HOME

TheInfoList



Click Here for Items Related To - Solitaire (cipher)
OR:
Solitaire (cipher) on:   [Wikipedia]   [Google]   [Amazon]

The Solitaire cryptographic algorithm was designed by
Bruce Schneier Bruce Schneier (; born January 15, 1963) is an American cryptographer, computer security professional, privacy specialist, and writer. Schneier is a Lecturer in Public Policy at the Harvard Kennedy School and a Fellow at the Berkman Klein Cente ...
at the request of
Neal Stephenson Neal Town Stephenson (born October 31, 1959) is an American writer known for his works of speculative fiction. His novels have been categorized as science fiction, historical fiction, cyberpunk, postcyberpunk, and baroque. Stephenson's work e ...
for use in his novel '' Cryptonomicon'', in which field agents use it to communicate securely without having to rely on electronics or having to carry incriminating tools. It was designed to be a manual
cryptosystem In cryptography, a cryptosystem is a suite of cryptographic algorithms needed to implement a particular security service, such as confidentiality (encryption). Typically, a cryptosystem consists of three algorithms: one for key generation, one f ...
calculated with an ordinary deck of playing cards. In ''Cryptonomicon'', this algorithm was originally called Pontifex to hide the fact that it involved playing cards. One of the motivations behind Solitaire's creation is that in
totalitarian Totalitarianism is a form of government and a political system that prohibits all opposition parties, outlaws individual and group opposition to the state and its claims, and exercises an extremely high if not complete degree of control and reg ...
environments, a deck of cards is far more affordable (and less incriminating) than a personal computer with an array of cryptological utilities. However, as Schneier warns in the appendix of ''Cryptonomicon'', just about everyone with an interest in
cryptanalysis Cryptanalysis (from the Greek ''kryptós'', "hidden", and ''analýein'', "to analyze") refers to the process of analyzing information systems in order to understand hidden aspects of the systems. Cryptanalysis is used to breach cryptographic s ...
will now know about this algorithm, so carrying a deck of cards may also be considered incriminating. Furthermore, analysis has revealed flaws in the cipher such that it is now considered insecure.


Encryption and decryption

This
algorithm In mathematics and computer science, an algorithm () is a finite sequence of rigorous instructions, typically used to solve a class of specific problems or to perform a computation. Algorithms are used as specifications for performing ...
uses a standard deck of cards with 52 suited cards and two jokers which are distinguishable from each other, called the A joker and the B joker. For simplicity's sake, only two suits will be used in this example, clubs and diamonds. Each card is assigned a numerical value: the clubs will be numbered from 1 to 13 (Ace through King) and the diamonds will be numbered 14 through 26 in the same manner. The jokers will be assigned the values of 27 and 28. Thus, the jack of clubs would have the value 11, and the two of diamonds would have the value 15. (In a full deck of cards, the suits are valued in bridge order: clubs, diamonds, hearts, spades, with the suited cards numbered 1 through 52, and the jokers numbered 53 and 54.) To begin encryption or decryption, arrange the deck of cards face-up in an order previously agreed upon. The person decrypting a message must have a deck arranged in the same order as the deck used by the person who encrypted the message. How the order is initially decided upon is up to the recipients; shuffling the deck perfectly randomly is preferable, although there are many other methods. The algorithm generates a ''keystream'', a sequence of values which are combined with the message to encrypt and decrypt it. Each value of the
keystream In cryptography, a keystream is a stream of random or pseudorandom characters that are combined with a plaintext message to produce an encrypted message (the ciphertext). The "characters" in the keystream can be bits, bytes, numbers or actual chara ...
is used to encrypt one character of the message, so the keystream must be at least as long as the message. If the keystream is longer than the message, the message may be padded with an additional repeated character, thus denying the attacker knowledge of the exact length of the message. To encrypt a message: # Remove all punctuation and spaces, leaving only the 26 letters A–Z. # Convert each letter to its natural numerical value, A = 1, B = 2, ..., Z = 26. # Generate one keystream value for each letter in the message using the keystream algorithm below. # Add each keystream value to the corresponding plaintext number, subtracting 26 if the resulting value is greater than 26. (In mathematics this is called
modular arithmetic In mathematics, modular arithmetic is a system of arithmetic for integers, where numbers "wrap around" when reaching a certain value, called the modulus. The modern approach to modular arithmetic was developed by Carl Friedrich Gauss in his boo ...
.) # Convert the resulting numbers back to letters. This sequence of letters is the
ciphertext In cryptography, ciphertext or cyphertext is the result of encryption performed on plaintext using an algorithm, called a cipher. Ciphertext is also known as encrypted or encoded information because it contains a form of the original plaintex ...
. To decrypt a ciphertext: # Convert each letter in the ciphertext to its natural numerical value. # Generate one keystream value for each letter in the ciphertext. # Subtract each keystream value from the corresponding ciphertext value, adding 26 if the resulting value is less than 1. # Convert the resulting numbers back to letters.


Keystream algorithm

This algorithm generates keystream values by moving cards within the deck. The keystream algorithm is ''deterministic'', so the keystream values depend only on the initial order of the deck. The deck is assumed to be a circular array, meaning that should a card ever need to advance below the bottom card in the deck, it will simply rotate back to the top (in other words, the first card follows the last card). For example, take this starting deck: * 1 4 7 10 13 16 19 22 25 B 3 6 9 12 15 18 21 24 A 2 5 8 11 14 17 20 23 26 Perform these steps to generate one character of the keystream. # Locate the A joker and move it down the deck by one place. If it is the last card, it becomes the second card. There is no way for it to become the first card. The deck now looks like this: #* 1 4 7 10 13 16 19 22 25 B 3 6 9 12 15 18 21 24 2 A 5 8 11 14 17 20 23 26 # Locate the B joker and move it down the deck by two places. Notice that if it is the second to last card, it becomes the second card by wrapping around. If it is the last card, it becomes the third card. There is no way for it to become the first card. #* 1 4 7 10 13 16 19 22 25 3 6 B 9 12 15 18 21 24 2 A 5 8 11 14 17 20 23 26 # Perform a "triple cut": split the deck into three sections delimited by the jokers, and exchange the top and bottom section. The jokers themselves, and the cards between them, are left untouched. #* 5 8 11 14 17 20 23 26 B 9 12 15 18 21 24 2 A 1 4 7 10 13 16 19 22 25 3 6 # Perform a "count cut": observe the value of the card at the bottom of the deck. If the card is either joker take its value to be 27 (53 when using a full deck). Remove that number of cards from the top of the deck and insert them just above the last card in the deck. #* 23 26 B 9 12 15 18 21 24 2 A 1 4 7 10 13 16 19 22 25 3 5 8 11 14 17 20 6 # Now, look at the value of the top card. Again, either joker counts as 27 (53 when using a full deck). Count this many places below that card and take the value of that card as the next value in the keystream. If the card counted to is either joker, ignore it and repeat the keystream algorithm. In this example the top card is 23, so the 24th card, which is 11, determines the keystream value. (Note that no cards change places in this step; this step simply determines the keystream value).


Cryptanalysis

In 1999 Paul Crowley discovered that there is a bias towards repeating characters in the keystream, which occur about every 1/22.5 characters rather than the expected 1/26. As a result, Solitaire leaks information at a rate of about 0.0005 bits per character. While its security may perhaps be adequate for very short messages, in general Solitaire is considered insecure. Crowley also noticed that in some cases, there are two different deck configurations which result in the same configuration after executing the keystream algorithm. For instance, when the A joker is either on the bottom of the deck or on the top of the deck it will become the second card after step 1. This means the algorithm is not always reversible as Schneier had originally claimed. In 2019 Daniel Shiu proposed modifications to the algorithm which would increase its security, at the cost of making it more difficult for the user to implement manually.


References


External links


Schneier's Solitaire Description
{{Cryptography navbox , classical Stream ciphers Pseudorandom number generators Playing cards