# Do-It-Yourself The Solitaire cipher - Superstruct Instructables series - do it yourself

Hello, and welcome to this Instructable. In the following pages, we'll take a look at the basics of the Solitaire cipher, an encryption algorithm created by cryptography specialist Bruce Schneier for Neal Stephenson's novel "Cryptonomicon", a book released in 1999 - 20 years ago already ! It's been designed to use a simple deck of cards to provide high-tech level security.As some readers among you might be some of my students (I teach in a small suburbian middle-school near Paris) , let me remind you kids that some of the principles behind Solitaire are part of the European Information Literacy and Protection curriculum since 2015, and you will be expected to be familiar with these for your final exams ! Remember that being able to use this cipher could also turn out to be of vital importance for personal information protection.**No I didn't go crazy, and I haven't forgotten this is 2008 and not 2019. This Instructable is the first in a series of Instructables related to the Institute for the Future's Alternate Reality Game Superstruct. Set in 2019, this game places players in a world threatened by five major ills - failing and/or hacked communication and computer networks, a severed food chain, devastating climate catastrophes that force populations to migrate, epidemics of Respiratory Distress Syndrom and a world struggling to survive without oil. If you think you're up to the challenge or would like to explore this world more, check the main site and join us !

## Step 1: Tools you'll need

In order to encrypt data using the Solitaire cipher, you will need the following :Patience : Encrypting data with the Solitaire cipher takes time. To quote Mr. Schneier, "(Solitaire)'s not fast, though. It can take an evening to encrypt or decrypt a reasonably long message."Two decks of 54 cards : these decks feature the classic four suits of cards - club, diamonds, hearts and spades - plus two jokers. One of the decks will be used to generate keystream values, the other for backup purposes or communicating to your recipient.Paper and pencil or a computer terminal : For the purpose of this exercise, any relatively trusted terminal will do. Keep in mind, however, that in a real-life situation you might sometimes not be able to rely on "relatively trusted" hardware. In such situations, all operations should be carried using a disposable writing surface of some sort (only 10 years ago, using paper would have been the easiest option but there are parts of the world where this is no longer the case, alas). Even better, don't write down any information anywhere at all (see my Instructable on methods of loci for more help in that field) - if you can do it all in your head, do so.

## Step 2: Overview of the encryption process

The process of encrypting a message with Solitaire can be divided into a few steps. Let's see what they are :1) Writing your cleartext (immediately understandable) message and preparing it for encryption ;2) Preparing the decks to generate keystream values ;3) Generating keystream letters ;4) Generating the ciphertext ;5) You're done !If these 5 steps are clear enough to you, let's move on with step one - writing your cleartext and preparing it for encryption.

## Step 3: Writing and preparing your cleartext message

First off, in order to encrypt a message, you need to have a message to encrypt. Given the time it takes to encrypt text with Solitaire and the level of security it offers, Bruce Schneier suggests that the longest messages should be 2000 characters long. This can be a little short for what you have to say so don't hesitate to use slang or abbreviations. Make sure that your recipient will understand what you mean, though !

Once this is done, it's time to prepare your message for encryption. Encrypting a message doesn't change either words' length or message punctuation, both of which can be indications as to what words you've used in your messages. In order to prevent such an attack - called the "probable word attack" - we're going to apply a few changes to your message.

First, we're going to remove ALL the punctuation in your message. Full stops, commas, etc...Just remove them all.

Second, we're going to take care of the length of the words used. You're going to divide your message's characters in small groups of 5 letters. If you have extras, use the letter X. For example, a short message saying "Do not go" would turn into "DONOT GOXXX".

There's nothing really special about using groups of 5 letters - it's just a convention. In the same way, you'll notice we turned the letters into caps - this too is a convention to differentiate more conveniently cleartext from ciphertext. It also takes care of removing all indication of where a sentence starts or finishes. Neat, is it not ?

Now that we're done, let's move to the next step : preparing the decks !

## Step 4: Preparing your decks

Now is the time to get the decks ready to generate the keystream values. To generate these, we first need to shuffle the decks so that the cards are as randomly distributed as possible. To make sure that's the case, we're going to shuffle the first deck 6 times - if you have no idea how to do this, I suggest you take a look at this Instructable by M5R, or just watch the .ogg video included on this page.Once this is done, turn it face up and arrange the cards in the other deck to match the distribution of the first. Put it back in its package and don't touch it ! That'll be your backup. You can write down the order of the cards in the deck, save it on your terminal or, as said previously, use mnemonics' to memorize the order of the cards in the deck.
shuffling.ogg3 MB

Show All 9 Items

## Step 6: Generating ciphertext

We're almost there now ! On the one hand we have a series of numbers and on the other we have a slightly tweaked message. Let's get working...And get familiar with the wonderful world of modulo !

This word "modulo" might sound scary and strange, but that is actually something people do all the time when, for example, we figure out what time it is - namely modulo 12. Let's suppose it's 11 in the morning and you have to meet someone 3 hours later - that'll be 2 in the afternoon. Easy, is it not ? These operations are called modular arithmetics. Now let us apply this to our cleartext and keystream values.

Let's go back to the cleartext we prepared earlier so that it'd turn into DONOT GOXXX. We're going to convert every letter to a numeric equivalent :

D O N O T G O X X X transforms into :
4 15 14 15 20 7 15 24 24 24

To which we had the keystream values (these are completely arbitrary, and are only here as an example) :
17 15 8 24 3 10 20 13 1 14

Which gives us :
21 30 22 39 23 1735 37 25 38

Do you remember the modulo I mentioned earlier ? If watches are modulo 12, then the alphabet is modulo 26. Converting these values accordingly, we have now :
21 4 22 13 23 17 9 11 25 12

Which once converted back to letters becomes :
U D V M W Q I K Z M.

## Step 7: Deciphering ciphertext

Now let's suppose someone just got a message encrypted with Solitaire. How does one decrypt it ? As you might have already figured out, Solitaire is a symmetric algorithm : what you did to encrypt your message, is what you're going to do to decrypt it - the other way around.Step 1 - You're going to need the keystream values the sender used to encrypt the message. This is pretty simple, all things considered : all one needs to do is follow the process described in Step 6 - Generating keystream values using the correct deck, and generate as many keystream values as there are of characters in the message, as seen before.Step 2 - We're going to use the example from the previous step :U D V M W Q I K Z M, and convert it into numbers :21 4 22 13 23 17 9 11 25 12.Step 3 - If the recipient of the message followed the keystream values generation process correctly, starting from the deck that was agreed upon with the sender, the values generated are the same as those the sender used :17 15 8 24 3 10 20 13 1 14 ;Step 4 - From there, all one needs to do is substract the generated keystream values from the numbers that came up when we converted the message, still using modulo 26. This gives us :4 15 14 15 20 7 15 24 24 24,Which we convert into letters, obtaining :D O N O T G O X X X.As I told you, nothing too difficult if you've understood how the encryption process works - the decryption process is just the same, only reversed. Don't hesitate to train and work on it until it makes sense ! Better make mistakes now than when time will actually be of the essence !If you're clear on that part, let's move on to the conclusion.