Presentation is loading. Please wait.

Presentation is loading. Please wait.

Solitaire CRyptography Applications Bistro 8 April 2004.

Published byJeffry Horton Modified over 9 years ago

Similar presentations

Presentation on theme: "Solitaire CRyptography Applications Bistro 8 April 2004."— Presentation transcript:

1 Solitaire CRyptography Applications Bistro 8 April 2004

2 Tuesday: –High-tech crypto with sophisticated, expensive equipment using the principles of quantum mechanics to solve a problem most people don’t have Today: –Low-tech crypto with ordinary, inexpensive equipment using the principles of shuffling to solve a problem most people don’t have

3 Solitaire Output-feedback mode stream cipher Designed by Bruce Schneier in 1999 Implemented using a deck of cards Featured in Neal Stephenson’s novel Cryptonomicon

4 Tin-foil hat time You want to communicate securely with other people You don’t want the secret police to be able to decode your messages You don’t want to have to keep around incriminating evidence, such as a computer with PGP You want to be able to do this without electricity

5 Requirements Cannot rely on security-through-obscurity Must be secure even against a well-funded adversary Must be simple enough that someone can remember it Must not require incriminating equipment Must be entertaining enough to go in a Neal Stephenson novel

6 Overview of Solitaire The key consists of a shuffled deck, with two jokers: A and B A sequence of cuts and rearrangements generates a pseudo-random keystream The keystream is added to the plaintext, modulo 26, to encrypt The keystream is subtracted from the ciphertext to decrypt

7 The Algorithm 1.Move the A-joker one card down 2.Move the B-joker two cards down 3.Perform the triple-cut 4.Perform a count-cut, using the card on the bottom to count with 5.Find the output card, using the card on the top to count with

8 1. Moving the A joker If the joker is on the bottom, move it to one below the top card 99 22 66 *A*A 10  9 99 22 *A 66 10  9

9 2. Moving the B joker If the joker is on the bottom, wrap around like we did with the A joker 22 88 JJ *B*B 33 Q 22 88 Q JJ 33 *B

10 AA 3. The Triple-Cut AA AA AA AA *B AA AA AA 6 *A AA AA AA 22 AA AA AA 22 *B AA AA AA 6 *A AA AA AA AA AA

11 4. The Count Cut 55 55 55 55 JJ 55 55 55 55 55 55 55 55 55 55 3 55 55 55 55 55 JJ 55 55 55 55 55 3 55 55 55 55 JJ 55  = 0 + n  = 13 + n = 26 + n  = 39 + n *A = *B = 53

12 5. Finding the output card 77 55 55 55 JJ 55 22 JJ 55 55 55 55 55 55 55 3 55  = 0 + n  = 13 + n = 26 + n  = 39 + n *A = *B = 53 1.Convert the top card to a number 2.Count down that many from the top 3.The next card is the output card 4.If the output card is a joker, go back to step 1 5.The deck does not change J  = 13 + 11 = 24

13 PLGRM BZIVF JGH A 1 J10S19 B 2 K11T20 C 3 L12U21 D 4 M13V22 E 5 N14W23 F 6 O15X24 G 7 P16Y25 H 8 Q17Z26 I 9 R18

14 Key Distribution Solitaire is a symmetric cipher, so we must have a key known to both parties –Use identically shuffled decks: 54!  2 237 requires distributing decks requires good shuffling –Use a bridge ordering: 52!/(13!) 4  2 95 need way to position jokers the secret police read newspapers too –Use a passphrase to key the deck

15 Keying the Deck with a Passphrase 1.Move the A-joker down one card 2.Move the B-joker down two cards 3.Perform the triple cut 4.Perform the count cut based on top card 5.Perform a second count cut based on a letter from the passphrase

16 How many shuffles does it take to be “random”? In an ideal riffle shuffle, we split the deck in halves, then interleave the halves Cards in the same half are not reordered This yields 54!/(27! 27!)  2 50 We’d need five shuffles to reach 2 237

17 Shuffling, in practice In practice, the 2 50 interleavings are not equally likely –cards near each other don’t separate much Keller [1995] claims seven shuffles are needed

18 How many bits are in a passphrase? English text is highly redundant –some studies claim you get 1.4 bits per character –You need at least 80 characters

19 Bias in Solitaire One would expect that, if Solitaire is a good CPRNG, the probability of getting the same keystream letter twice in a row would be 1/26 Crowley [2001], through simulations, found that this is not the case: it appears to be about 1/22.5 This information could, in theory, be exploited to form an attack

20 Non-reversibility The cipher was designed to be reversible –You should be able to reconstruct the previous deck state from the current deck state However, the rules allowing the jokers to move from the bottom to the top of the deck are not reversible: * 1 2 3 4 5 6... 51 52  1 * 2 3 4 5 6... 51 52 1 2 3 4 5 6... 51 52 *  1 * 2 3 4 5 6... 51 52 Reversibility is not necessarily a problem, but reversible ciphers are easier to analyze

21 Practical Issues Solitaire uses output-feedback mode: –A single bit error in the ciphertext results in a single-bit error in the plaintext (good) –Not self-synchronizing: drop a bit of ciphertext and everything after it is lost (bad) –The keystream can be generated in advance of receiving the message Encryption and decryption are slow Key distribution is difficult Potential attacks based on lack of randomness

22 Future Work Develop attacks on Solitaire Develop a hand-computable asymmetric algorithm –This would address key distribution problem –You could, in theory, compute RSA by hand, but not with reasonable key sizes (for further details, see Dave’s license tag)

23 Other Games A deck of cards doesn’t have enough entropy for an assymetric key (237 bits) –Two decks might be enough (474 or 578 bits) An 8x8 chessboard has 64!/(32!8!8!2!2!2!2!2!2!)  2 141 states –a group in CS588 designed a chess-based cipher last year A 19x19 go board has 3 361  2 572 states Cellular automata might be computable by hand as well

Download ppt "Solitaire CRyptography Applications Bistro 8 April 2004."

Similar presentations

Relations, Functions, and Matrices Mathematical Structures for Computer Science Chapter 4 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesThe Mighty Mod.

Relations, Functions, and Matrices Mathematical Structures for Computer Science Chapter 4 Copyright © 2006 W.H. Freeman & Co.MSCS SlidesThe Mighty Mod.
Public Key Cryptography Nick Feamster CS 6262 Spring 2009.

Public Key Cryptography Nick Feamster CS 6262 Spring 2009.
DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.

DES The Data Encryption Standard (DES) is a classic symmetric block cipher algorithm. DES was developed in the 1970’s as a US government standard The block.
CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.

CS 483 – SD SECTION BY DR. DANIYAL ALGHAZZAWI (3) Information Security.
Sri Lanka Institute of Information Technology

Sri Lanka Institute of Information Technology
Creating Secret Messages. 2 Why do we need to keep things secret? Historically, secret messages were used in wars and battles For example, the Enigma.

Creating Secret Messages. 2 Why do we need to keep things secret? Historically, secret messages were used in wars and battles For example, the Enigma.
CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.

CMSC 414 Computer and Network Security Lecture 2 Jonathan Katz.
Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.

Cryptography (continued). Enabling Alice and Bob to Communicate Securely m m m Alice Eve Bob m.
EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.

EEC 693/793 Special Topics in Electrical Engineering Secure and Dependable Computing Lecture 5 Wenbing Zhao Department of Electrical and Computer Engineering.
Cryptography April 20, 2010 MIS 4600 – MBA 5880 - © Abdou Illia.

Cryptography April 20, 2010 MIS 4600 – MBA © Abdou Illia.
Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.

Session 6: Introduction to cryptanalysis part 1. Contents Problem definition Symmetric systems cryptanalysis Particularities of block ciphers cryptanalysis.
Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.

Overview of Cryptography and Its Applications Dr. Monther Aldwairi New York Institute of Technology- Amman Campus INCS741: Cryptography.
Chapter 2 Basic Encryption and Decryption (part B)

Chapter 2 Basic Encryption and Decryption (part B)
Lecture 23 Symmetric Encryption

Lecture 23 Symmetric Encryption
Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)

Chapter 13: Electronic Commerce and Information Security Invitation to Computer Science, C++ Version, Fourth Edition SP09: Contains security section (13.4)
Computer Security CS 426 Lecture 3

Computer Security CS 426 Lecture 3
Network Security Chapter

Network Security Chapter
Encryption Methods By: Michael A. Scott 20140508.

Encryption Methods By: Michael A. Scott
Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.

Chapter 8.  Cryptography is the science of keeping information secure in terms of confidentiality and integrity.  Cryptography is also referred to as.
Data Encryption Standard (DES). Symmetric Cryptography  C = E(P,K)  P = D(C,K)  Requirements  Given C, the only way to obtain P should be with  the.

Data Encryption Standard (DES). Symmetric Cryptography  C = E(P,K)  P = D(C,K)  Requirements  Given C, the only way to obtain P should be with  the.

Similar presentations

Ads by Google