Pencil and paper encryption revisited (long)

[David Farber <farber () central cis upenn edu>]

Happy to send the full article to anyone interested




From: richardr () netcom com (Richard L. Robertson)
Newsgroups: sci.crypt
Subject: Pencil and paper encryption revisited (long)
Date: 4 Nov 93 23:29:21 GMT
Organization: NETCOM On-line Communication Services (408 241-9760 guest)
Lines: 822
Apparently-To: farber@linc




Bruce Schneier   <schneier () chinet chinet com>


     in Message-ID: <CEtKr4.7B7 () chinet chinet com>
              Date: Wed, 13 Oct 1993 05:04:13 GMT
           Subject: Pencil and paper encryption algorithm


proposed a pencil-and-paper encryption algorithm that could be used
without computers, but was still secure against computer-aided
attacks.


I answered with what I felt were several practical usage problems
with his proposed methodology that made it infeasible to reliably
encrypt and decrypt messages in a finite time.


During a much needed vacation from the practical realities of work
and life, I have attempted to come up with a simplified message
encryption algorithm that meets Bruce's criteria and is practical
in use.


I took as design constraints that an inexpensive (< $30) pocket
calculator was acceptable for performing any necessary
calculations, but that something as big and complex as an HP-48 or
an Apple Newton was unacceptable. I also changed the requirement
from "secure against computer-aided attacks" to "highly resistant
against computer aided attacks".


My first attempt used a simple, multiple memory, non-programmable
Radio Shack checkbook pocket calculator. While the methodology met
the "resistance" criterion, it failed the practical test of error-
free calculation in a finite time. It turned out to be possible to
get reliable encryption and decryption by applying the result
cross-checking techniques used in hand pencil-and-paper
calculation, however the time required for error-free encryption
was exorbitant.


By relaxing the design constraints to allow limited programmability
in the pocket calculator, I was able to adequately address the
problem of speed of error-free encryption calculations.


The constraint that I adopted was that the calculator's program
steps must be simple and compact enough for the user to be able to
memorize and to be able to re-enter the program into the calculator
each time that it was used to encrypt or decrypt a message. I
believe that this satisfies the reasonable requirement that there
be no incriminating evidence left lying around in the calculator
between encryption sessions.


The following encryption procedure was tested using an $18 Radio
Shack Model EC-4021 programmable scientific calculator. The
algorithms were modified as necessary to conform to the practical
limitations of the calculator keypad and limited programming
capabilities.


With only moderate training time (a couple of hours) I was able to
reliably encrypt and decrypt messages at a rate of 8-10 characters
per minute. The primary speed limitation was the actual tran-
scription on the results by pencil onto paper.


I would appreciate any and all comments, criticisms, error corrections
and suggestions for improvements.




Richard Robertson           richardr () netcom com