Solitaire (cipher)

From Wikipedia, the free encyclopedia
Jump to navigation Jump to search

The Solitaire cryptographic algorithm was designed by Bruce Schneier at the request of Neal Stephenson for use by field agents in his novel Cryptonomicon, enabling them to communicate securely without having to rely on electronics or having to carry incriminating tools,[1] It was designed to be a manual cryptosystem calculated with an ordinary deck of playing cards. In Cryptonomicon, this algorithm was originally called Pontifex to hide the fact that it involved playing cards.

One of the motivations behind Solitaire's creation is that in totalitarian environments, a deck of cards is far more affordable (and less incriminating) than a personal computer with an array of cryptological utilities. However, as Schneier warns in the appendix of Cryptonomicon, just about everyone with an interest in cryptanalysis will know about this algorithm. Additionally, it was found to have a significant bias towards repeating characters (1/22.5 rather than 1/26), so it is considered insecure.[2]

Encryption and decryption[edit]

The algorithm generates a stream of values which are combined with the message to encrypt and decrypt it. Each value of the keystream is to be used for one value of the message, thus the keystream will need to be the same length as the message.

  1. Remove all punctuation and convert the characters to the same case.
  2. Convert all the characters to their natural numerical values, A = 1, B = 2, etc., Z = 26.
  3. To encrypt a message, add each keystream value to its corresponding character in the plaintext, rolling over back to 1 if the resulting value exceeds 26 (modulo 26 arithmetic). To decrypt, subtract each keystream value from its corresponding character in the ciphertext, rolling back up to 26 if the resulting value should be lower than 1. (In mathematics this is called modular arithmetic.)

Keystream Algorithm[edit]

This algorithm assumes that the user has a deck of cards and two jokers which are distinguishable from each other. For simplicity's sake, only two suits will be used in this example. Each card will be assigned a numerical value: the first suit of cards will be numbered from 1 to 13 (Ace through King) and the second suit will be numbered 14 through 26 in the same manner. The jokers will be assigned the values of 27 and 28. Thus, a 5 from the first suit would have the value 5 in our combined deck, the value 1 in the second suit would have the value 14 in the combined deck. In a full deck of cards, the suits are valued in bridge order: clubs, diamonds, hearts, spades.

The deck will be assumed to be a circular array, meaning that should a card ever need to advance below the bottom card in the deck, it will simply rotate back to the top (in other words, the first card follows the last card).

  1. Arrange the deck of cards face-up according to a specific key. This is the most important part as anyone who knows the deck's starting value can easily generate the same values from it. How the deck is initialized is up to the recipients, shuffling the deck perfectly randomly is preferable, although there are many other methods. For this example, the deck will simply start at 1 and count up by 3's, modulo 28. Thus the starting deck will look like this:
    • 1 4 7 10 13 16 19 22 25 28 3 6 9 12 15 18 21 24 27 2 5 8 11 14 17 20 23 26
  2. Locate the first joker (value 27) and move it down the deck by one place, basically just exchanging with the card below it. Notice that if it is the last card, it becomes the second card. There is no way to become the first card. The deck now looks like this:
    • 1 4 7 10 13 16 19 22 25 28 3 6 9 12 15 18 21 24 2 27 5 8 11 14 17 20 23 26
  3. Locate the second joker (value 28) and move it down the deck by two places. Notice that if it is the second to last card, it becomes the second card by wrapping around. If it is the last card, it becomes the third card. There is no way to become the first card.
    • 1 4 7 10 13 16 19 22 25 3 6 28 9 12 15 18 21 24 2 27 5 8 11 14 17 20 23 26
  4. Perform a triple-cut on the deck. That is, split the deck into three sections. Everything above the top joker (which, after several repetitions, may not necessarily be the first joker) and everything below the bottom joker will be exchanged. The jokers themselves, and the cards between them, are left untouched.
    • 5 8 11 14 17 20 23 26 28 9 12 15 18 21 24 2 27 1 4 7 10 13 16 19 22 25 3 6
  5. Observe the value of the card at the bottom of the deck, if the card is either joker let the value just be 53. Take that number of cards from the top of the deck and insert them back to the bottom of the deck just above the last card.
    • 23 26 28 9 12 15 18 21 24 2 27 1 4 7 10 13 16 19 22 25 3 5 8 11 14 17 20 6
  6. Now, look at the value of the top card. Looking at the deck used above, the top card would be 23. Count this many places below that top card and take the value of that card as the next value in the keystream, in this example it would be the 24th card, which is 11. If the card counted to is either joker, do not add anything to the keystream. (Note that no cards are changing places in this step, this step simply determines the value).
  7. Repeat steps 2 through 6 for as many keystream values as required.

It is worth noting that because steps 2 and 3 have the wrap around feature, there are two configurations that can lead to the same configuration on a step. For instance, when the little joker is either on the bottom of the deck or on the top of the deck it will become the second card after step 2. This means the algorithm is not always reversible.[2]


  1. ^ Schneier, Bruce (May 1999). "Solitaire". Retrieved 2 July 2006.
  2. ^ a b Crowley, Paul. "Problems with Bruce Schneier's "Solitaire"". Retrieved 26 March 2018.

External links[edit]