# Encipher, Decipher and Renew nKode ## Tenant Policy - max nkode length: {{ max_nkode_len }} - number of keys: {{ numb_of_keys }} - properties per key: {{ props_per_key }} - total number of properties: {{ numb_of_keys * props_per_key }} --- ## Deterministic CSPRNG - AES-CTR DRBG - ChaCha20 ## User Cipher Keys Derive keys in memory from PRNG above: - property key: {{ user_property_key }} - passcode key: {{ pass_key }} - user position key: {{ user_position_key }} - mask key: {{ mask_key }} --- ## User Keypad - keypad example:
{{ login_keypad_md }} - user passcode indices: {{ user_passcode_idxs}} --- ## nKode Cipher ### Passcode Hash ```mermaid block-beta columns 2 prop["user_property_key\n{{user_property_key}}"] pass["user_passcode_indices\n{{user_passcode_idxs}}"] space:2 sel(("select\nproperties")):2 pass --> sel prop --> sel space:2 passcode["user passcode properties:\n{{user_passcode_props}}"]:2 sel --> passcode space:2 pad["zero pad to\nmax nkode length: {{max_nkode_len}}"]:2 passcode -->pad space:2 paddedpasscode["padded passcode:\n{{padded_passcode}}"] pad --> paddedpasscode passkey["passcode key:\n{{pass_key}}"] space:2 xor2(("XOR")):2 passkey --> xor2 paddedpasscode --> xor2 space:2 cipheredpass["ciphered passcode:\n{{ciphered_passcode}}"]:2 xor2 --> cipheredpass space:2 hash(("hash")):2 cipheredpass --> hash space:2 cipheredhashed["hashed ciphered passcode:\n{{code}}"]:2 hash --> cipheredhashed ``` ### Mask Encipher ```mermaid block-beta columns 2 passcode_idx["passcode indices:\n{{user_passcode_idxs}}"] space:3 propidx(["Get Position Idx:\nmap each to element mod props_per_key"]) passcode_idx-->propidx space:3 passcode_position_idx["passcode poition indices:\n{{passcode_position_idxs}}"] propidx --> passcode_position_idx space:3 pad1(("Pad with\nrandom indices")) passcode_position_idx --> pad1 space:3 posidx["Padded Passcode Position Indices:\n{{pad_user_passcode_idxs}}"] pad1 --> posidx user_pos["user position key:\n{{user_position_key}}"] space:2 sel(("select positions")) user_pos --> sel posidx --> sel space:3 passcode_pos["ordered user passcode positions:\n{{ordered_user_position_key}}"] sel --> passcode_pos mask_key["mask key\n{{mask_key}}"] space:2 xor2(("XOR")) mask_key --> xor2 passcode_pos --> xor2 space:3 mask["enciphered mask:\n {{mask}}"] xor2 --> mask ``` ### Validate nKode ```mermaid block-beta columns 3 selected_keys["keys selected by user during login:\n{{selected_keys}}"] login_keypad["login keypad:\n{{login_keypad}}"] space:4 selectkeys(("filter keys")) mask["enciphered mask:\n {{mask}}"] mask_key["mask key:\n{{mask_key}}"] space:2 xor1(("XOR")) mask --> xor1 mask_key --> xor1 selected_keys --> selectkeys login_keypad --> selectkeys space:3 ordered_keys["ordered keys:\n{{ordered_keys}}"] user_position_key["user position key:\n{{user_position_key}}"] passcode_pos["ordered user passcode positions:\n{{ordered_user_position_key}}"] selectkeys --> ordered_keys xor1 --> passcode_pos space:8 get_passcode_idxs(("recover passcode\nposition indices")) user_position_key --> get_passcode_idxs passcode_pos --> get_passcode_idxs space:8 passcode_pos_idxs["padded passcode position indices:\n{{pad_user_passcode_idxs}}"] get_passcode_idxs --> passcode_pos_idxs space:3 get_presumed_idxs(("recover passcode\nproperty indices")) ordered_keys --> get_presumed_idxs passcode_pos_idxs --> get_presumed_idxs space:5 passcode_prop_idxs["presumed passcode property indices:\n{{user_passcode_idxs}}"] prop["user_property_key\n{{user_property_key}}"] cipheredhashed["hashed ciphered passcode:\n{{code}}"] get_presumed_idxs --> passcode_prop_idxs space:3 sel(("select\nproperties")) passcode_prop_idxs --> sel prop --> sel space:5 passcode_prop["presumed passcode properties:\n{{user_passcode_props}}"] sel --> passcode_prop space:5 cipher(("encipher")) passcode_prop --> cipher space:5 cipheredpass["ciphered passcode:\n{{ciphered_passcode}}"] cipher --> cipheredpass space:7 comp{"compare"} cipheredpass --> comp cipheredhashed --> comp space:5 suc(("success")) comp --"Equal"--> suc ``` ## Renew A renewal happens every login ### Nonce Renew With ChaCha20, we can renew the keys and hash every login with a new nonce ### Secret Renew The secret is renewed less frequently. It's stored securely using a service like AWS Secrets Manager.