# [cryptography] Talon - A new hand cipher with playing cards

Aaron Toponce aaron.toponce at gmail.com
Fri Aug 29 01:36:57 EDT 2014

```I've been obsessing over the past couple weeks trying to improve Bruce
Shneier's solitaire cipher, aka "Pontifex". The more I think about it, the more
I realize that there just isn't a lot that can be done about the bias without
severely slowing down the already slow algorithm. So, instead of trying to
improve on his algorithm, I came up with my own - "Talon".

This cipher discards the two jokers. You only need the standard 52-cards from a
poker or bridge set (4 suits, Ace through King). As with Pontifex, this is a
output feedback mode stream cipher. Also, when determing the value of the
output card, the same suit order is used:

Clubs - face value + 0
Diamonds - face value + 13
Hearts - face value + 26
Spades - face value + 39

An unkeyed deck would have Ace through King of Clubs, followed by Ace through
King of Diamonds, followed by Ace through King of Hearts, followed by Ace

This algorithm is executed in 4 steps. You will be making four discard piles,
or "talons", labeled 1, 2, 3, & 4 from left to right.

1. Create four discard piles. With the deck face-up in your hand, place the
top card in discard pile #1, the 2nd card in discard pile #2, the 3rd
card is discard pile #3, and the 4th card in discard pile #4. For
example, if the deck was unkeyed, then the Ace of Clubs would be in
discard pile #1, the Two of Clubs in #2, the Three of Clubs in #3, and
the Four of Clubs in #4.
2. Note the face value of discard pile #1, ignoring suit, and count that
many cards from the top of the deck, and place them on top of discard
pile #1. If the card was a Jack, then count 11 cards from the face up
deck in your hard, and place them on top of the Jack. Do the same for
the other three piles, in order (#2, then #3, then #4).
3. Collect the piles by placing discard pile #1 on top of pile #2 on top of
pile #3 on top of pile #4, and place the stack behind the face up deck
in your hand. If all 52 cards were in discard piles (13 cards in each
pile), then place the newly collected stack in your hand, face up.
4. Find the output card by looking at the face value of the top card,
including suit. If the card is a Queen of Hearts, then the value would
be 12 + 26 = 38. Count that many cards from the top of the deck, and
record the face value of the next card, including suit. If the top card
is the King of Spades (13 + 39 = 52), do not record a value, and start
the algorithm over.

The key lies in the initial order of the deck, as with other designs. It can be
keyed with random shuffling, bridge puzzles, or passphrases. If a passphrase is
used, step 4 is replaced:

4. Pass cut. Get the numerical value of the first character in your
passphrase. Count that many cards from the top of the deck, and cut them
below the rest of the cards. A = 1, B = 2, ..., Y = 25, Z = 26.

Example:

TOP ..... BOTTOM

After step 1, we would have the following 4 discard piles:

#1  #2  #3  #4
--------------
3D  4D  KS  9S

After step 2, our discard piles would look like:

#1  #2  #3  #4
--------------
3D  4D  KS  9S  <-- Bottom of discard piles
10H 7S  KD  4C
2S  7D  JC  KH
4H  3H  5C  2H
9C  QH  2C
8H  QC
8D  10S
5D  QS
6H  9H
JD  6D
10D
5S
7H
AS

Remaining in my hand would be:

After step 3, the order of my hand would now be:

For step 4, the Jack of Hearts is the top card. Thus, its numerical value is:

12 + 26 = 38

Counting 38 cards gives me the Five of Clubs as my output card.

After another round, my deck would be orderd as:

My output card would be the Four of Hearts. Thus, it's numerical value is:

4 + 25 = 30

Talon is reversible, does not need an IV like Mirdek, and less error-prone than
Pontifex. It greatly reduces the chance of a bias, by fast mixing the internal
state through the 4 discard piles with 8 cuts in total in 1 round.

According to Bruce Schneier himself [1]:

I see about two new cipher designs from amateur cryptographers every week.
The odds of any of these ciphers being secure are slim. The odds of any of
them being both secure and efficient are negligible. The odds of any of
them being worth actual money are virtually non-existent.

The odds are stacked against me. I have looked at my algorithm, and have
determined the following holds true:

1. The algorithm is non-linear.
2. The algorithm is reversible.
3. The mixing of the deck is fast, reducing the chance of a bias.

What I'm struggling with, is calculating the length of the internal PRNG. My
testing shows it is sufficient for small messages, such as the length of a
Tweet, which is practical for field operation.

Also, I don't have an implementation in a program language yet for further
analysis. This is forth coming.

I would be interested in feedback, if anyone would be so kind.

Thanks,

--
. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 502 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140828/a662d161/attachment.asc>
```