[cryptography] Talon - A new hand cipher with playing cards

Aaron Toponce aaron.toponce at gmail.com
Fri Aug 29 01:36:57 EDT 2014

I've been obsessing over the past couple weeks trying to improve Bruce
Shneier's solitaire cipher, aka "Pontifex". The more I think about it, the more
I realize that there just isn't a lot that can be done about the bias without
severely slowing down the already slow algorithm. So, instead of trying to
improve on his algorithm, I came up with my own - "Talon".

This cipher discards the two jokers. You only need the standard 52-cards from a
poker or bridge set (4 suits, Ace through King). As with Pontifex, this is a
output feedback mode stream cipher. Also, when determing the value of the
output card, the same suit order is used:

    Clubs - face value + 0
    Diamonds - face value + 13
    Hearts - face value + 26
    Spades - face value + 39

An unkeyed deck would have Ace through King of Clubs, followed by Ace through
King of Diamonds, followed by Ace through King of Hearts, followed by Ace
through King of Spades.

This algorithm is executed in 4 steps. You will be making four discard piles,
or "talons", labeled 1, 2, 3, & 4 from left to right.

    1. Create four discard piles. With the deck face-up in your hand, place the
       top card in discard pile #1, the 2nd card in discard pile #2, the 3rd
       card is discard pile #3, and the 4th card in discard pile #4. For
       example, if the deck was unkeyed, then the Ace of Clubs would be in
       discard pile #1, the Two of Clubs in #2, the Three of Clubs in #3, and
       the Four of Clubs in #4.
    2. Note the face value of discard pile #1, ignoring suit, and count that
       many cards from the top of the deck, and place them on top of discard
       pile #1. If the card was a Jack, then count 11 cards from the face up
       deck in your hard, and place them on top of the Jack. Do the same for
       the other three piles, in order (#2, then #3, then #4).
    3. Collect the piles by placing discard pile #1 on top of pile #2 on top of
       pile #3 on top of pile #4, and place the stack behind the face up deck
       in your hand. If all 52 cards were in discard piles (13 cards in each
       pile), then place the newly collected stack in your hand, face up.
    4. Find the output card by looking at the face value of the top card,
       including suit. If the card is a Queen of Hearts, then the value would
       be 12 + 26 = 38. Count that many cards from the top of the deck, and
       record the face value of the next card, including suit. If the top card
       is the King of Spades (13 + 39 = 52), do not record a value, and start
       the algorithm over.

The key lies in the initial order of the deck, as with other designs. It can be
keyed with random shuffling, bridge puzzles, or passphrases. If a passphrase is
used, step 4 is replaced:

    4. Pass cut. Get the numerical value of the first character in your
       passphrase. Count that many cards from the top of the deck, and cut them
       below the rest of the cards. A = 1, B = 2, ..., Y = 25, Z = 26.


Suppose we start with the following deck order:

    TOP ..... BOTTOM

After step 1, we would have the following 4 discard piles:

    #1  #2  #3  #4
    3D  4D  KS  9S

After step 2, our discard piles would look like:

    #1  #2  #3  #4
    3D  4D  KS  9S  <-- Bottom of discard piles
    10H 7S  KD  4C
    2S  7D  JC  KH
    4H  3H  5C  2H
        9C  QH  2C
            8H  QC
            8D  10S
            5D  QS
            6H  9H
            JD  6D

Remaining in my hand would be:


After step 3, the order of my hand would now be:


For step 4, the Jack of Hearts is the top card. Thus, its numerical value is:

    12 + 26 = 38

Counting 38 cards gives me the Five of Clubs as my output card.

After another round, my deck would be orderd as:

My output card would be the Four of Hearts. Thus, it's numerical value is:

    4 + 25 = 30

Talon is reversible, does not need an IV like Mirdek, and less error-prone than
Pontifex. It greatly reduces the chance of a bias, by fast mixing the internal
state through the 4 discard piles with 8 cuts in total in 1 round.

According to Bruce Schneier himself [1]:

    I see about two new cipher designs from amateur cryptographers every week.
    The odds of any of these ciphers being secure are slim. The odds of any of
    them being both secure and efficient are negligible. The odds of any of
    them being worth actual money are virtually non-existent.

The odds are stacked against me. I have looked at my algorithm, and have
determined the following holds true:

    1. The algorithm is non-linear.
    2. The algorithm is reversible.
    3. The mixing of the deck is fast, reducing the chance of a bias.

What I'm struggling with, is calculating the length of the internal PRNG. My
testing shows it is sufficient for small messages, such as the length of a
Tweet, which is practical for field operation.

Also, I don't have an implementation in a program language yet for further
analysis. This is forth coming.

I would be interested in feedback, if anyone would be so kind.


. o .   o . o   . . o   o . .   . o .
. . o   . o o   o . o   . o o   . . o
o o o   . o .   . o o   o o .   o o o
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 502 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20140828/a662d161/attachment.asc>

More information about the cryptography mailing list