flak rss random

RC40 card cipher

The Solitaire cipher is perhaps the best known encryption algorithm implemented with a deck of cards. Ignoring security, it has a few drawbacks. It’s pretty complicated. I can never quite remember the rules. Sure, with practice it’s possible to memorize, but ideally we want something easy to teach. It’s also pretty slow. Even with practice, the shuffling and cutting manipulations take time.

Critically, in this modern age of bitcoins and twitter handles, the supported character set is also a bit limited. Letters only. If we need to transmit a message like “The password is Hunter2.” that could be trouble. Oh, and no spaces.


Maybe we can do better?

Presenting the RC40 cipher. It’s based on RC4. RC4 has lost some of its luster recently, but a few words of praise. It’s amazingly simple. You can fit a C implementation into a single tweet. Unlike nearly every other conventional cipher, it doesn’t require any advanced bit twiddling tricks. Just some easy array swaps. It’s not perfect, but it works way better than one might imagine just looking at the description. Easy to perform, easy to memorize steps are just what we’re looking for.

The core of RC4 is an array of 256 bytes, one of each value. If we cut that back to 40 values, we can represent it with a deck of cards. There’s also two index variables, for which we might use a penny and nickel. Or a paperclip and balled up gum wrapper. Just not two monopoly pieces. That would be suspicious.

Why 40? Because it’s easier for me to work in base ten. As we’ll see, for most operations, we can separate the suit from the face value, so any multiple of four works, but ten is bit simpler. Crucially, 40 is enough to handle a variety of messages, including email addresses and bitcoin addresses and just about anything else you’d like encode.

40 characters is enough for 26 letters, 10 numbers, and 4 punctuation marks. For punctuation, we choose the essential period, question mark, and space. Plus “shift”. This gives us upper case, plus a host of other symbols if we choose to allow shifted numbers. By convention, two shifts in a row are interpreted as caps lock. This gives us an efficient, flexible encoding to faithfully represent most messages.

How do we encode “The password is Hunter2.“?

(shift)the password is (shift)hunter2.

Seems less likely to be misinterpreted, no? How do we encode “Burrito SALE 2 @ $7.99“? (Not even going to try this one in Solitaire.)

(shift)burrito (shift)(shift)sale(shift)(shift) 2 (shift)2 (shift)47.99

And besides all that, given the origins of our cipher, RC40 is a pretty sick name. It’s got to be 40.

We use the number cards and aces for one. The face cards can be set aside. The value of the card is the face value, plus 10 times suit. 0, 1, 2, 3 for clubs, diamonds, hearts, and spades. For people who don’t play bridge, this order is conveniently alphabetical. This gives us the numbers 1 through 40.

Now that we have a card to represent each of our 5.32 bit bytes (I believe the PDP-7 used 5.32 bit bytes. Or was it the PDP-8?), we’re ready to execute the RC40 algorthm. It’s exactly the same as the RC4 algorithm, except every instance of 256 is replaced by 40. Simple, no?

Detailed instructions for generating the keystream. Assuming the cards are laid out in four rows on the table, using a penny and nickel. Advance the penny one card. Read that card and advance the nickel that many places. Swap the cards under the coins. Read the cards under the coins and add the two values. Output one keystream byte. 20 GOTO 10.

Posted 10 Feb 2017 14:27 by tedu Updated: 10 Feb 2017 14:27
Tagged: gadget security