Mobile Client ->> Mobile Client: Keypad Index Array =
Unshuffle(Shuffled Keypad Index Array, SharedKey, Nonce) end -- 2.49.1 From 437d8b0f31c3dde903281bd93a852527948066e4 Mon Sep 17 00:00:00 2001 From: Donovan Date: Thu, 26 Jun 2025 13:44:58 -0500 Subject: [PATCH 09/10] update name --- ...er_unencrypted_channel.md => nkode_unsecure_lowbandwitdh.md} | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) rename docs/{nkode_over_unencrypted_channel.md => nkode_unsecure_lowbandwitdh.md} (97%) diff --git a/docs/nkode_over_unencrypted_channel.md b/docs/nkode_unsecure_lowbandwitdh.md similarity index 97% rename from docs/nkode_over_unencrypted_channel.md rename to docs/nkode_unsecure_lowbandwitdh.md index 8465ad5..35f45f9 100644 --- a/docs/nkode_over_unencrypted_channel.md +++ b/docs/nkode_unsecure_lowbandwitdh.md @@ -1,4 +1,4 @@ -# nKode Authentication Over Unencrypted Channel in Low-Bandwidth Environments +# nKode Authentication Over Unsecure and Low-Bandwidth Network ## Low-Bandwidth Architecture -- 2.49.1 From 10c84e4535df51ef0501044425234ea2570eb234 Mon Sep 17 00:00:00 2001 From: Donovan Date: Thu, 26 Jun 2025 15:18:30 -0500 Subject: [PATCH 10/10] update title --- docs/nkode_unsecure_lowbandwitdh.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/docs/nkode_unsecure_lowbandwitdh.md b/docs/nkode_unsecure_lowbandwitdh.md index 35f45f9..884f285 100644 --- a/docs/nkode_unsecure_lowbandwitdh.md +++ b/docs/nkode_unsecure_lowbandwitdh.md @@ -1,4 +1,4 @@ -# nKode Authentication Over Unsecure and Low-Bandwidth Network +# nKode Authentication Over Unsecured and Low-Bandwidth Network ## Low-Bandwidth Architecture -- 2.49.1