do-it-yourself encryption

Really don't know where to put this, so thought I'd ask all the fine folks here and see if I get a response. One of the curses of being widely read is that sometimes you remember the subject but neither content nor location of something you read once and would really like to find out where it can be found again. I know I've read several 'schemes' for doing encryption(high security, no kiddy stuff, the kind it takes a wealthy adversary centuries to crack) in your head or with a few notes on a piece of paper(which if compromised mean nothing cryptanalytically) but cannot find it anywhere. Any of this ring a bell for someone who can provide a url or summary?

The kind of stuff I'm looking for is probably symmetric(tho assymetric would be great and can require any kind of printout or out-of-mind assistance as long as nothing is given away cryptanalytically on any of it.

If anyone remembers anything like this I'd love to hear about it.

Really don't know where to put this, so thought I'd ask all the fine folks here and see if I get a response. One of the curses of being widely read is that sometimes you remember the subject but neither content nor location of something you read once and would really like to find out where it can be found again. I know I've read several 'schemes' for doing encryption(high security, no kiddy stuff, the kind it takes a wealthy adversary centuries to crack) in your head or with a few notes on a piece of paper(which if compromised mean nothing cryptanalytically) but cannot find it anywhere. Any of this ring a bell for someone who can provide a url or summary?

The kind of stuff I'm looking for is probably symmetric(tho assymetric would be great and can require any kind of printout or out-of-mind assistance as long as nothing is given away cryptanalytically on any of it.

If anyone remembers anything like this I'd love to hear about it.

Gokul43201
Staff Emeritus
Gold Member
Even a simple multialphabetic substitution cipher becomes virtually uncrackable if the length of the key is comparable to the length of the plaintext.

I remember seeing a little Javascript tool somewhere that lets you enter the plaintext/ciphertext and a password (which serves as a pseudo-random key generating seed). The code generates a key that is as long as the text and encrypts it using that key. You can decrypt ciphertext at the same site, if you have the password.

Staff Emeritus
Gold Member
Dearly Missed
Colonel Abel, the soviet spy who was arrested back during the Cold War, had a one time pad and some simple rules for using it, involving if I recall, an old Russian folk tune. The "unbreakable" feature was the (pseudo)-random sequence of numbers, which he had to carry with him.

I believe a public key system of fairly good resistance could be based on two large prime numbers which hopefully you could memorize and then do a memorized algorithm on with a calculator.

Rot-13 is usually enough for most. ;-)

lol!!!!!!!

chroot
Staff Emeritus
Gold Member
I've never heard of any such thing. At their heart, most ciphers very complicated "bit shuffling," which could not be done in your head. I'm not saying such a thing could not exist, but I'm pretty well read in cryptography, and I've never heard of it.

- Warren

chroot
Staff Emeritus
Gold Member
On second thought, perhaps you're referring to the Solitaire cipher, which was called Pontifex in Neal Stephenson's Cryptonomicon. This cipher can be done with playing cards, but is definitely not "the kind it takes a wealthy adversary centuries to crack."

http://en.wikipedia.org/wiki/Solitaire_(cipher)

- Warren

thanks, gokul, but I think a multialphabetic substitution cipher of decent security would require a prohibitively long shared key for most messages and is, of course, not reusable.

The javascript tools are handy, but fall well within the 'insecure if environment is compomised' zone. if the password is being typed into a computer in unencrypted form, then an environment breach would trivially shatter the security.

one time pads you have to carry with you again leave you dead in the water if physically compromised, and tend to be way too long to memorise. It took me several days to memorise the first 100 digits of pi, so a decent one-time pad would probably be quite the herculean effort.

the reason I don't think an asymetric system is practical is that to be reasonably secure the calculations would have to be too large to do in your head, and in an environment-compromised situation any calculations of that type done on a calculator are cryptanalytically vulnerable.

I don't mean to sound too negative, guys. I really appreciate you taking the time to try and help.

If it helps jog any memories, I think one of the systems allowed for certain things to be written down on a napkin or paper but if the paper was compromised the system was still secure.

thanks, chroot. I'm familiar with the solitaire scheme and how insecure it is. the scheme(s) I seem to recall had nothing to do with a pack of cards. If it helps jog anyone's memories, I'm pretty sure at least one of the schemes allowed for some things to be written on a piece of paper to help with the calculation, but if the paper was compromised it was not cryptanalytically helpful.

chroot
Staff Emeritus
Gold Member
I honestly don't see how such a system could even exist. If you write down intermediate figures in the course of performing an encryption, how on earth could they not be cryptanalytically useful? They indicate, in some respect, the state of the "state machine" in your head.

As I said, even the Solitaire cipher uses a rather complex "bit shuffling" scheme, with real cards, by its numerous cuts and counts. Every other "secure" cryptosystem I have ever seen uses some form of bit shuffling -- and bit shuffling is particularly hard to do in one's head.

I'm interested in learning about such a cipher, if it really exists -- but is there any chance you have just misread something, or perhaps mistook some fictional work for factual?

- Warren

You mean you don't want to use something like a 384 bit encryption
biometric flash drive?

exactly. the idea is that the core part of encryption happens inside your head. the method doesn't have to be easy to remember, but the process has to be able to be done as if you were sitting in the same room with an adversary.

I'm hoping not, but anything's possible.

You need to encrypt notes on the discussion taking place or like large blocks of data in written form?

chroot
Staff Emeritus
Gold Member
And really, if such a cipher existed, I don't know why anyone would use anything else! The largest pitfall in almost all realistic cryptographic applications is key security -- if anyone can steal your laptop, they can get your key, and render the inherent mathematical security of your cryptosystem irrelevant. It's almost always easier to break into someone's house, point a gun at them, and take their computer than it is to break a modern cipher.

If you really could do secure cryptography in your head, with an algorithm strong enough that the computing hardware of major governments could not break it for centuries, then key security issues evaporate. The key is only stored in your head, and with the exception of torture and Star Treak brain scanners, no one can get it.

Why would anyone use any other kind of cryptography if such a "killer app" existed?

- Warren

chroot
Staff Emeritus
Gold Member
Admin note: Two threads with idential original posts have been merged into this thread. My apologies for any conversation that's difficult to follow!

- Warren

Make up your own shorthand note taking system, then assign three digit number codes for every word you may likely need (that's 999 words). Every second use of the same word increments the number by a fourth/fifth digit. Third use next increment and so on. Unusual words could be substituted for with common words that make sense to you, like metal, box, fire, could mean tank.

They have ten tanks. (Shorthand= %= they , *=10 , @,#,$=metal,box,fire) It, them, they, he/she etc. = % converts to 3951 [have can be assumed and left out] ten = * = 7861 @=metal = 3541 #=box =7561$=fire =2931

39517861354175612931

Don't account for spaces, punctuation, common words that can be
assumed. Instead of Incrementing by 1 , you could also go with a 4 digit
number to begin with, and assign two or three numeric values to each shorthand
word and just use them randomly, because they mean the same thing to you.

What do you think? Not uncrackable, but fairly effective with just your brain to work with.
You could also change the proper english usage to something like ten,metal-box-fire,they.
Try to crack this one :273197312391!

Last edited:
chroot
Staff Emeritus
Gold Member
Irresistible_Force said:
What do you think? Not uncrackable, but fairly effective with just your brain to work with.
It would probably take a cryptanalyst no more than a half dozen of these messages to crack it completely. In fact, it isn't even a cryptosystem at all, it's just a shorthand, and offers absolutely no mathematical security at all.

The original poster is talking about cryptography that major governments could not crack; this kind of "real-world" cryptography requires expert-level training to design.

- Warren

chroot said:
It would probably take a cryptanalyst no more than a half dozen of these messages to crack it completely. In fact, it isn't even a cryptosystem at all, it's just a shorthand, and offers absolutely no mathematical security at all.

The original poster is talking about cryptography that major governments could not crack; this kind of "real-world" cryptography requires expert-level training to design.

- Warren
'Cryptosytem' is not a word. So, you're right.
If you're saying it isn't a cryptographic system , then you're wrong.

cryp·tog·ra·phy
1.The process or skill of communicating in or deciphering secret writings or ciphers.
2.Secret writing.

There is no 'real world' cryptography that only major governments could not crack, which is why we change keys quite frequently. If there were, you most certainly could not do it in your head.

I was only offering a suggestion to the poster of something that could be done in his head. The most secure encryptions are the ones that are unknown to any but the owner. He didn't say he would be sending messages back and forth, he said it had to be done in front of the adversary, without giving anything away.

BTW, I am a cryptologic technician (maintenance) for the Navy, so although not up to the 'expert level of training' you refer to. I am certainly
qualified to offer a suggestion.

Curious3141 said:
http://en.wikipedia.org/wiki/Cryptosystem

It is a word. It's a portmanteau of "cryptographic" & "system".
Dictionary.com says it's not.
And, from your link on 'Wikipedia' in which anyone can write stuff up :
In this meaning, the term cryptosystem is used as shorthand for "cryptographic system". A cryptographic system is any computer system that involves cryptography
Still, not a word. As I said. Neither is Cryptonet, not to be confused with kryptonite, which, BTW is a word.

shmoe
Homework Helper
Irresistible_Force said:
Dictionary.com says it's not.
Dictionary.com doesn't include all scientific or field specific terminology. You can find "cryptosystem" all over the literature. Try searching for "cryptosytem" in MathSciNet, I had 454 hits with "cryptosystem" somewhere in the title.

chroot
Staff Emeritus
Gold Member
Irresistible_Force said:
'Cryptosytem' is not a word. So, you're right.
If you're saying it isn't a cryptographic system , then you're wrong.
Of course it's a word. Have you ever, say, read a book on cryptography?

There is no 'real world' cryptography that only major governments could not crack, which is why we change keys quite frequently.
While it is possible that NSA already has cracked every modern cryptosystem, most mathematicians believe that at least a few existing cryptosystems have no corresponding cryptoanalytic vulnerabilities, meaning the only known attack is brute-force. These algorithms use keyspaces so large that the mean time to find a key with existing computing hardware is longer than the age of the universe. Of course, this doesn't mean the key won't be found in thirty seconds, but it's highly unlikely. It's also possible that Uncle Sam has alien quantum-computer technology, but, again, it's highly unlikely.

If there were, you most certainly could not do it in your head.
However, this is exactly what the original poster asked for.

The most secure encryptions are the ones that are unknown to any but the owner.
This is quite likely the dumbest thing you've said in this thread -- even dumber, perhaps, than suggesting that cryptosystem is not a word. Point of fact, the most secure ciphers are those that are publicly scrutinized by tens of thousands of professionals, and corrected so that they contain no "bugs" that could be used for cryptanalytic attack. An algorithm that is known to contain no flaws is one whose security depends only on the key. If no one has your key, such an algorithm provides no opportunity for attack, other than brute-force.

The kind of security you're advocating, commonly called security through obscurity, is an almost sure-fire way to fail.

The likelihood that any non-expert would be able to single-handedly design a cipher which could withstand an attack by, say, the NSA is vanishingly small. The likelihood that your algorithm contains obvious, glaring flaws is enormous. Even if you never tell anyone your algorithm, the likelihood that these glaring flaws will be found and exploited by simple ciphertext analysis is very high.

BTW, I am a cryptologic technician (maintenance) for the Navy, so although not up to the 'expert level of training' you refer to. I am certainly
qualified to offer a suggestion.
Shall we be honest? The comments you have made in this thread indicate you know virtually nothing about cryptography. You don't even know the vocabulary, or the major conclusions. I don't care if you work for the Navy, swapping boards out of computers used for cryptography or whatever -- you're definitely not qualified to develop secure cryptosystems. (Nor, for that matter, am I.) Sorry to burst your bubble.

- Warren

Last edited:
chroot said:
Of course it's a word. Have you ever, say, read a book on cryptography? Yes, I have. You want me to Fedex them to you?
The point was, just because a term is used colloquially among a group of people does not make it a word by definition. Hootnanny is not a word, but I'm sure a lot of people know what it means. I was pointing out the fact that earlier you insinuated that I was offering a dumb idea to the orginal poster, even though you were not using correct terminology yourself.

While it is possible that NSA already has cracked every modern cryptosystem, most mathematicians believe that at least a few existing cryptosystems have no corresponding cryptoanalytic vulnerabilities, meaning the only known attack is brute-force. These algorithms use keyspaces so large that the mean time to find a key with existing computing hardware is longer than the age of the universe. Of course, this doesn't mean the key won't be found in thirty seconds, but it's highly unlikely. It's also possible that Uncle Sam has alien quantum-computer technology, but, again, it's highly unlikely.
Again, you offer no solution to the question posed by the original poster, You merely reiterate the fact that any cipher of quality must have complex keys generated by algorithms. Duh! At least I offered a suggestion that might help the poster remember the original reference he was seaching for. What have you done to assist the poster? Nothing. You state the obvious and then pick on the only person that even offered to help.

However, this is exactly what the original poster asked for.
Still not seeing how your solution (or lack of one) has helped the poster at all. Your only picking apart my statemenst like someone who can't let go of Debate Club habits.

This is quite likely the dumbest thing you've said in this thread -- even dumber, perhaps, than suggesting that cryptosystem is not a word. You are wrong. I can splice two words together whenever I want, they still don't become a word just becaus of it's colloquial use. Additionally, do you really feel so threatened that you have to resort to calling me 'Dumb'? I've plainly admitted that I am no professional cryptographer, though I am sure my credentials in that area suffice to allow me to offer a suggestion in a public forum. Point of fact, the most secure ciphers are those that are publicly scrutinized by tens of thousands of professionals, and corrected so that they contain no "bugs" that could be used for cryptanalytic attack. An algorithm that is known to contain no flaws is one whose security depends only on the key. If no one has your key, such an algorithm provides no opportunity for attack, other than brute-force.

The kind of security you're advocating, commonly called security through obscurity, is an almost sure-fire way to fail.
Depending on his application. The poster merely said 'Adversary' in the same room. Given enough time, ANY cipher can be broken, like you pointed out. But the for the application suggested, I imagined him in a room with some other person that he did not want to view his writings. Perhaps he was thinking of encrypted crib notes for one of his classes? We never got that much information from him. But based on what he DID say, at least I offered a suggestion. Not you. You can only spend your time criticizing others, only illuminating the fact that you have no tact and are not a people person at all. I just hope you are not a teacher somewhere, I would feel badly for your students.
The likelihood that any non-expert would be able to single-handedly design a cipher which could withstand an attack by, say, the NSA is vanishingly small. The likelihood that your algorithm contains obvious, glaring flaws is enormous. Even if you never tell anyone your algorithm, the likelihood that these glaring flaws will be found and exploited by simple ciphertext analysis is very high.Again, he never said the cipher had to withstand NSA scrutiny. He plainly said 'Adversary'.

Shall we be honest? The comments you have made in this thread indicate you know virtually nothing about cryptography. You don't even know the vocabulary, or the major conclusions. I don't care if you work for the Navy, swapping boards out of computers used for cryptography or whatever -- you're definitely not qualified to develop secure cryptosystems. (Nor, for that matter, am I.) Sorry to burst your bubble.
I am well aware of the vocabulary, I just chose your colloquialism to make a point. At the moment I am serving a tour as a Naval Instructor for the Cryptologic Maintenance Technician course. This is where we teach them the job. I wasn't even attempting to develop a secure cryptographic system. I'd need an engineering degree for that. I was offering the suggestion of a cipher that the original poster could do in his head, to keep an 'Adversary' in the same room from reading what he was writing. What did you offer? Nothing, save personal attacks against the only person even offering a suggestion. Do you feel so inadequate that you have to pick on other people to make yourself feel smarter or better than everyone else? My IQ is 132, so , I am no Dummy as you insinuated. Neither am I a genius however, between the two of us, only I offered a useful suggestion to the original poster.
- Warren
I will not waste any more time or effort to reply to you. I will only feel as though I have to defend myself even further from someone who has not even bothered to produce any credentials as to his expertise in the matter other than personal attacks and hot air. I thought I had found an enlightened forum here in Physics Forums. I guess I was wrong.
-click-