January 6th, 2014 at 12:32 UTC by Dan Cvrcek
When I read about cryptography before computers, I sometimes wonder why people did this and that instead of something a bit more secure. We may ridicule portable encryption systems based on monoalphabetic or even simple polyalphabetic ciphers but we may also change our opinion after actually trying it for real.
A long time ago I and George French spent some time trying to create a pen&paper encryption that would be easy enough for people to use. We have realised fairly quickly how difficult it was to create something that would allow to encrypt even short messages. Encryption tables we came up with allowed encryption of 50 characters in one go and they took whole A4 sheets. I was hoping to be able to encrypt 160 characters with one A4 sheet but it was impossible if we wanted to keep instructions simple.
Our encryption tables need to be generated and printed but after that, encryption and decryption can be done without any electronics. We used one-time pad encryption scheme as it was one of the simplest. The current implementation generates one-time pads from time and a secret stored on the server running the table generation script (absolutely not the most secure way of doing it).
I have recently revisited the Python script for generating encryption tables and extended the alphabet from 26 letters to 37 by adding digits and space. If you want to experience cryptographic without computers, here are instructions.
- Each time you click on the link below, you should get a new encryption table. Incognito/Private windows help a bit but you should delete PDF files if stored on the disk. (It is good to use thin paper for printing as that is easier to burn or eat )
GET A NEW ENCRYPTION TABLE
- Personalise the encryption table and share it – imagine you have 10 friends and intend to send 5 messages to each of them. The rule of thumb would be to create 10×5 encryption tables to prevent any errors and minimise compromise. You can try to optimise the number of tables but you will always increase risk of messages to be compromised.
- Choose a message and recipient, find an encryption table and encrypt. Write the message at the top. Find each letter in the column underneath and write the second letter on the bottom line.
- Tear the bottom line away, burn or dissolve in acid or eat the rest of the paper, and send the message.
Steps for decryption are following:
- Find the correct encryption sheet (its identification code must match the code received with the message).
- Align the encrypted message with columns or write the message on the first line of the decryption table.
- Decrypt the message. Find each letter in the column underneath and write the second letter on the bottom line.
- Read the decrypted message and burn or dissolve in acid or eat the whole paper.
The same instructions with pictures are here.
It is a simple system but it nicely demonstrates most of real-world problems with encryption. How to securely generate keys (i.e., encryption tables). How to do key distribution. How to communicate compromise of a key and mitigate the leak.
Not everyone has a spare passport, pile of cash, and reports to M.
UPDATE: The source code is at https://github.com/smartcrib/papercrypto