Slashdot Mirror

← Back to Stories (view on slashdot.org)

Encryption by Hand?

Posted by ryuzaki0 on from the passing-notes-in-algebra-class dept.

Arachn1d writes "A question for all those slashdot math-geeks out there: What's the simplest, but most secure encryption algorithm you can devise or provide a link to that can be carried out with nothing but a pen, some paper and a calculator? Bonus points for any public-key cryptography solutions!" Bruce Schneier developed an encryption algorithm designed to be performed with a deck of cards, but it's rather slow to do for fun. Well, you did say "a calculator", and if we assume a programmable calculator your options probably expand quite a bit...

3 of 77 comments (clear)

  1. Use a code book! by MarkusQ · · Score: 5, Insightful
    1) Use a code book. Something with a concordence is good, though if you have the book in flat text you can easily make a concordence. Then you could write "fungal:17" to mean "staple" if "staple" (the word you intended) occured N words after (for some pre-agreed N) the seventeenth occurance of "fungal". There are a number of cute ways you could encode seventeen, and it's relatively easy to make N vary as well. Since this is "security through obscurity" you might as well have fun with it.

    2) If you are going to be hand writing the messages as well, you may want to use out of band information (letter shapes, mispellings (with & without crossing out, etc.), line breaks, etc.) to either carry information or make it appear that you have hidden information & thus confuse the issue.

    3) Split the message (e.g. every third word, etc.) in interesting ways.

    4) Play Simon-says; send messages that say things you might have said, but that your recipient knows to ignore because they lack some feature.

    Etc., etc. The list is pretty long, and success mostly depends on doing Odd Things the Bad Guys don't expect, and avoiding the Dumb Things that they will see right through.

    Weren't you ever twelve?

    -- MarkusQ

  2. do-it-yourself one time pad by chongo · · Score: 5, Informative
    For a non-public key stream cipher:

    If you allow the addition of dice, say a d20 ...

    Setup by the sender:

    1. Generate a one-time pad by rolling the d20 and writing down the 1's digits (d20 face value mod 10).
    2. Transmit the one-time pad in a secure fashion (use somebody's public key suggestion, hand carry, etc.)
    Setup by the receiver:
    1. Receive the one-time pad from the sender.
    2. Store in a secure place.

    To encrypt:

    1. Convert each plaintext symbol into an alphabet of 100 values (00 thru 99).
    2. For each plaintext digit, remove a digit from the one-time pad and transmit the sum mod 10.
    3. Destroy the used digits of the one-time pad.

    To decrypt:

    1. Receive the cipher text from the sender.
    2. For each digit in the cipher, remove the next digit from the one-time pad and subtract mod 10, from the cipher digit.
    3. Convert the result, pairwise, (00 thru 99 alphabet) into plaintext symbols.
    4. Destroy the used digits of the one-time pad.

    Encrypt example:

    1. Plaintext: Hello
    2. One-time: 9690367034
    3. Alphabet: 0730373740
    4. Transmit: 9320630774

    Decrypt example:

    1. Receive Ciphertext: 9320630774
    2. Receive One-time: 9690367034
    3. Subtract mod 10: 0730373740
    4. Convert to text: Hello

    And yes, the devil in the details is in the secure transmission of the one-time pad (step 2 of sender setup). Key management is never easy. Storage and transmission of one-time pads is one of the reason why this form of crypto is not a realistic choice for most applications. However if you have some way to transmit the one-time pad ahead of time, say visiting the sender ahead of time and dropping off the one-time pad it is not a bad choice.

    --
    chongo (was here) /\oo/\
  3. Even better, use a Q20 by MarkusQ · · Score: 4, Funny

    Even better, if you can get them: a pair of twenty sided quantum-entangled dice. That way, both sender and receiver can extend the pad at need, just by rolling up more numbers.

    The only tricky part is reading the dice without looking at them. There are several ways to do this, but none of them actually work in practice and at least one of them is suspected of causing space-time errosion (& thus you will need to file an Environmental Impact Statement, including the plain text of the message being sent, thus reducing the utility of the system).

    Another problem is keeping the dice cold. They have to be kept very, very cold, and of course this is very very expensive (C = A*exp(K-T)+B*N, where C is cost, K is Boltzman's constant, T is the temp., A and B are arbitrary constants related to local tax laws, and N is undefined).

    But the main advantage of using quantum dice is that it would be too nerdly for words (at least three equations would be required) and you could probably get your picture in some magazine, wearing a white lab coat with coloured lights hitting you from odd angles.

    -- MarkusQ

    P.S. The original post was sound, but if you buy any of this post, I have a startup I'm trying to fund...