Math in the Solitaire Cipher By: Jeffrey Baez Introduction: Neal Stephenson has written several novels in the cyberpunk genre, subspecialty of science fiction dealing with issues from cybernetics and informational technology. Some of his famous works include Snow Crash and The Diamond Age, which were successful in their own right and helped give him credibility as a writer[10]. Along with other awards, his novel Cryptonomicon earned the award winning Prometheus Award in 2013; this is awarded to honor libertarian works of fiction [4]. The reason why Cryptonomicon earned such praise is due to its content. It uses both past and present to understand cryptography and the early days of information technology. This novel explains a variety of concepts that ranges from cryptography to data storage security [10], but the most interesting concept discussed is the Solitaire Cipher. The reason why it’s an interesting cipher is that playing cards are used to help create the cipher text. Throughout this paper, I will discuss the Solitaire Cipher that was used in Cryptonomicon. This will include a step by step instructions of how to create a cipher text using normal playing cards, mathematical proofs of the cipher, and some drawbacks by using the Solitaire Cipher; by discussing these ideas about the cipher we will see that it can be a useful way to encrypt messages into cipher text. Because of the in depth explanation of the cipher, we will also see why the Solitaire Cipher is interesting and the cipher I chose from Cryptonomicon. Figure 1: A simple deck of playing cards are used for this cipher method [9]. Solitaire Cipher History: The Solitaire Cipher is a cipher that was created by Bruce Schneier solely for Stephenson’s fictional novel Cryptonomicon. Bruce Schneier has a strong background in understanding and creating codes and ciphers, since his profession is a security consultant. He created the cipher just for the novel, and it was not used for real word applications. The Cipher uses 52 playing cards and 2 jokers; it also has no relation to the card game Solitaire. Schneier uses the cards and a sequence of rearrangement as a way to create the key stream in order to encrypt a message. The greater the length of the key makes it difficult to break this cipher. Because of this, experts have said that it is difficult for an attacker to decrypt [2]. How Solitaire Cipher Works The Solitaire Cipher works analogously to a shift cipher when encrypting the plain text to cipher text. The shift cipher encrypts by shifting the original message left or right to another corresponding letter of the alphabet [1]. Below is how a normal shift cipher works and an example of its usage. 1 1. Convert each letter in your original message into numbers. The numbers should be as followed: A = 0, B = 1, ... ,Z = 25. 2. Set Key K to a random constant number. 3. Take numbers from the original message and add K. 4. If any number summed over 25 then take modulo 26. 5. Convert new numbers to letters. This becomes your cipher text. Basic Modular Arithmetic Example: You have the number 28. To get the modulo number subtract 26 from 28 to get the value 2. This value is expressed as 28 ≡ 2(mod26). Consider the following shift cipher example: Let K = 3 and original message be: Encrypt This. 1. 4 13 2 17 24 15 20 20 7 8 18 2. K = 3 3. 7 17 5 20 27 18 23 23 10 11 21 4. 7 17 5 20 1 18 23 23 10 11 21 5. Cipher text is HQFUBSWWKLV Figure 2: An image of the Shift Cipher [3]. The problem with a shift cipher is that K can be easily found, thus the cipher text can be decrypted and the wrong person can see the original message. The Solitaire Cipher uses an algorithm to fix this problem. It uses a key stream, a set of different keys. Each key stream has a different length with different numbers that are randomized. The random numbers act as a key, which is similar to the shift cipher, except there are more of them. The greater the length of your key stream, the harder it is for your original message to be read by the wrong person. The following explanation is taken from [11]. The Solitaire Cipher generates each key by an algorithm; this process is known as keying the deck. As stated earlier, keying the deck requires 52 cards and 2 jokers. Each card receives a numerical value by using a bridge order on each suit,which means the suits have an order. From lowest to highest, the order of the suits are clubs, diamonds, hearts and spades. Every card’s value is also determined by lowest to highest order, with the Ace being the lowest and King being the highest card. Every card, with the exception of the jokers, are numbered 1 to 52. For example, if you have a 5 of diamonds then its numerical value is 18. Aside from the 2 playing cards, both the jokers have a numerical value of 53. The jokers have another property, one is greater than the other. One joker is labeled A and the other B. For this explanation let the black joker be A and the red joker be B. Keying the deck can be used with all 4 suits or just one suit. But realize for an unbreakable encryption, it is recommended to use the whole deck. The algorithm uses six steps to key the deck. To explain how the algorithm works one suits will be used, which are the clubs and two jokers. 1. First start off with by shuffling the cards with the two jokers. In order to explain the cards, they will be in their numerical values and the jokers will be labeled A and B. With the deck facing you: 12 7 1 4 B 8 5 A 2 10 6 3 13 11 9 2. Move A one card down. Note: if A is toward the end of the deck then cycle it back to the front. 12 7 1 4 B 8 5 2 A 10 6 3 13 11 9 3. Move B two cards down. Note: if B is toward the end of the deck then cycle it back to the front. 12 7 1 4 8 5 B 2 A 10 6 3 13 11 9 4. Swap the cards in front of the first joker with the cards behind the second joker. This step is known as the triple cut, since the deck is cut into three parts. 10 6 3 13 11 9 B 2 A 12 7 1 4 8 5 5. Observe the bottom card, then count down from the top card to the value of the bottom card. Cut after the card you counted to and place them on the bottom, leaving the bottom card observed on the bottom. This cut is known as the perform cut. 9 B 2 A 12 7 1 4 8 10 6 3 13 11 5 6. Observe the top card, then count down from the top card (including the card) down to the value of the top card. This process is called the output card. The output card determines what the letter of the key. Also the deck does not change. The deck ends up as 9 B 2 A 12 7 1 4 8 10 6 3 13 11 5, with the output card being 8. To find the rest of the output cards repeat steps 2 through 6 until the desired key length is satisfied. After all individual keys are found, the final step would be to add the numerical value with the original messages numerical value. The sum of the numbers are in modulo 26 because the numbers require to be converted to letters. This example uses one suit instead of four. The algorithm does not change when all four suites are involved. It is best to use all four suites and have your key length be as long as possible in order to maximize security. Using all four suites maximizes security because it prevents repeats in the key stream. Repeats in the key stream would lead to a constant K, which would make this cipher have similar issues like the normal shift cipher. The Solitaire cipher is a symmetrical cipher meaning the decryption process is the reverse order of the encryption process. The person decrypting the message has to follow the exact same steps the sender did when they created the key. The decryption process begins by subtracting the numbers from the encrypted text by the key. The result will be the original message, make sure that modulo 26 is used. The last step is to convert the numbers solved into letters. Before decryption can be performed it is imperative that the original deck is used by the person decrypting the text; both the sender and the receiver of the message should start off with the same identical deck. The reason why 3 both decks need to be identical is because you cannot reverse the order of the algorithm, only the order of the encryption process [8]. Math behind Solitaire Cipher: This section will present a couple of proofs such as: the average number of steps it takes to produce the Solitaire algorithm and the proof that Solitaire Cipher is symmetric. Figure 3: An image of the final step of Solitaire algorithm [5]. Counting the STEPS (One Suit): First we will count the steps of the previous example. Note: will use the number of the steps as references. Step 1 will not count as part of the algorithm because this should already be done before commencing the Solitaire algorithm. Step 2 has one move. Will always have one move since the property of the Joker declares for this step to move this card one space backward. Step 3 has two moves. Will always have two moves since the property of the Joker declares for this step to move this card two spaces backwards. Step 4 has an average of two moves. Will use this number because it is very unlikely that one move or zero moves can occur. While plausible, the percentage of these moves occurring is low. Two moves is the appropriate number because this will be the likely moves made from this step. Step 5 has an average of 9 moves. Since the suite is using 13 playing cards and two Jokers, whose value indicates 14, take the sum and divide it by the total of playing cards used. It should look like 1 + 2 + 3 + 4 + 5 + 6 + 7 + 8 + 9 + 10 + 11 + 12 + 13 + 14 + 14. 14 appears twice because there are two Jokers whose value equal 14, they affect the perform cut process. The total is 119. Then take 119 and divide it by 15, the result is 7.933. Because this is not a number of realistic number of moves, round up. This way of counting averages makes allows each card to have an equal opportunity of being the card to use for the perform cut, which means the likely hood of any card appearing is equally plausible. The last step of this method is to moves all the cards you counted from to the back of the deck, so take the rounded 8 moves and add one move, which results this step having an average of 9 moves. Step 6 has an average of 8 moves. This average follows the same logic as Step 5. Unlike Step 5, there is no need to add one step because there is no extra movement once the counting card is found. Finding the counting card is the purpose of Step 6. When you add all the moves together, the result is 22 moves. This means for the previous example to find one letter in the key stream it takes an average of 22 moves. 4 Counting the STEPS (All Suits): By using the same logic from Counting the STEPS (One Suit) the following lemma exists. Lemma 1 (The Average Steps Uisng 4 Suits). It takes an average of 62 moves to encrypt one word by using the Solitaire algorithm using all four suits. Proof: To prove Lemma 1, follow Step 1 through Step 4 from Counting the STEPS (One Suit). These steps are the same because they are fixed and the number of the cards used do not affect the moves performed. Note do no simply multiply 22(the number of moves for one suit) by four to get the average number of moves using all four suits. As shown below, calculating the moves from Step 5 and Step 6 differ using four suits than with one suit. Step 5 has an average of 29 moves. Since all four suits are use, then there exist a total of 52 cards used plus the 2 Jokers. The same logic for finding the average is the same as finding the average for one suit. Find the sum of all 54 cards 1 + 2 + 3 + 4 + 5 + ... + 51 + 52 + 53 + 53. 53 appears twice since there are two Jokers whose value equal 53. The total should be 1484. Then take 1484 and divide it by 54, the result should be 27.48. Round up since .48 of a move is not practical, which makes the average 28 moves. Add one to count for the final step of the method, which places the cards counted toward the back of the deck, which makes an average of 29 moves. Step 6 follows the same logic as Step 5 except there is no need to add the extra move. This step has average of 28 moves. When you add all the moves together, the result is 62 moves. This means that it takes an average of 62 moves to find one letter in the key stream using all four suits. Proof that Solitaire Cipher is Reversible: Lemma 2 (Cipher is Reversible). The Solitaire Cipher is a symmetrical cipher; its plain text can be found by reversing the process of decryption and vice versa. Proof: This proof is dependent on the key, which mean it will require two things: 1. If key word, K has the same length as the plain text. 2. If key word, K does not have the same length as the plain text. For both PART 1 and PART 2: Let A be an arbitrary plain text with finite length N. Let key stream K be ab arbitrary with keys whose length is the same as A. Define the encrypted text as B = A + K. PART 1: A+K=B A + K - K = B - K; The minus K shows the method for decrypting the cipher text. A = B - K; This is the definition for the decrypted text. Start with the decryted text. B-K=A 5 B - K + K = A + K; The addition of K shows the method for encrypting the plain text. B = A + K; We have arrived back to the definition for the encrypted text. As shown the cipher text and plain text are dependent on K. Therefore, when K’s length is the same as A’s, the steps are reversible. PART 2: Let A1 , A2 , ..., AN ∈ A. A1 , A2 , ..., AN are split into equal blocks that equal the length of K. By using A+K= B define new method of encryption as: (A1 + K) + (A2 + K) + ... + (AN + K) = B1 + B2 + ... + BN , where the length of AN 6= the length of K. A problem may occur with (AN + K) = BN if length of K > length of AN . To fix the problem, we will pad AN such that AN = aN + C, where aN is the remaining plain text letters and C is a random constant letter that allows for the length of AN to equal the length of K. With new adjustment the new method for encryption is: (A1 + K) + (A2 + K) + ... + ((aN + C) + K) = B1 + B2 + ... + BN . BN does not need to be adjusted since its length is dependent on K when encrypted. Since the steps in PART 2 are consistent with PART 1, and the formula for encryption follows A + K = B, then PART 2 is also reversible. Therefore regardless of the plain text’s length, the Solitaire Cipher is reversible. PART 2 Example: To demonstrate PART 2 of the proof, the following example is taken from [8]. Let the encrypted message be U D V M W Q I K Z M. Then convert this message into numbers 21 4 22 13 23 17 9 11 25 12. Let the key be 17 15 8 24 3 10 20 13 1 14, which was found by the Solitaire algorithm. Subtract the message from the key, 21 4 22 13 23 17 9 11 25 12 - 17 15 8 24 3 10 20 13 1 14. The result or original message is 4 15 14 15 20 7 15 24 24 24 using modulo 26 when necessary. By converting the number into letters, the original message reads: D O N O T G O X X X. From the given example, we see that C is X, since the plain text was less than K. Problems with the Cipher: One problem with the cipher lies in its ease of use. As shown in the proof for counting the steps if all four suits are used, it takes an average of 62 moves to find one letter of the key. If the key length is five it will take an average of 310 moves. Doing this by hand consumes a lot of time. 6 Another problem is the cipher can only work if both the sender and receiver have identical decks. The cipher text can be decrypted by an attacker and its message made known to said attacker if they know the solitaire algorithm and the original deck order. If both are known by an attacker then the plain text can be easily found [11]; this means the plain text can be found by an unauthorized user. This will cause a problem because the plain text will be found and its secrets made known. But this issue will not cause a huge problem as long as the original deck order is kept a secret and hidden in a secure place. The major issue with the cipher is its algorithm. Paul Crowley did such a study that found the cipher has repetitions, using all four suits. He is a professional cryptographer with eleven years of experience in creating software for real-world applications. Some of his has college education are in physics, math and computer science [6]. He created a program in Matlab that mimics the Solitaire algorithm. He found that the keys the cipher generates are repetitive. The output of each step of the algorithm is a number from 0 to 25. One would expect successive outputs to be the same around one time in 26 to represent equal probability, but his experiments show that the output rate is closer to one in 22.5. Paul Crowley believes the reason for this bias is when the value of the top card is the same in two successive rounds. This probability of having the top card being the same is around two percent; when this occurs there is a thirty four percent probability the output card will be the same [7]. Since it was proven that the Solitaire Cipher is reversible, if repeats exist then it would be easy for the attacker to decrypt the cipher text. While the percentage is low for keys to be repetitive, this problem is something to keep in mind when using the Solitaire algorithm. Conclusion: Overall the Solitaire Cipher is an effective way to encrypt a message. It does not require any computers or complex math. The complexity is in its algorithm. As explained previously, Bruce Schneier created this cipher for Cryptonomicon. It is still considered a new cipher, but as explained earlier its method is similar to a shift cipher. It is the algorithm that allows the Solitaire Cipher to be unique. The algorithm was proven to take several steps depending on the number of suits used. But as long as the attacker does not know the original order of the cards, then the cipher is close to being unbreakable. There is a chance the algorithm may repeat numbers since there is some bias, but the probability it will have several numbers repeat consistently is low. What was covered was how to create a cipher text using normal playing cards, mathematical proofs of the cipher, and drawbacks of using the Solitaire Cipher. Even though the Cipher had no real world applications, the simplicity of its algorithm questions why it has not been used. 7 References [1] . Lecture 1: Shift ciphers. http://www.math.cornell.edu/~mec/Summer2008/lundell/lecture1.html, 2008. [2] . The solitaire cipher. http://www.bicyclecards.com/news/story/the-solitaire-cipher, 2012. [3] . Caesar cipher. http://blog.jverkamp.com/2014/03/12/caesar-cipher/, 2014. [4] . Prometheus awards. http://lfs.org/awards.shtml, 2014. [5] Bradford Barr. Crypto unplugged: Solitaire. http://8bitsof.me/solitaire.html, 2013. [6] Paul Crowley. Paul crowley: Curriculum vitae. http://www.ciphergoth.org/cv/, 2006. [7] Paul Crowley. Problems with bruce schneier’s ”solitaire”. http://www.ciphergoth.org/crypto/solitaire/, 2013. [8] Deslivres. The solitaire cipher - superstruct instructables series. http://www.instructables.com/id/ The-Solitaire-cipher-Superstruct-Instructables-s/step7/ Deciphering-ciphertext/, . [9] Deslivres. The solitaire cipher - superstruct instructables series. http://www.instructables.com/id/ The-Solitaire-cipher-Superstruct-Instructables-s/, 2010. [10] Mark Flanagan. Neal stephenson. http://contemporarylit.about.com/cs/authors/p/stephenson.htm, 2014. [11] Bruce Schneier. The solitaire encryption algorithm. https://www.schneier.com/solitaire.html, 1999. 8