As you know, I am a cryptography hobbyist. More specifically, I have an interest in pencil and paper ciphers, also referred to as "hand ciphers" or "field ciphers". Since Bruce Schneier released his Solitaire Cipher for Neal Stephenson's book "Cryptonomicon" (known in the book as "Pontifex"), I have had a real desire to learn hand ciphers with playing cards, that I'll refer to as "card ciphers".

Further, in 1918, John F. Byrne invented a mechanical encryption system that he called "Chaocipher". He released an autobiography titled "The Silent Years", of which he describes the system without the algorithm, and releases a series of exhibits of ciphertexts for cryptography experts to break.

Unfortunately, because he didn't release the algorithm I think, no one took his encryption system seriously, despite his best efforts to get the War Department to use it. It wasn't until 2010 that the widow of John F. Byrne's son released the Chaocipher papers, mechanics, and artifacts to the National Cryptologic Museum in Maryland, that we finally fully understood the algorithm.

In this post, I am going to describe the algorithm using playing cards, whereas John F. Byrne's original invention required two circular rotating disks. Another hindering aspect to Byrne's invention was the mechanical engineering required. At best, the device is clunky and awkward to use. However, using playing cards, I think you'll find the system much more elegant, easier to carry around, and has the advantage of not being incriminating that you are carrying a cryptographic device. Playing cards were certainly available in the early 1900s, so it's unfortunate that he didn't think of using playing cards as the primary mechanism for the cipher.

**Setup**

The Chaocipher uses the concept of lookup tables to encrypt or decrypt a message. This is done by maintaining two separate alphabets. When encrypting a message, a character is located in the plaintext alphabet, and it's location is noted. Then, the ciphertext character is identified by locating the character in the ciphertext alphabet at the same position. After the ciphertext character has been recorded, both the plaintext and ciphertext alphabets are permuted. We'll get into those details in a moment, but first, let's set aside some definitions.

Because John F. Byrne's original invention required two circular disks, there are two definitions that you should be aware of:

- Zenith: The top of the wheel or circle. In our case, this will be the top of the pile.
- Nadir: The bottom of the wheel or circle. In our case, this will be in the middle of the pile (the 14th of 26 cards).
- Deck: All 52 cards in a standard poker deck.
- Pile: Either the red playing cards (Diamonds and Hearts) dedicated to the ciphertext alphabet, or the black playing cards (Clubs and Spades) dedicated to the plaintext alphabet. Each pile is exactly 26 cards.
- Left alphabet: The red pile of playing cards containing the ciphertext characters A-Z.
- Right alphabet: The black pile of playing cards containing the plaintext characters A-Z.

Now that we've set that aside, we need to create some definitions so we know exactly which playing card in every suit is assigned to which English alphabet character. I've assigned them as follows:

Hearts | and | Spades | Clubs | and | Diamonds | [/td] | |||||||||||||||||||

A | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | J | Q | K | A | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 | J | Q | K |

A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z |

On a side note, if you wish to program this in software, and you populate an array with the values of 1 through 52 to represent each card in the deck, it's standard to use 1-13 for the Clubs, 14-26 for the Diamonds, 27-39 for the Hearts, and 40-52 for the Spades ("bridge order").

**Algorithm**

The algorithm can comprise of a standard "simple" set of steps, or using a more advanced "takeoff pattern" for enciphering and deciphering the message. First, let me discuss the simple pattern, then I'll look at the more advanced takeoff pattern.

An overview of the algorithm could be described as follows:

- Determine the ciphertext character according to the plaintext character (and vice versa for decryption).
- Permute the red pile.
- Permute the black pile.

**Enciphering Plaintext**

Looking at it in closer detail, suppose I had the following red and black piles (using "+" to identify the zenith, and "*" to identify the nadir (sorry for the screwey formatting, but ZetaBoards has the strangest BBCode I've seen)):

Code: Select all

```
____________+______________________________________*
__red[space](ct):[space]7D[space]3H[space]TH[space]2H[space]JD[space]AD[space]8H[space]8D[space]5H[space]TD[space]QH[space]9H[space]JH[space]2D[space]6D[space]KH[space]QD[space]9D[space]5D[space]KD[space]AH[space]7H[space]6H[space]4H[space]4D[space]3D
black[space](pt):[space]TC[space]3S[space]JS[space]2C[space]5S[space]AC[space]4C[space]KC[space]9S[space]TS[space]9C[space]6S[space]7S[space]8S[space]QS[space]QC[space]7C[space]JC[space]4S[space]3C[space]8C[space]AS[space]2S[space]5C[space]KS[space]6C
```

Code: Select all

```
____________+______________________________________*________________________↓
__red[space](ct):[space]7D[space]3H[space]TH[space]2H[space]JD[space]AD[space]8H[space]8D[space]5H[space]TD[space]QH[space]9H[space]JH[space]2D[space]6D[space]KH[space]QD[space]9D[space]5D[space]KD[space]AH[space]|7H|[space]6H[space]4H[space]4D[space]3D
black[space](pt):[space]TC[space]3S[space]JS[space]2C[space]5S[space]AC[space]4C[space]KC[space]9S[space]TS[space]9C[space]6S[space]7S[space]8S[space]QS[space]QC[space]7C[space]JC[space]4S[space]3C[space]8C[space]|AS|[space]2S[space]5C[space]KS[space]6C
```

**Permuting the Red and Black Piles**

Now that we've discovered our plaintext and ciphertext characters, we need to cut the deck, such that both the plaintext and ciphertext characters are at the zenith of each pile. The resulting piles would then be as follows:

Code: Select all

```
____________+______________________________________*
__red[space](ct):[space]7H[space]6H[space]4H[space]4D[space]3D[space]7D[space]3H[space]TH[space]2H[space]JD[space]AD[space]8H[space]8D[space]5H[space]TD[space]QH[space]9H[space]JH[space]2D[space]6D[space]KH[space]QD[space]9D[space]5D[space]KD[space]AH
black[space](pt):[space]AS[space]2S[space]5C[space]KS[space]6C[space]TC[space]3S[space]JS[space]2C[space]5S[space]AC[space]4C[space]KC[space]9S[space]TS[space]9C[space]6S[space]7S[space]8S[space]QS[space]QC[space]7C[space]JC[space]4S[space]3C[space]8C
```

**Permuting the Red Pile**

Permuting the red pile follows the following steps:

- Remove the zenith + 1 card (2nd card) from the red pile.
- Place the removed card into the nadir of the red pile (will be the 14th card).

Code: Select all

```
____________+______________________________________*
__red[space](ct):[space]7H[space]..[space]4H[space]4D[space]3D[space]7D[space]3H[space]TH[space]2H[space]JD[space]AD[space]8H[space]8D[space]5H[space]TD[space]QH[space]9H[space]JH[space]2D[space]6D[space]KH[space]QD[space]9D[space]5D[space]KD[space]AH
____________+______________________________________*
__red[space](ct):[space]7H[space]4H[space]4D[space]3D[space]7D[space]3H[space]TH[space]2H[space]JD[space]AD[space]8H[space]8D[space]5H[space]..[space]TD[space]QH[space]9H[space]JH[space]2D[space]6D[space]KH[space]QD[space]9D[space]5D[space]KD[space]AH
____________+______________________________________*
__red[space](ct):[space]7H[space]4H[space]4D[space]3D[space]7D[space]3H[space]TH[space]2H[space]JD[space]AD[space]8H[space]8D[space]5H[space]6H[space]TD[space]QH[space]9H[space]JH[space]2D[space]6D[space]KH[space]QD[space]9D[space]5D[space]KD[space]AH
```

**Permuting the Black Pile**

Permuting the black pile follows the following steps:

- Take the zenith (top) card and place it at the bottom of the black pile.
- Remove the zenith + 2 card (3rd card) from the black pile.
- Place the removed card into the nadir of the black pile (will be the 14th card).

Code: Select all

```
____________+______________________________________*
black[space](pt):[space]2S[space]5C[space]KS[space]6C[space]TC[space]3S[space]JS[space]2C[space]5S[space]AC[space]4C[space]KC[space]9S[space]TS[space]9C[space]6S[space]7S[space]8S[space]QS[space]QC[space]7C[space]JC[space]4S[space]3C[space]8C[space]AS
```

Code: Select all

```
____________+______________________________________*
black[space](pt):[space]2S[space]5C[space]..[space]6C[space]TC[space]3S[space]JS[space]2C[space]5S[space]AC[space]4C[space]KC[space]9S[space]TS[space]9C[space]6S[space]7S[space]8S[space]QS[space]QC[space]7C[space]JC[space]4S[space]3C[space]8C[space]AS
____________+______________________________________*
black[space](pt):[space]2S[space]5C[space]6C[space]TC[space]3S[space]JS[space]2C[space]5S[space]AC[space]4C[space]KC[space]9S[space]TS[space]..[space]9C[space]6S[space]7S[space]8S[space]QS[space]QC[space]7C[space]JC[space]4S[space]3C[space]8C[space]AS
____________+______________________________________*
black[space](pt):[space]2S[space]5C[space]6C[space]TC[space]3S[space]JS[space]2C[space]5S[space]AC[space]4C[space]KC[space]9S[space]TS[space]KS[space]9C[space]6S[space]7S[space]8S[space]QS[space]QC[space]7C[space]JC[space]4S[space]3C[space]8C[space]AS
```

Code: Select all

```
____________+______________________________________*
__red[space](ct):[space]7H[space]4H[space]4D[space]3D[space]7D[space]3H[space]TH[space]2H[space]JD[space]AD[space]8H[space]8D[space]5H[space]6H[space]TD[space]QH[space]9H[space]JH[space]2D[space]6D[space]KH[space]QD[space]9D[space]5D[space]KD[space]AH
black[space](pt):[space]2S[space]5C[space]6C[space]TC[space]3S[space]JS[space]2C[space]5S[space]AC[space]4C[space]KC[space]9S[space]TS[space]KS[space]9C[space]6S[space]7S[space]8S[space]QS[space]QC[space]7C[space]JC[space]4S[space]3C[space]8C[space]AS
```

- Find the plaintext character in the black pile.
- Record the position of this card in the black pile.
- Find the ciphertext character in the red pile by counting to that position.
- Bring the plaintext character to the zenith by cutting the deck at that position.
- Bring the ciphertext character to the zenith by cutting the deck at that position.
- Permute the red pile:
- Remove the zenith + 1 card from the red pile (2nd card).
- Insert the removed card into the nadir of the red pile (14th location).

- Permute the black pile:
- Move the card at the zenith to the bottom of the black pile.
- Remove the zenith + 2 card from the black pile (3rd card).
- Insert the removed card into the nadir of the black pile (14th location).

**Permuting with a Takeoff Pattern**

John F. Byrne described a "takeoff pattern" in which the left and right alphabets are used for

*both*the plaintext and ciphertext characters. In the simple method, the right alphabet (black pile) is used exclusively for all plaintext characters in the message. So, if the plaintext message was "ATTACKATDAWN", then you could think of using the right pile 12 times, or "RRRRRRRRRRRR" ("BBBBBBBBBBBB" if we're thinking "black pile").

However, suppose you would like to use both of the red and black piles (left and right alphabets respectively) for your plaintext message. Then you could create a "takeoff pattern" for encrypting your text. Suppose you used the following takeoff pattern: "RLRRLLRRRLLL" (right, left, right, right, left, left, right, right, right, left, left, left). This means that you would use the right alphabet for the first plaintext character, then the left alphabet for the second plaintext character, the right alphabet for the 3rd, the right alphabet for the 4th, etc. Or, if using playing cards, you could think of the same takeoff pattern as "BRBBRRBBBRRR" (black, red, black, black, red, red, black, black, black, red, red, red).

Personally, I don't care for the takeoff pattern for two main reasons: first, the takeoff pattern needs to be communicated with the key. This may not be a problem if code books are distributed among field agents, as the takeoff pattern can be printed on the same page as the key. However, this does mean that the takeoff pattern needs to be as long as the key itself.

The second reason I don't care for the take of pattern, is due to the unnecessary complexity of the takeoff pattern itself, it greatly increases the chances to make a mistake. Already, the sender and recipient will be going back and forth frequently between the red and black pile of cards. By creating a takeoff pattern, this makes that back and forth more frequent. Further, if you are using the 3rd of 5 "L"s in a stream, but you think you are on the 4th "L", then the encryption or decryption will be wrong from there out. Chaocipher doesn't have the ability to correct itself from a mistake.

For these two reasons, I suggest that when using playing cards with the Chaocipher, that instead you

*always*use the black pile for the plaintext characters, and the red pile for the ciphertext characters. Then, the only thing that you need to keep track of is the characters in the message itself.

**Keying the Deck**

Before executing the Chaocipher algorithm, the deck should be "keyed". This refers to the order of the deck. Both the sender and the recipient must have the same deck order in order to successfully encrypt and decrypt a message. The deck can be keyed by either a sufficient set of shuffling and cutting, or keyed with a key phrase. First, let's look at thoroughly shuffling and cutting a full 52-card deck.

**Keying with Shuffling and Cutting**

Suppose after thoroughly shuffling and cutting the deck, the deck order face-up is as follows:

Code: Select all

```
|<-[space]top[space]----------------------------------------------------------------------------------------------------------------------------------------[space]bottom[space]->|
3H[space]8D[space]QH[space]4C[space]6S[space]QS[space]8C[space]4D[space]9S[space]5D[space]8S[space]QC[space]3C[space]6H[space]JS[space]7H[space]5S[space]TS[space]QD[space]7C[space]4H[space]JC[space]KD[space]TH[space]3S[space]KS[space]6D[space]9C[space]9D[space]2C[space]JD[space]2H[space]2D[space]6C[space]8H[space]KC[space]9H[space]JH[space]7S[space]KH[space]AS[space]AH[space]5C[space]AD[space]TC[space]7D[space]4S[space]3D[space]2S[space]TD[space]5H[space]AC
```

After the full deck has been dealt into two face-down piles, turn the piles over, so they are face-up. Using the standard Chaocipher tokens of "+" to identify the zenith, or top of the pile, and the "*" to identify the nadir, or 14th card in the pile, your two piles should be in the following order:

Code: Select all

```
____________+______________________________________*
__red[space](ct):[space]3H[space]8D[space]QH[space]4D[space]5D[space]6H[space]7H[space]QD[space]4H[space]KD[space]TH[space]6D[space]9D[space]JD[space]2H[space]2D[space]8H[space]9H[space]JH[space]KH[space]AH[space]AD[space]7D[space]3D[space]TD[space]5H
black[space](pt):[space]4C[space]6S[space]QS[space]8C[space]9S[space]8S[space]QC[space]3C[space]JS[space]5S[space]TS[space]7C[space]JC[space]3S[space]KS[space]9C[space]2C[space]6C[space]KC[space]7S[space]AS[space]5C[space]TC[space]4S[space]2S[space]AC
```

Code: Select all

```
____________+_________________________*
_left[space](ct):[space]C[space]U[space]L[space]Q[space]R[space]F[space]G[space]Y[space]D[space]Z[space]J[space]S[space]V[space]X[space]B[space]O[space]H[space]I[space]K[space]M[space]A[space]N[space]T[space]P[space]W[space]E
right[space](pt):[space]Q[space]F[space]L[space]U[space]I[space]H[space]Y[space]P[space]K[space]E[space]J[space]T[space]X[space]C[space]M[space]V[space]O[space]S[space]Z[space]G[space]A[space]R[space]W[space]D[space]B[space]N
```

**Keying with a Key Phrase**

Already knowing the algorithm prepares you for using a key phrase to key the deck. Basically, you'll just use the characters in your key phrase as the plaintext message, using the black pile to find key key phrase character, just as you would if encrypting a message. Both piles will be permuted, as normal. The only difference is that you will be not be recording the ciphertext characters. Further, you will start with alphabetized piles.

Both piles will start with the following order:

Code: Select all

```
____________+______________________________________*
__red[space](ct):[space]AH[space]2H[space]3H[space]4H[space]5H[space]6H[space]7H[space]8H[space]9H[space]TH[space]JH[space]QH[space]KH[space]AD[space]2D[space]3D[space]4D[space]5D[space]6D[space]7D[space]8D[space]9D[space]TD[space]JD[space]QD[space]KD
black[space](pt):[space]AS[space]2S[space]3S[space]4S[space]5S[space]6S[space]7S[space]8S[space]9S[space]TS[space]JS[space]QS[space]KS[space]AC[space]2C[space]3C[space]4C[space]5C[space]6C[space]7C[space]8C[space]9C[space]TC[space]JC[space]QC[space]KC
```

Code: Select all

```
Locate[space]"C"[space]in[space]the[space]black[space]pile:
____________+______↓______________________________*
__red[space](ct):[space]AH[space]2H[space]|3H|[space]4H[space]5H[space]6H[space]7H[space]8H[space]9H[space]TH[space]JH[space]QH[space]KH[space]AD[space]2D[space]3D[space]4D[space]5D[space]6D[space]7D[space]8D[space]9D[space]TD[space]JD[space]QD[space]KD
black[space](pt):[space]AS[space]2S[space]|3S|[space]4S[space]5S[space]6S[space]7S[space]8S[space]9S[space]TS[space]JS[space]QS[space]KS[space]AC[space]2C[space]3C[space]4C[space]5C[space]6C[space]7C[space]8C[space]9C[space]TC[space]JC[space]QC[space]KC
Bring[space]both[space]characters[space]to[space]zenith:
____________+______________________________________*
__red[space](ct):[space]3H[space]4H[space]5H[space]6H[space]7H[space]8H[space]9H[space]TH[space]JH[space]QH[space]KH[space]AD[space]2D[space]3D[space]4D[space]5D[space]6D[space]7D[space]8D[space]9D[space]TD[space]JD[space]QD[space]KD[space]AH[space]2H
black[space](pt):[space]3S[space]4S[space]5S[space]6S[space]7S[space]8S[space]9S[space]TS[space]JS[space]QS[space]KS[space]AC[space]2C[space]3C[space]4C[space]5C[space]6C[space]7C[space]8C[space]9C[space]TC[space]JC[space]QC[space]KC[space]AS[space]2S
Permute[space]the[space]red[space]pile.[space]Remove[space]the[space]zenith[space]+[space]1[space]card:
____________+______________________________________*
__red[space](ct):[space]3H[space]..[space]5H[space]6H[space]7H[space]8H[space]9H[space]TH[space]JH[space]QH[space]KH[space]AD[space]2D[space]3D[space]4D[space]5D[space]6D[space]7D[space]8D[space]9D[space]TD[space]JD[space]QD[space]KD[space]AH[space]2H
black[space](pt):[space]3S[space]4S[space]5S[space]6S[space]7S[space]8S[space]9S[space]TS[space]JS[space]QS[space]KS[space]AC[space]2C[space]3C[space]4C[space]5C[space]6C[space]7C[space]8C[space]9C[space]TC[space]JC[space]QC[space]KC[space]AS[space]2S
____________+______________________________________*
__red[space](ct):[space]3H[space]5H[space]6H[space]7H[space]8H[space]9H[space]TH[space]JH[space]QH[space]KH[space]AD[space]2D[space]3D[space]..[space]4D[space]5D[space]6D[space]7D[space]8D[space]9D[space]TD[space]JD[space]QD[space]KD[space]AH[space]2H
black[space](pt):[space]3S[space]4S[space]5S[space]6S[space]7S[space]8S[space]9S[space]TS[space]JS[space]QS[space]KS[space]AC[space]2C[space]3C[space]4C[space]5C[space]6C[space]7C[space]8C[space]9C[space]TC[space]JC[space]QC[space]KC[space]AS[space]2S
Insert[space]the[space]card[space]into[space]the[space]nadir:
____________+______________________________________*
__red[space](ct):[space]3H[space]5H[space]6H[space]7H[space]8H[space]9H[space]TH[space]JH[space]QH[space]KH[space]AD[space]2D[space]3D[space]4H[space]4D[space]5D[space]6D[space]7D[space]8D[space]9D[space]TD[space]JD[space]QD[space]KD[space]AH[space]2H
black[space](pt):[space]3S[space]4S[space]5S[space]6S[space]7S[space]8S[space]9S[space]TS[space]JS[space]QS[space]KS[space]AC[space]2C[space]3C[space]4C[space]5C[space]6C[space]7C[space]8C[space]9C[space]TC[space]JC[space]QC[space]KC[space]AS[space]2S
Permute[space]the[space]black[space]pile.[space]Move[space]the[space]top[space]card[space]to[space]the[space]bottom:
____________+______________________________________*
__red[space](ct):[space]3H[space]5H[space]6H[space]7H[space]8H[space]9H[space]TH[space]JH[space]QH[space]KH[space]AD[space]2D[space]3D[space]4H[space]4D[space]5D[space]6D[space]7D[space]8D[space]9D[space]TD[space]JD[space]QD[space]KD[space]AH[space]2H
black[space](pt):[space]4S[space]5S[space]6S[space]7S[space]8S[space]9S[space]TS[space]JS[space]QS[space]KS[space]AC[space]2C[space]3C[space]4C[space]5C[space]6C[space]7C[space]8C[space]9C[space]TC[space]JC[space]QC[space]KC[space]AS[space]2S[space]3S
Remove[space]the[space]zenith[space]+[space]2[space]card:
____________+______________________________________*
__red[space](ct):[space]3H[space]5H[space]6H[space]7H[space]8H[space]9H[space]TH[space]JH[space]QH[space]KH[space]AD[space]2D[space]3D[space]4H[space]4D[space]5D[space]6D[space]7D[space]8D[space]9D[space]TD[space]JD[space]QD[space]KD[space]AH[space]2H
black[space](pt):[space]4S[space]5S[space]..[space]7S[space]8S[space]9S[space]TS[space]JS[space]QS[space]KS[space]AC[space]2C[space]3C[space]4C[space]5C[space]6C[space]7C[space]8C[space]9C[space]TC[space]JC[space]QC[space]KC[space]AS[space]2S[space]3S
____________+______________________________________*
__red[space](ct):[space]3H[space]5H[space]6H[space]7H[space]8H[space]9H[space]TH[space]JH[space]QH[space]KH[space]AD[space]2D[space]3D[space]4H[space]4D[space]5D[space]6D[space]7D[space]8D[space]9D[space]TD[space]JD[space]QD[space]KD[space]AH[space]2H
black[space](pt):[space]4S[space]5S[space]7S[space]8S[space]9S[space]TS[space]JS[space]QS[space]KS[space]AC[space]2C[space]3C[space]4C[space]..[space]5C[space]6C[space]7C[space]8C[space]9C[space]TC[space]JC[space]QC[space]KC[space]AS[space]2S[space]3S
Insert[space]the[space]card[space]into[space]the[space]nadir:
____________+______________________________________*
__red[space](ct):[space]3H[space]5H[space]6H[space]7H[space]8H[space]9H[space]TH[space]JH[space]QH[space]KH[space]AD[space]2D[space]3D[space]4H[space]4D[space]5D[space]6D[space]7D[space]8D[space]9D[space]TD[space]JD[space]QD[space]KD[space]AH[space]2H
black[space](pt):[space]4S[space]5S[space]7S[space]8S[space]9S[space]TS[space]JS[space]QS[space]KS[space]AC[space]2C[space]3C[space]4C[space]6S[space]5C[space]6C[space]7C[space]8C[space]9C[space]TC[space]JC[space]QC[space]KC[space]AS[space]2S[space]3S
Repeat[space]for[space]"H",[space]"A",[space]"O",[space]"C",[space]"I",[space]"P",[space]"H",[space]"E",[space]&[space]"R".
```

Code: Select all

```
____________+______________________________________*
__red[space](ct):[space]6D[space]JH[space]7D[space]8D[space]9D[space]2D[space]KH[space]JD[space]QD[space]2H[space]3H[space]6H[space]7H[space]8H[space]9H[space]TH[space]QH[space]AD[space]KD[space]AH[space]TD[space]3D[space]4H[space]5H[space]4D[space]5D
black[space](pt):[space]4S[space]AS[space]3S[space]JS[space]5S[space]7S[space]9S[space]QS[space]AC[space]2C[space]3C[space]4C[space]6S[space]2S[space]6C[space]8S[space]7C[space]8C[space]KS[space]TS[space]9C[space]TC[space]JC[space]QC[space]KC[space]5C
```

**Enhancements**

**Initialization Vectors**

One thing that we have learned with modern computer encryption primitives is to prepend initialization vectors to the ciphertext. The initialization vector must be random and unpredictable. However, its function is to create a unique state on the system before the plaintext is encrypted or before the ciphertext is decrypted. The point is to modify a secret state (our key, or pile orders) while ignoring the output. By adding an initialization vector to the system, we limit the effectiveness of attacks on the ciphertext. For example, if the initialization vector is 26 characters long (one character for each character in the English alphabet, or 26! total combinations), then 25 collisions on one initialization vector to launch an attack on the state (the last element can be determined by process of elimination).

Unfortunately, a 26-character initialization vector is not very practical to use by hand. Knowing that it is standard for field agents to break up their messages into blocks of five characters, it would seems reasonable to use a 5-character initialization vector. However, this doesn't seem to mix the state well enough.

For example, consider using an unkeyed deck to encrypt the text "AARON" 10 times with different initialization vectors at each round:

Code: Select all

```
BSTPR[space]VUYVS
LOKJY[space]WJXTR
YFTLN[space]WJLHQ
UAOZP[space]UTVIV
YXTXU[space]VILUH
WGQCJ[space]UTLUE
LYPYZ[space]WHYSS
QHESJ[space]VHKEQ
CLZRN[space]WVMRE
FEKEQ[space]VUKDR
```

Code: Select all

`F:1,[space]L:1,[space]G:3,[space]K:3,[space]T:4,[space]I:7,[space]J:7,[space]U:7,[space]H:8,[space]W:14,[space]V:45`

Code: Select all

`A:1,[space]I:1,[space]U:1,[space]V:1,[space]X:1,[space]Z:1,[space]T:2,[space]E:3,[space]G:3,[space]N:5,[space]O:5,[space]Q:5,[space]B:6,[space]C:6,[space]F:7,[space]D:10,[space]S:11,[space]R:13,[space]P:18`

**PKCS#7 Padding**

As mentioned, it has become a field cipher standard to separate your ciphertext into blocks of 5 characters. This means that if your message is not a multiple of 5 characters, to add padding at the end until it is. However, when the recipient decrypts the message, it should be unambiguous exactly what is padding, and what is not. The padding in PKCS#7 makes this possible.

We can define this easily enough be determining exactly how many characters must be added to pad the message into multiples of 5 characters. So, we'll count:

- If the message needs only one character appended, append a single "V".
- If the message needs two characters appended, append "WW".
- If the message needs three characters appended, append "XXX".
- If the message needs four characters appended, append "YYYY".
- If the message is already a multiple of five characters, append "ZZZZZ".

To illustrate this, let's take an unkeyed deck, add a 5-character initialization vector, and encrypt the message "ATTACK AT DAWN". This message is only 12 characters, so I would need to add "XXX" at the end of the message according to the definition above. This my message becomes (removing spaces) "ATTACKATDAWNXXX". Adding the 5-character initialization vector "KEQPN" then encrypting, I get the following result:

Code: Select all

```
plaintext:[space]ATTACK[space]AT[space]DAWN
initialization[space]vector:[space]KEQPN
padding:[space]XXXX
ciphertext:[space]KEQPN[space]XLHTT[space]PRUCA[space]FHUEC
```

**Conclusion**

This has been a lengthy post, and I commend you for reading this far. The Chaocipher is an interesting algorithm, and I'll be studying its properties as time moves forward. I think the Chaocipher fits well as playing card cipher, and gets as close to "bare metal" as you can without designing an actual mechanical mechanism with two rotating disks and removable character tiles. Playing cards are easy to carry around with you in your pocket, so its portability is nice.

Further, we can increase the strength of the algorithm, as mentioned, by adding an initialization vector at the start of the message, and by adding padding, we can stick with the standard of 5-character blocks in our ciphertext. Of course, this means adding 6-10 additional characters, but for a 160-character message, this doesn't seem too cumbersome.

There are some things that I have observed while using playing cards for the cipher hardware. First, encrypting and decrypting are slow. It takes me about a minute to encrypt/decrypt two-three characters. So, for a 160-character message, it could take the better part of an hour to work through.

Second, due to its slow speed, you may get tempted to try and speed things up a bit, so you can work through the message more quickly. However, this drastically opens you up to mistakes. I was encrypting the plaintext "JELLY LIKE ABOVE THE HIGHWIRE SIX QUAKING PACHYDERMS KEPT THE CLIMAX OF THE EXTRAVAGANZA IN A DAZZLING STATE OF FLUX" over and over. After about 10 ciphertexts, I wrote a Python script to automate the process for me. Only 1 of the ciphertexts was 100% accurate, character-for-character. And, unfortunately, 1 ciphertext was 0% accurate, with every character in the message incorrect. However, on the other 8 messages, I seemed to maintain accuracy for about 2/3 of the characters on most messages. Some others, I made a mistake more early on. Regardless, the point is, I was making frequent mistakes, despite my best effort to not do so. Only 1 out of 10 ciphertexts would decrypt cleanly. It might be worth having two decks, one for producing the ciphertext character, and one for double-checking your work. Of course, this slows you down further, but could be doable for minimizing mistakes.

However, the Chaocipher with playing cards is a fun cipher to work, and easy once you get the hang of it. I would recommend using plastic playing cards, such as the ones from Kem, Copag, or Bicycle Prestige. This way, the cards don't get gummed up like paper cards, are washable, last longer due to their extra durability, and overall, just are a better feeling playing card.

If you work the Chaocipher with playing cards, let me know what you think.