Uncrackable DIY Pencil-and-Paper Encryption

by August 5, 2010 08/5/10
CIA One Time Pad by NBCNews

Today we’re surrounded by massive computational power and vast communication systems. When you visit your bank’s site, you don’t think about negotiating cryptographic keys and verifying digital signatures. When you talk on a cell phone, you don’t have to worry about COMSEC (supposedly).

Not too long ago, however, a “computer” was a young woman at a desk, and cryptographic links were short messages. In this article, I’ll show you proven, uncrackable encryption scheme that can be done with pencil and paper. If properly implemented, One Time Pad encryption can be used in virtually any medium, and is still used by our favorite black helicopter organizations to conduct missions abroad.

History

What we now call one-time pad encryption (OTP) was patented by Gilbert Vernam at AT&T in 1919 and enhanced by Captain Joseph Mauborgne of the Army’s Signal Corps. The earliest military application was reported by the German Kurzwellenpanorama magazine in World War I. Later it was employed by the BBC to send coded messages to Special Operations Executive agents abroad.

The largest application of OTP has been on number stations; these unlicensed, mysterious shortwave radio stations began broadcasting during the Cold War and continue to this day. With a common, inexpensive hardware, an agent anywhere in the world can pickup a broadcast from their organization in an untraceable, uncrackable way. These stations often play musical introductions followed with either Morse code or voice recordings reading alphanumeric code. The Cornet Project has done an amazing job putting together 30 years of recordings of these stations and an informational booklet for free download. If you like spy games, be sure to check it out.

Example

I’ll use the example of a Soviet spy. In Moscow, you are issued a tiny booklet of labeled random numbers sequences; this cryptographic key book is identical to one that number station operators have. You sew it into your suit and smuggle it into West Germany. While there, you purchase a shortwave radio and, in the privacy of your flat, listen to the predetermined time and frequency. After a series of beeps, you hear the jingle of music that verifies you are listening to the correct station.

A Russian voice comes on and gives you eight numbers (shown in the table below). Using the first two to identify which code to use, you combine your encrypted message with your key to decode the name of your contact, “Egorov”. You rip out the key booklet page and throw it in your fireplace.
Here is the example from above in math form. The encrypted text is what came over the radio, the key is what was in your book.

Encrypted Text 01 03 09 07 24* 11
Key 04 04 06 11 17* 11
Decrypted Text =5=E =7=G =15=O =18=R =15=O =22=V

You take your encrypted text (01-03-09-07-24-11) and add the key from your book (04-04-06-11-17-11). Notice that position five the cipher text and the key sum to 17, not 41. Because there are only 26 letters, it “rotates” around to become 15 (24+17=41. 41-26=17). The encryption process at the number station simply took the message (EGOROV) and subtracted their random key from it, using the same rotating method for negative numbers.
If the key is scientifically random, in theory, the code is impossible to crack. This is because there is no correlation between how the first E is encrypted and the fifth, and a three letter code could just as easily be “CAT” or “DOG”. An OTP key is used only once, and has a key as long as the message; if a key is reused, it is possible to mount a computational attack and crack it.
Done properly, no previous messages are compromised if a single key is broken (unlike AES or PGP). Furthermore, by keeping the entire process on paper, you minimize the number of mechanism that need to be secure, and thereby reduce the attack vectors. With five minutes of training, you can apply this same system to your IM conversations, email, shortwave radio stations or SMS. Lastly, humans intuitively understand how to hide and secure things, but only conceptually understand firewalls and SSL.
A limitation of OTP is that there’s a finite number of messages that can be sent before a new set of keys need to be exchanged. Furthermore, the key exchange has to happen out-of-band and typically in person; this makes the system more inconvenient compared to PGP or AES for computer network communications. Understanding these limitations and advantages, you can build out your own cryptographic implementation easily.

Building Your Own System

Step 1 – Decide on an Alphabet

First we need to figure out how to interpret decrypted messages as English. Often messages are converted into using numbers for their ease-of-calculation in OTP. Numbers don’t have to represent just letters, as in the previous example, but also numbers, symbols, words, and syntax. While this the alphabet is not sensitive, per se, it’s usually kept with your keys. Here is an example alphabet I’ve created for text messages.

Code Meaning Code Meaning
01 A 27 0
02 B 28 1
03 C 29 2
04 D 30 3
05 E 31 4
06 F 32 5
07 G 33 6
08 H 34 7
09 I 35 8
10 J 36 9
11 K 37 (space)
12 L 38 .
13 M 39 !
14 N 40 ?
15 O 41 AND
16 P 42 THE
17 Q 43 WHO
18 R 44 WHAT
19 S 45 WHERE
20 T 46 WHEN
21 U 47 YES
22 V 48 NO
23 W 49 MAYBE
24 X 50 ABORT
25 Y 51 HELP
26 Z 52 (End of Message)

Step 2 – Generate Your Key Book

Now we need to generate your key book to smuggle into West Germany. Unlike Hoover’s CIA, generating 10,000 new scientifically random numbers doesn’t take a room full of agents rolling dice for a week. RANDOM.org is a free service run by the computer science department at Trinity College in Dublin, Ireland; their random numbers are generated from atmospheric noise, and is as close an approximation to random numbers as you can get without a chunk of uranium and a Geiger counter.

Use their SSL-encrypted integer generator to collect your encryption keys. The safest ways to collect these are using Firefox Private Browsing Mode, Google Incognito‘s window, or encrypt your hard-drive. If you use spreadsheet software like Excel, be sure to disable autosaving if your hard-drive is unencrypted. Print this and give it to your comrade, preferably on a printer without secret serial number dots.
When you’re done, your key book will have pages of labeled two-digit numbers.

Key # Position
1
Position 2 Position 3 Position 4 Position 5 Position 6 Position 7 Position 8 Position 9 Position 10 Position 11 Position 12 Position 13
1 87 7 38 43 20 11 84 74 53 35 83 0 80
2 20 15 65 20 79 29 15 75 70 87 9 39 55
3 17 37 25 64 19 99 33 93 93 49 88 54 69
4 77 64 5 96 78 70 68 5 52 78 53 25 98
5 56 52 97 30 82 69 31 61 58 49 58 56 80
6 57 48 84 48 7 71 87 38 1 27 11 53 51
7 20 53 38 91 99 67 43 11 13 1 73 17 47
8 10 2 32 52 48 84 51 56 33 29 74 16 44
9 87 97 93 58 96 35 31 89 50 57 73 32 52
10 57 99 1 33 52 2 40 77 9 31 67 39 62

Step 3 – Transmit

When you transmit, you have lots of options available to you today your granddaddy didn’t. Your globally-connected encrypted pocket radio (cell phone) and SMS are fantastic systems, albeit expose your geographic location to the service provider. If you want to transmit a message to many people/agents, a Twitter or Blogger account posted to via Tor or a pre-paid cellphone create the modern day equivalent of a number station. In fact, there is at least one known bot net coordinated via an anonymous Twitter account (not encrypted, however).

That’s it, no more tools or training is required. While OTP certainly has its limitations, under the right circumstance it can outperform more sophisticated (and more difficult) cryptographic systems. Anyone with five minutes of training and a piece of paper can use the same tools the CIA, KGB, and Mossad use to conduct operations abroad. It’s up to you to learn how to apply these in your own situation, but remember that many times, the simplest tool in your arsenal is the most powerful.

Title photo © NBC News.


Are you getting more than 14¢ of value per day from ITS Tactical?

Please consider joining our Crew Leader Membership and our growing community of supporters.

At ITS Tactical we’re working hard every day to provide different methods, ideas and knowledge that could one day save your life. Instead of simply asking for your support with donations, we’ve developed a membership to allow our readers to support what we do and allow us to give you back something in return.

For less than 14¢ a day you can help contribute directly to our content, and join our growing community of supporters who have directly influenced what we’ve been able to accomplish and where we’re headed.

Click here to learn about all the benefits and Join!


Tom
Tom

Just came across this, and was wondering does anyone beleive someone will be able to crack the codes of a numbers station any time soon given any methods we're already familiar with? A reply would be appreciated! (Yes I know this thread is a tad outdated)

Marty Black
Marty Black

Sweet! I can send a "love you" text to my kid without him getting embarrassed.

Sean
Sean

Awesome post. Glad the "tactical" crowd is taking this into such strong consideration.

Even the digital versions of OTP are uncrackable - granted the dictionary is kept safe.

Years ago I read "Applied Cryptography" (http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Source/dp/0471117099/ref=sr_1_1?ie=UTF8&qid=1300748067&sr=8-1). There's simple software examples of implementing these. It's probably not a good crypto reference unless you are a software engineer.

If I recall correctly, the process is (you'd operate on bytes, but I'll refer to characters to mean that):

1) compose message (assume it's 120 characters)

2) generate equal size (120 ) random characters

3) calculate byte offset between #1 and #2

Result is 120 characters (bytes) of encryption.

You can calc. the offset of any 2 and get the 3rd. The random noise and the final crypto is functionally indistinguishable. I could geek out for a few more paragraphs, but you can wikipedia yourself to death outside this thread.

-Sean

Sean
Sean

Awesome post. Glad the "tactical" crowd is taking this into such strong consideration. Even the digital versions of OTP are uncrackable - granted the dictionary is kept safe. Years ago I read "Applied Cryptography" (http://www.amazon.com/Applied-Cryptography-Protocols-Algorithms-Source/dp/0471117099/ref=sr_1_1?ie=UTF8&qid=1300748067&sr=8-1). There's simple software examples of implementing these. It's probably not a good crypto reference unless you are a software engineer. If I recall correctly, the process is (you'd operate on bytes, but I'll refer to characters to mean that): 1) compose message (assume it's 120 characters) 2) generate equal size (120 ) random characters 3) calculate byte offset between #1 and #2 Result is 120 characters (bytes) of encryption. You can calc. the offset of any 2 and get the 3rd. The random noise and the final crypto is functionally indistinguishable. I could geek out for a few more paragraphs, but you can wikipedia yourself to death outside this thread. -Sean

Carter
Carter

Great article, great site!

I'm really digging the math-whiz geniuses in the forum who know how to crack the one-time pad without a duplicate pad or occurrences! Seventy years of spook history and actual testing *poof!* obliterated by theory!

For further reading on one-time pads, as well as a cool piece of fiction, look up Neal Stephenson's Cryptonomicon for a great key generating system for when unplugged. Also, it is the "Conet" project because of the word for "end" in many Slavic languages, which were heard over the airwaves.

Carter
Carter

Great article, great site! I'm really digging the math-whiz geniuses in the forum who know how to crack the one-time pad without a duplicate pad or occurrences! Seventy years of spook history and actual testing *poof!* obliterated by theory! For further reading on one-time pads, as well as a cool piece of fiction, look up Neal Stephenson's Cryptonomicon for a great key generating system for when unplugged. Also, it is the "Conet" project because of the word for "end" in many Slavic languages, which were heard over the airwaves.

Sam
Sam

Pietie,

You cannot use that method with this encryption because 04 could be both e and t (or any other letter) depending on that position's key

Sam
Sam

Pietie, You cannot use that method with this encryption because 04 could be both e and t (or any other letter) depending on that position's key

Pietie
Pietie

The easiest way to crack any agorithm is to use a statistical and dictionary word search analysis. Given enough processing power (which will come in time) this can work. There is a few ways to sidestep this. I can write in my home language (Afrikaans) which only about 4 million people can read/write! I could mix it with Dutch which is closely related and then...... do a nice algo....

Wayde
Wayde

Great article. Always been a fan of cyphers and OTP's especially.

One thing I felt would work with computer encryption using keys, is to have a one-time key system. Something in your residence that is 'everyone's' residence.

A telephone book, especially one from a bigger city that has more than 1200 pages. Use page number for day/date, start at the beginning of the page and use last four numbers of the phone numbers for your key. Use only residence or business listings, forget the yellow page listings.

Wayde
Wayde

Great article. Always been a fan of cyphers and OTP's especially. One thing I felt would work with computer encryption using keys, is to have a one-time key system. Something in your residence that is 'everyone's' residence. A telephone book, especially one from a bigger city that has more than 1200 pages. Use page number for day/date, start at the beginning of the page and use last four numbers of the phone numbers for your key. Use only residence or business listings, forget the yellow page listings.

Andrew Stuckey
Andrew Stuckey

Hey John,

I tried to avoid wikipedia-link overload, but here's the section that explains why it's uncrackable: http://en.wikipedia.org/wiki/One-time_pad#Perfect_secrecy

The short explanation is that even if your brute force all possibilities, you have no way of telling if "XQZ" decrypts to "CAT" or "DOG". If you encrypted spaces like in the applied example, the best someone could hope to tell is that a message is 500 spaces long (but can't tell if it's padded with random data).

Most computer encryption schemes still rely on a key to decrypt all messages, and you can verify when it's broken. They're often way more practical and in practice uncrackable.

John
John

How fun!

I wouldn't call this uncrackable, though. After all, since we do have computer, I could simply run the message through the various options (assuming I know something of which cypher technique you used) until I got a series of viable words. Do this enough times and I am pretty sure I could find the contents of the message (but it would take some work). Clearly I would not attempt to crack it without a computer (or a lot of time on my hands).

John
John

How fun! I wouldn't call this uncrackable, though. After all, since we do have computer, I could simply run the message through the various options (assuming I know something of which cypher technique you used) until I got a series of viable words. Do this enough times and I am pretty sure I could find the contents of the message (but it would take some work). Clearly I would not attempt to crack it without a computer (or a lot of time on my hands).

johnyD
johnyD

Cool,

As solar cycle 24 heats up, so will the propagation. The average short wave listener will hear stronger signals at greater distances. Excellent article!!!!!

johnyD
johnyD

Cool, As solar cycle 24 heats up, so will the propagation. The average short wave listener will hear stronger signals at greater distances. Excellent article!!!!!

Steve
Steve

Cool article. Thanks for putting stuff together for us. I wouldn't necessarily use it, but you never know. Cool stuff.

Tom Goro
Tom Goro

Great article. However I believe I found a small mistake: "...it “rotates” around to become 15 (24+17=41. 41-26=17)." Last number should be 41-26= 15 instead of 17, or am I missing something? Thanks for the article.

Mack
Mack

Agreed, Carter! Cryptonomicon is A VERY COOL piece of fiction. In point of fact, it is my third favorite work of fiction ever written. It is a GREAT primer on cryptographic theories, concepts, and techniques.

calvin
calvin

Pretty sure my math is sound here, but it's been a while since crypto class in college.

Even with a computer, cracking this would be pretty damn impressive. Assuming a 52 character alphabet and a 45 character message, you'd have something like 256 bits of entropy. So, 2^256 possibilities to brute force. A high end GPU can guess maybe 500-600 million per second. So you'd be looking at around 6.3*10^60 years of searching.

Even with only twelve characters, brute forcing would take about 1000 years.

You could definitely brute force the answer, but you'd never live to see it.

All of which is moot because with a custom alphabet as above (as Andrew points out), you've got no guarantee of knowing which answer is correct.

calvin
calvin

Pretty sure my math is sound here, but it's been a while since crypto class in college. Even with a computer, cracking this would be pretty damn impressive. Assuming a 52 character alphabet and a 45 character message, you'd have something like 256 bits of entropy. So, 2^256 possibilities to brute force. A high end GPU can guess maybe 500-600 million per second. So you'd be looking at around 6.3*10^60 years of searching. Even with only twelve characters, brute forcing would take about 1000 years. You could definitely brute force the answer, but you'd never live to see it. All of which is moot because with a custom alphabet as above (as Andrew points out), you've got no guarantee of knowing which answer is correct.

Andrew Stuckey
Andrew Stuckey

Hey John, I tried to avoid wikipedia-link overload, but here's the section that explains why it's uncrackable: http://en.wikipedia.org/wiki/One-time_pad#Perfect_secrecy The short explanation is that even if your brute force all possibilities, you have no way of telling if "XQZ" decrypts to "CAT" or "DOG". If you encrypted spaces like in the applied example, the best someone could hope to tell is that a message is 500 spaces long (but can't tell if it's padded with random data). Most computer encryption schemes still rely on a key to decrypt all messages, and you can verify when it's broken. They're often way more practical and in practice uncrackable.

The Latest
Squawk Box