A Secure Cipher Using Playing Cards (For a simple way to crack the cipher check the bottom of this page.)

Here's and easy-to-use autokey cipher using half a deck of playing cards. Use half the deck, consisting of 13 black cards and 13 red cards. The cards stand for the following letters of the alphabet:

      BA B2 B3 B4 B5 B6 B7 B8 B9 BT BJ BQ BK RA R2 R3 R4 R5 R6 R7 R8 R9 RT RJ RQ RK
      A  B  C  D  E  F  G  H  I  J  K  L  M  N  O  P  Q  R  S  T  U  V  W  X  Y  Z 
    

BA is "black ace, BT is "black ten", and so on.

Begin by arranging the deck in the order shown above so that when the deck is held face up the black ace is showing. All the operations we will perform will be done with the cards face up at all times. The reason for this will become apparent when it comes time to do the decipherment.

The first step is to key the deck so that it will have an initial arrangement unknown to the enemy. The deck is keyed by enciphering a key word or, better yet, a key phrase. As an exmaple, use the key phrase TO BE OR NOT TO BE. Since the process of enciphering each letter also mixes the order of the deck, enciphering the key phrase will mix the deck in a way that is unique to that key phrase.

Holding the deck face up with the black ace showing on top, deal off cards, one by one, "counting" off the letters of the alphabet A, B, C, D, ... as each card is dealt off and stacked, face up, on the table. When dealing out the cards, deal them onto three separate piles with the first card dealt to the leftmost pile, the second card to the middle pile and the third card to the rightmost pile. Then repeat, starting again at the left pile, as if dealing a round of three-handed poker.

When you reach T in the alphabet, the first plaintext letter to encipher, you will be dealing the red seven to the middle pile on the table. This card stands for T, the same as the plaintext letter. This is to be expected on the very first letter, which is one of the reasons the deck must be keyed before using it. Since you are keying the deck and not enciphering a message yet you don't really need to write down the ciphertext result, but just to make it easier to follow along, I'll show them here as we go:

      TO BE OR NOT TO BE
      T
    

Now take the cards remaining in your hand, with the red eight showing on top, and place that deck, face up, on top of the leftmost pile on the table. Then pick up that whole stack and place it on the middle pile, and then pick up the whole stack and place it on the rightmost pile, gathering the whole deck into one pile with the red 8 showing on top, and the black 3 hidden at the very bottom.

This is the same procedure you will use with each letter enciphered. For the second letter, O, repeat those steps and you will end up with the ciphertext letter Q (red four), and the newly mixed deck will have the the red ace on top and the red ten hidden on the bottom.

      TO BE OR NOT TO BE
      TQ
    

When the plaintext letters A and B are enciphered there will not be enough cards dealt out to make three piles. In that case simply pick up what cards there are, left to right, even if there is only one card, which will be the case after enciphering any A.

Each time this process is repeated the deck becomes more scrambled until after the last letter of the key phrase is enciphered:

      TO BE OR NOT TO BE
      TQ KO QG DJN XI AT
    

After which the deck looks like this, top to bottom:

      B5 R2 B2 RK R6 R8 B6 BQ BJ RJ B3 B7 R3 B8 B9 RQ R4 B4 RT RA BA R5 R9 R7 BK BT
      E  O  B  Z  S  U  F  L  K  X  C  G  P  H  I  Y  Q  D  W  N  A  R  V  T  M  J 
    

The deck is now keyed and ready to use in enciphering the actual message. Repeating the same procedure that was used to encipher the key phrase, encipher the message:

      MEET ME AT SIX PM AT THE SAFE HOUSE
      PDVI TE XW CBB JM KU FAD TORE PTHJF
    

Deciphering the Message

To decipher the message start with the freshly keyed deck and the ciphertext:

      PDVI TE XW CBB JM KU FAD TORE PTHJF
    

The first ciphertext letter is P which corresponds to the red three. Taking the keyed deck in hand, deal out the cards into three piles exactly as you did for enciphering, except that as you count up the alphabet you will be watching for the red three to fall. (This is why everything is done face up.) When it does, whatever letter you have counted up to at that point is the plaintext letter for ciphertext P.

As you do this you will see that the red three falls as you are counting M, so write down M as the first plaintext letter:

      PDVI TE XW CBB JM KU FAD TORE PTHJF
      M
    

Repeat the process as before, this time watching for the next ciphertext letter, D (black four). That card falls as you count E, so E is the next plaintext letter. With each round the plaintext letters will be revealed one by one.

      PDVI TE XW CBB JM KU FAD TORE PTHJF
      MEET ME AT SIX PM AT THE SAFE HOUSE
    

Variations

One simple variation is to change the number of piles the cards are dealt into, using 4 or 5 piles instead of 3, for example. Don't use just one pile, however. That results in a very unsecure cipher that has too many patterns that can be exploited by an experienced codebreaker.

A more interesting variation, which I call Half Deck 2, uses a numeric key to specify, for each letter of the plaintext, the number of piles to be used in enciphering that letter. For example, a numeric key like 25343 could be written repeatedly over the plaintext message:

      2534 32 53 432 53 43 253 4325 34325
      MEET ME AT SIX PM AT THE SAFE HOUSE
    

Then that number of piles could be used for enciphering each letter. In other words, 2 piles for the first M, 5 piles for the first E, 3 piles for the second E and so on.

Compared to Other Pencil and Paper Ciphers

Compare the simplicity of this system with the more complex and error-prone (when done by hand), but nonetheless famous Solitaire Cipher which uses two full decks of cards plus two jokers and requires the user to convert the message to numeric codes and apply modular arithmetic to each letter using a keystream generated by complex series of manipulations of the deck of 54 cards. And after all that each number has to be converted back into a letter before being written down as the ciphertext message. Whew!

I don't imagine this cipher is as strong as Solitaire, since I've already discovered a way to crack the "Half Deck 2" variation described above, from a known-plaintext sample. (See the spoiler and the following link under the challenge below.) But it's definitely stronger than a simple substitution cipher, which, to tell the truth, isn't saying much.

A Challenge

Under variations, above, I described a version using a numeric key to specify how many piles to use with each enciphering step. The challenge below uses that variation which I have dubbed Half Deck 2.

• In this challenge cipher the key phrase is 15 letters long.
• The numeric key in the challenge cipher is 5 digits long.
• The deck is arranged in ascending order, as shown above, before applying the key.
• The first ten lines are the same plaintext, as shown in lowercase above the first line, repeatedly enciphered with the same key, each line treated as a continuation of a single long plaintext message.
• The next ten lines are unknown plaintext enciphered as a continuation of the first ten lines, still using the same key, uninterupted throughout.

The challenge is to recover the plaintext and, if possible, the 15-letter key and the 5-digit numeric key. Here is the ciphertext:

      the quick brown fox jumped willy nilly over the lazy dog
      ONC JHNEK OKJGG WUI SRNWFX HDEXD EKSRK YYCJ FSQ VNND ELK
      SLB LCHEF QZYIF JNZ NAQJPW WACYA WHULH UFHV DXB NLLU MXI
      KCY ILNKB FYESA LEE PNZWSA UMQIS OVEDM DPPH IUZ PYYT SFO
      OUZ DFURK VXGQJ QHE LHTIGW KOAON XOVOA JGQB HAW GQQB CMZ
      HLX YMXKY NVYTL RWJ NNRBWN IWGWW WDODD NIIH VZK WFFV GEW
      WLS OMLUH WHOAA KZB PTLKEG MDUGD UHPTH NNSO EPV FLLD URH
      PRI RSMUE VCNBE OLC LQVOYK KQSNQ KMZRM ZEMF DGI LRRZ JGB
      HSN BRLHI ENUPQ RUU YLCKPQ ZJVBP WFUDJ DYYM BZC YNNX PEW
      WZC DEZTH FGAVO VMU RMXBAK HWQWL GWFWQ OAVI MQK AVVI SJC
      MRG NJGHN LFNXR TKO LLTIKL BKAKK KDWDD LBBM FCH KEEF AUK
      VTXFW AREJX FKLJI YVCWV FJCNO ZGVRQ KDMOX NKVXJ OSREL ZEULG
      UMPYJ JUHGZ GITUB CGLHQ TOLCX CGQFT OAPZO NNXOT FNTZW HFBZH
      JGDMV TDHDR NIVYH TBEAJ FNIDB CDESV MHXZO WJHGW EHMPB MOHSO
      JLXAG JOSIQ TSRNQ IIVIK ZDMAX VNBMC AQNYJ BUIUW FLZEA ZFXUD
      PHWHW AMBCL ZDKOW ZOGXP FMQFN KAIBO RHPUA MTRQV JSPKX LSQGA
      ZNCVI GMTIE IVWOS QIOWV STDHP GVKAF OPIXU PAMGQ RZPOZ VAMJC
      FMIVJ RQFQV TBFLP OIWAO AOHKX ZLMFM OEQEY NGNYJ VHLMQ FCZYE
      IXYOS TVHCW QVEMP LZGGJ QUONV JQSIY YZGWY NUMQJ QPMTQ IPMJE
      RYBKU BQUYL JPARU KSVBC VMGMY YKUHQ VAYFI MOGGP LLPDV ZWRWH
      EVISE NPIFE ALNZN LCKBV EBQML RKAXN OSWFI ZHASG ALKUW SEZQH
    

Good luck!

If you want a hint, drag your mouse over this invisible spoiler:

It turns out to be quite easy to deduce the exact values of all five key digits by looking at doubled ciphertext letters relative to their position under the 5-digit numeric key. Plaintext "az" is a gimme, but look at the plaintext "ve" and the plaintext "ox" pair, to mention just a few. Each one narrows down the possibilities, and, in fact, the pt "ox' pair gives you the second digit of the numeric key outright. There is only one possible number of piles that causes "ox" to be enciphered as a double.

Cracking the Half Deck 2

As an instructive example of how a cipher that appears uncrackable, or at least difficult to crack, can turn out to be a trivial exercise in cyrptanalysis, a few hours of fiddling with ways to break this cipher proved that, given a bit of known plaintext, the Half Deck 2 cipher turned out to be very easy to crack. If you are interested, here is how to crack it.