15

Some ciphers are talked about at “Is there a secure cryptosystem that can be performed mentally?”, but (at the time of writing) I don't see an answer.

Are they strong enough, or are non-computer ciphers more or less just a toy and one should abandon using them for practical purposes?

Community
  • 1
Smit Johnth
  • 1,681
  • 4
  • 17
  • 27

3 Answers3

11

"Strong enough" is a broad term. Some things that you need to keep in mind are entropy size and cryptanalysis. "Strong ciphers" are ciphers that have shown to have enough entropy to withstand practical attacks over time from public scrutiny.

With that said, the Solitaire cipher has a keyspace of roughly 238 bits. By comparison, many SSL keys on the internet are 128 bit AES. Distributed.net is currently working on cracking a 72 bit key, via brute force, at a pace of about 300 billion keys per second, and they have well over 100 years before the keyspace is fully exhausted.

So, for the Solitaire cipher to not be taken seriously, it needs to show practical weaknesses outside of brute force searching. So far, the only weakness that has been demonstrated is that the output has a bias of 22.5:1 rather than 26:1 pure random output would have. This isn't severe enough to mount a practical attack.

As such, until other attacks are made known, to Solitaire cipher is a "strong" hand cipher, that doesn't have NSA influence, can be used without incriminating tools and is easy to learn and remember.

Aaron Toponce
  • 111
  • 1
  • 2
2

One Time Pad. It has some serious drawbacks of practicality, but most of these are only really drawbacks in a modern digital world. If your use case is short handwritten messages between two people, the drawbacks are likely not a concern.

It's also unbreakable if done correctly, and straightforward to implement with pen and paper.

Ben Hershey
  • 159
  • 5
  • Alright, I suppose we can include an OTP, but then you'd have to also write down the major drawback of the cipher. Just saying "short messages" is understating the issue if you ask me. I mean, for a very strong (almost impossible to remember) key of 128 bits you can get about 18 characters in ASCII or 25 characters for a 32-character sized alphabet. So basically you need a codebook. – Maarten Bodewes Jan 17 '23 at 00:58
  • 1
    @MaartenBodewes There is a pen & paper tag for this question. So writing down is within scope. As it has been for the last 100 years that people have used OTPs :-) – Paul Uszak Jan 17 '23 at 03:44
  • touché, I guess I assumed more or less that the algorithm was pen and paper rather than the key. – Maarten Bodewes Jan 17 '23 at 08:18
2

You can implement a linear feedback shift register using nothing but a series of coins. Define 1 to be heads, 0 for tails. Line them up in to a series 128 coins in length. Then follow the algorithm exactly as you would on a computer.

From this basic generator, you can construct a self-shrunk generator. Self-shrinking generators have somewhat suspect security. You'd probably be fine for a pencil and paper scheme because you can't generate enough ciphertext to run many of the attacks.

The problems are that it is very laborious to encrypt even a small message. Worse, a mistake anywhere in the process will probably completely destroy the security of the scheme.

I have to agree with @D.W. here. This is probably among the better suggestions for a pencil and paper cipher and yet it still poor.

Secure cryptography just requires too much (tedious!) work to be reliably done by hand.

Simon Johnson
  • 3,216
  • 16
  • 20