Math in the Solitaire Cipher By: Jeffrey Baez Introduction:

advertisement
Math in the Solitaire Cipher
By: Jeffrey Baez
Introduction: Neal Stephenson has written several novels in the cyberpunk genre,
subspecialty of science fiction dealing with issues from cybernetics and informational
technology. Some of his famous works include Snow Crash and The Diamond Age, which
were successful in their own right and helped give him credibility as a writer[10]. Along
with other awards, his novel Cryptonomicon earned the award winning Prometheus
Award in 2013; this is awarded to honor libertarian works of fiction [4]. The reason why
Cryptonomicon earned such praise is due to its content. It uses both past and present
to understand cryptography and the early days of information technology. This novel
explains a variety of concepts that ranges from cryptography to data storage security
[10], but the most interesting concept discussed is the Solitaire Cipher. The reason why
it’s an interesting cipher is that playing cards are used to help create the cipher text.
Throughout this paper, I will discuss the Solitaire Cipher that was used in Cryptonomicon. This will include a step by step instructions of how to create a cipher text
using normal playing cards, mathematical proofs of the cipher, and some drawbacks by
using the Solitaire Cipher; by discussing these ideas about the cipher we will see that
it can be a useful way to encrypt messages into cipher text. Because of the in depth
explanation of the cipher, we will also see why the Solitaire Cipher is interesting and the
cipher I chose from Cryptonomicon.
Figure 1: A simple deck of playing cards are used for this cipher method [9].
Solitaire Cipher History: The Solitaire Cipher is a cipher that was created by Bruce
Schneier solely for Stephenson’s fictional novel Cryptonomicon. Bruce Schneier has a
strong background in understanding and creating codes and ciphers, since his profession
is a security consultant. He created the cipher just for the novel, and it was not used
for real word applications. The Cipher uses 52 playing cards and 2 jokers; it also has no
relation to the card game Solitaire. Schneier uses the cards and a sequence of rearrangement as a way to create the key stream in order to encrypt a message. The greater the
length of the key makes it difficult to break this cipher. Because of this, experts have
said that it is difficult for an attacker to decrypt [2].
How Solitaire Cipher Works The Solitaire Cipher works analogously to a shift
cipher when encrypting the plain text to cipher text. The shift cipher encrypts by
shifting the original message left or right to another corresponding letter of the alphabet
[1]. Below is how a normal shift cipher works and an example of its usage.
1
1. Convert each letter in your original message into numbers. The numbers should
be as followed: A = 0, B = 1, ... ,Z = 25.
2. Set Key K to a random constant number.
3. Take numbers from the original message and add K.
4. If any number summed over 25 then take modulo 26.
5. Convert new numbers to letters. This becomes your cipher text.
Basic Modular Arithmetic Example: You have the number 28. To get the modulo
number subtract 26 from 28 to get the value 2. This value is expressed as 28 ≡ 2(mod26).
Consider the following shift cipher example: Let K = 3 and original message be: Encrypt
This.
1. 4 13 2 17 24 15 20 20 7 8 18
2. K = 3
3. 7 17 5 20 27 18 23 23 10 11 21
4. 7 17 5 20 1 18 23 23 10 11 21
5. Cipher text is HQFUBSWWKLV
Figure 2: An image of the Shift Cipher [3].
The problem with a shift cipher is that K can be easily found, thus the cipher
text can be decrypted and the wrong person can see the original message. The Solitaire
Cipher uses an algorithm to fix this problem. It uses a key stream, a set of different keys.
Each key stream has a different length with different numbers that are randomized. The
random numbers act as a key, which is similar to the shift cipher, except there are more
of them. The greater the length of your key stream, the harder it is for your original
message to be read by the wrong person.
The following explanation is taken from [11]. The Solitaire Cipher generates each
key by an algorithm; this process is known as keying the deck. As stated earlier, keying
the deck requires 52 cards and 2 jokers. Each card receives a numerical value by using a
bridge order on each suit,which means the suits have an order. From lowest to highest,
the order of the suits are clubs, diamonds, hearts and spades. Every card’s value is also
determined by lowest to highest order, with the Ace being the lowest and King being
the highest card. Every card, with the exception of the jokers, are numbered 1 to 52.
For example, if you have a 5 of diamonds then its numerical value is 18. Aside from the
2
playing cards, both the jokers have a numerical value of 53. The jokers have another
property, one is greater than the other. One joker is labeled A and the other B. For
this explanation let the black joker be A and the red joker be B. Keying the deck can
be used with all 4 suits or just one suit. But realize for an unbreakable encryption, it is
recommended to use the whole deck.
The algorithm uses six steps to key the deck. To explain how the algorithm works
one suits will be used, which are the clubs and two jokers.
1. First start off with by shuffling the cards with the two jokers. In order to explain
the cards, they will be in their numerical values and the jokers will be labeled A and B.
With the deck facing you:
12 7 1 4 B 8 5 A 2 10 6 3 13 11 9
2. Move A one card down. Note: if A is toward the end of the deck then cycle it
back to the front.
12 7 1 4 B 8 5 2 A 10 6 3 13 11 9
3. Move B two cards down. Note: if B is toward the end of the deck then cycle it
back to the front.
12 7 1 4 8 5 B 2 A 10 6 3 13 11 9
4. Swap the cards in front of the first joker with the cards behind the second joker.
This step is known as the triple cut, since the deck is cut into three parts.
10 6 3 13 11 9 B 2 A 12 7 1 4 8 5
5. Observe the bottom card, then count down from the top card to the value of the
bottom card. Cut after the card you counted to and place them on the bottom, leaving
the bottom card observed on the bottom. This cut is known as the perform cut.
9 B 2 A 12 7 1 4 8 10 6 3 13 11 5
6. Observe the top card, then count down from the top card (including the card)
down to the value of the top card. This process is called the output card. The output
card determines what the letter of the key. Also the deck does not change. The deck
ends up as 9 B 2 A 12 7 1 4 8 10 6 3 13 11 5, with the output card being 8.
To find the rest of the output cards repeat steps 2 through 6 until the desired key
length is satisfied. After all individual keys are found, the final step would be to add the
numerical value with the original messages numerical value. The sum of the numbers
are in modulo 26 because the numbers require to be converted to letters.
This example uses one suit instead of four. The algorithm does not change when all
four suites are involved. It is best to use all four suites and have your key length be as
long as possible in order to maximize security. Using all four suites maximizes security
because it prevents repeats in the key stream. Repeats in the key stream would lead
to a constant K, which would make this cipher have similar issues like the normal shift
cipher.
The Solitaire cipher is a symmetrical cipher meaning the decryption process is the
reverse order of the encryption process. The person decrypting the message has to follow
the exact same steps the sender did when they created the key. The decryption process
begins by subtracting the numbers from the encrypted text by the key. The result will
be the original message, make sure that modulo 26 is used. The last step is to convert
the numbers solved into letters. Before decryption can be performed it is imperative
that the original deck is used by the person decrypting the text; both the sender and the
receiver of the message should start off with the same identical deck. The reason why
3
both decks need to be identical is because you cannot reverse the order of the algorithm,
only the order of the encryption process [8].
Math behind Solitaire Cipher: This section will present a couple of proofs such as:
the average number of steps it takes to produce the Solitaire algorithm and the proof
that Solitaire Cipher is symmetric.
Figure 3: An image of the final step of Solitaire algorithm [5].
Counting the STEPS (One Suit): First we will count the steps of the previous
example. Note: will use the number of the steps as references.
Step 1 will not count as part of the algorithm because this should already be done
before commencing the Solitaire algorithm.
Step 2 has one move. Will always have one move since the property of the Joker
declares for this step to move this card one space backward.
Step 3 has two moves. Will always have two moves since the property of the Joker
declares for this step to move this card two spaces backwards.
Step 4 has an average of two moves. Will use this number because it is very unlikely
that one move or zero moves can occur. While plausible, the percentage of these moves
occurring is low. Two moves is the appropriate number because this will be the likely
moves made from this step.
Step 5 has an average of 9 moves. Since the suite is using 13 playing cards and two
Jokers, whose value indicates 14, take the sum and divide it by the total of playing cards
used. It should look like 1 + 2 + 3 + 4 + 5 + 6 + 7 + 8 + 9 + 10 + 11 + 12 + 13 + 14 + 14.
14 appears twice because there are two Jokers whose value equal 14, they affect the
perform cut process. The total is 119. Then take 119 and divide it by 15, the result is
7.933. Because this is not a number of realistic number of moves, round up. This way
of counting averages makes allows each card to have an equal opportunity of being the
card to use for the perform cut, which means the likely hood of any card appearing is
equally plausible. The last step of this method is to moves all the cards you counted
from to the back of the deck, so take the rounded 8 moves and add one move, which
results this step having an average of 9 moves.
Step 6 has an average of 8 moves. This average follows the same logic as Step 5.
Unlike Step 5, there is no need to add one step because there is no extra movement once
the counting card is found. Finding the counting card is the purpose of Step 6.
When you add all the moves together, the result is 22 moves. This means for the
previous example to find one letter in the key stream it takes an average of 22 moves.
4
Counting the STEPS (All Suits): By using the same logic from Counting the
STEPS (One Suit) the following lemma exists.
Lemma 1 (The Average Steps Uisng 4 Suits). It takes an average of 62 moves to encrypt
one word by using the Solitaire algorithm using all four suits.
Proof: To prove Lemma 1, follow Step 1 through Step 4 from Counting the STEPS
(One Suit). These steps are the same because they are fixed and the number of the cards
used do not affect the moves performed. Note do no simply multiply 22(the number of
moves for one suit) by four to get the average number of moves using all four suits. As
shown below, calculating the moves from Step 5 and Step 6 differ using four suits than
with one suit.
Step 5 has an average of 29 moves. Since all four suits are use, then there exist a
total of 52 cards used plus the 2 Jokers. The same logic for finding the average is the
same as finding the average for one suit. Find the sum of all 54 cards 1 + 2 + 3 + 4 + 5 +
... + 51 + 52 + 53 + 53. 53 appears twice since there are two Jokers whose value equal
53. The total should be 1484. Then take 1484 and divide it by 54, the result should be
27.48. Round up since .48 of a move is not practical, which makes the average 28 moves.
Add one to count for the final step of the method, which places the cards counted toward
the back of the deck, which makes an average of 29 moves.
Step 6 follows the same logic as Step 5 except there is no need to add the extra
move. This step has average of 28 moves.
When you add all the moves together, the result is 62 moves. This means that it
takes an average of 62 moves to find one letter in the key stream using all four suits. Proof that Solitaire Cipher is Reversible:
Lemma 2 (Cipher is Reversible). The Solitaire Cipher is a symmetrical cipher; its plain
text can be found by reversing the process of decryption and vice versa.
Proof: This proof is dependent on the key, which mean it will require two things:
1. If key word, K has the same length as the plain text.
2. If key word, K does not have the same length as the plain text.
For both PART 1 and PART 2:
Let A be an arbitrary plain text with finite length N.
Let key stream K be ab arbitrary with keys whose length is the same as A.
Define the encrypted text as B = A + K.
PART 1:
A+K=B
A + K - K = B - K; The minus K shows the method for decrypting the cipher text.
A = B - K; This is the definition for the decrypted text.
Start with the decryted text.
B-K=A
5
B - K + K = A + K; The addition of K shows the method for encrypting the plain
text.
B = A + K; We have arrived back to the definition for the encrypted text.
As shown the cipher text and plain text are dependent on K. Therefore, when K’s
length is the same as A’s, the steps are reversible.
PART 2:
Let A1 , A2 , ..., AN ∈ A.
A1 , A2 , ..., AN are split into equal blocks that equal the length of K.
By using A+K= B define new method of encryption as:
(A1 + K) + (A2 + K) + ... + (AN + K) = B1 + B2 + ... + BN ,
where the length of AN 6= the length of K.
A problem may occur with (AN + K) = BN if length of K > length of AN .
To fix the problem, we will pad AN such that AN = aN + C, where aN is the
remaining plain text letters and C is a random constant letter that allows for the length
of AN to equal the length of K.
With new adjustment the new method for encryption is:
(A1 + K) + (A2 + K) + ... + ((aN + C) + K) = B1 + B2 + ... + BN .
BN does not need to be adjusted since its length is dependent on K when encrypted.
Since the steps in PART 2 are consistent with PART 1, and the formula for encryption
follows A + K = B, then PART 2 is also reversible. Therefore regardless of the plain
text’s length, the Solitaire Cipher is reversible. PART 2 Example: To demonstrate PART 2 of the proof, the following example
is taken from [8].
Let the encrypted message be U D V M W Q I K Z M.
Then convert this message into numbers 21 4 22 13 23 17 9 11 25 12.
Let the key be 17 15 8 24 3 10 20 13 1 14, which was found by the Solitaire algorithm.
Subtract the message from the key,
21 4 22 13 23 17 9 11 25 12 - 17 15 8 24 3 10 20 13 1 14.
The result or original message is 4 15 14 15 20 7 15 24 24 24 using modulo 26 when
necessary.
By converting the number into letters, the original message reads:
D O N O T G O X X X.
From the given example, we see that C is X, since the plain text was less than K.
Problems with the Cipher: One problem with the cipher lies in its ease of use. As
shown in the proof for counting the steps if all four suits are used, it takes an average of
62 moves to find one letter of the key. If the key length is five it will take an average of
310 moves. Doing this by hand consumes a lot of time.
6
Another problem is the cipher can only work if both the sender and receiver have
identical decks. The cipher text can be decrypted by an attacker and its message made
known to said attacker if they know the solitaire algorithm and the original deck order.
If both are known by an attacker then the plain text can be easily found [11]; this means
the plain text can be found by an unauthorized user. This will cause a problem because
the plain text will be found and its secrets made known. But this issue will not cause a
huge problem as long as the original deck order is kept a secret and hidden in a secure
place.
The major issue with the cipher is its algorithm. Paul Crowley did such a study that
found the cipher has repetitions, using all four suits. He is a professional cryptographer
with eleven years of experience in creating software for real-world applications. Some
of his has college education are in physics, math and computer science [6]. He created
a program in Matlab that mimics the Solitaire algorithm. He found that the keys the
cipher generates are repetitive. The output of each step of the algorithm is a number
from 0 to 25. One would expect successive outputs to be the same around one time in
26 to represent equal probability, but his experiments show that the output rate is closer
to one in 22.5. Paul Crowley believes the reason for this bias is when the value of the
top card is the same in two successive rounds. This probability of having the top card
being the same is around two percent; when this occurs there is a thirty four percent
probability the output card will be the same [7]. Since it was proven that the Solitaire
Cipher is reversible, if repeats exist then it would be easy for the attacker to decrypt
the cipher text. While the percentage is low for keys to be repetitive, this problem is
something to keep in mind when using the Solitaire algorithm.
Conclusion: Overall the Solitaire Cipher is an effective way to encrypt a message. It
does not require any computers or complex math. The complexity is in its algorithm. As
explained previously, Bruce Schneier created this cipher for Cryptonomicon. It is still
considered a new cipher, but as explained earlier its method is similar to a shift cipher.
It is the algorithm that allows the Solitaire Cipher to be unique. The algorithm was
proven to take several steps depending on the number of suits used. But as long as the
attacker does not know the original order of the cards, then the cipher is close to being
unbreakable. There is a chance the algorithm may repeat numbers since there is some
bias, but the probability it will have several numbers repeat consistently is low. What
was covered was how to create a cipher text using normal playing cards, mathematical
proofs of the cipher, and drawbacks of using the Solitaire Cipher. Even though the
Cipher had no real world applications, the simplicity of its algorithm questions why it
has not been used.
7
References
[1] . Lecture 1: Shift ciphers.
http://www.math.cornell.edu/~mec/Summer2008/lundell/lecture1.html,
2008.
[2] . The solitaire cipher.
http://www.bicyclecards.com/news/story/the-solitaire-cipher, 2012.
[3] . Caesar cipher. http://blog.jverkamp.com/2014/03/12/caesar-cipher/,
2014.
[4] . Prometheus awards. http://lfs.org/awards.shtml, 2014.
[5] Bradford Barr. Crypto unplugged: Solitaire.
http://8bitsof.me/solitaire.html, 2013.
[6] Paul Crowley. Paul crowley: Curriculum vitae.
http://www.ciphergoth.org/cv/, 2006.
[7] Paul Crowley. Problems with bruce schneier’s ”solitaire”.
http://www.ciphergoth.org/crypto/solitaire/, 2013.
[8] Deslivres. The solitaire cipher - superstruct instructables series.
http://www.instructables.com/id/
The-Solitaire-cipher-Superstruct-Instructables-s/step7/
Deciphering-ciphertext/, .
[9] Deslivres. The solitaire cipher - superstruct instructables series.
http://www.instructables.com/id/
The-Solitaire-cipher-Superstruct-Instructables-s/, 2010.
[10] Mark Flanagan. Neal stephenson.
http://contemporarylit.about.com/cs/authors/p/stephenson.htm, 2014.
[11] Bruce Schneier. The solitaire encryption algorithm.
https://www.schneier.com/solitaire.html, 1999.
8
Download