Hacker News new | past | comments | ask | show | jobs | submit login
CipherSaber - A 'political' encryption cipher (wikipedia.org)
42 points by zacharyvoase on Dec 11, 2012 | hide | past | favorite | 14 comments

The more "politically correct" way to encrypt something would be to do it without using encryption.


Basically, use message authentication algorithm with shared secret to authenticate correct message bits and their position, and output random values for incorrect message bits.

For example, to encrypt 2-bit message '10':

    1: (1, 2388)   -- '2388' is a correct MAC(key, 1||1)
    1: (0, 3777)   -- '3777' is a random number
    2: (1, 9796)   -- '9796' is a random number
    2: (0, 4786)   -- '4786' is a correct MAC(key, 2||0)
Your full message is transmitted as plain text bits + authentication tag, intermixed with opposite bits + random data. Someone not knowing the secret key cannot guess which bits are the correct message bits, and which are incorrect.

To "decrypt", the receiver just calculates authentication tags with the same key, and keeps those bits that correctly authenticate, discarding the ones that don't authenticate.

The easiest to memorize and implement MAC, I think, is SipHash which uses 128-bit keys and outputs 64-bit tags: https://131002.net/siphash/

"As we face a real threat of a ban on the distribution of strong cryptography, in the United States"

When I first read this I said "Really? The cryptowars ended a long time ago." and then I saw the last modified date on the home page: 2002. This was when the cryptowars were finally coming to an end...

For anyone else who thought, "What, there was a period of time known as the cryptowars?" and wants to know more, I found this article gave a decent rundown[1].

[1]: http://www.fipr.org/press/050525crypto.html

The definitive account is Steven Levy's book "Crypto":


See also Solitaire, a cipher designed by Bruce Schneier to be applied by hand.


well, today encrypting the message within the deck is just not dense enough information wise.

why don't people just use a shuffled deck as a one time pad key for encrypted files? seems like a much better application of the idea.

How do you turn a shuffled deck into a key long enough to encrypt a file?

The obvious and totally impractical solution is to construct a look-up table between deck states and log2(52!) bit long strings.

I imagine there's a better algorithm, but it's clearly possible.

the order of the shuffled deck is 52!

A one time pad consumes as many bits as the message length. It has nothing to do with the bits of information that can theoretically be stored in a deck of cards.

use something like pi to create a number of specific length (twice as long as the file?) and permute it according to the card order?

One time pads need to be as long as the data they are encoding. They must not have any repeats. The pad has to be really random.

Thus the maximum length of the message is 54 chars (52 cards, 2 jokers).

And then you have the pad distribution problem - you need to get the pad from Ann to Bob. And the message needs to get from Ann to Bob. So are you using security by obscurity and hoping no-one notices the deck of cards is a OTP?

The main idea is interesting, but the justification for the name - that Jedi Knights built their own light sabers as a reaction to an Empire - does not sound correct. The Jedi were around long before Emperor Palpatine was destroying the Republic.

It's a boring political tie-in, even if the implications are interesting:

> Its political aspect is that because it's so simple, it can be reimplemented anywhere at any time, and so it provides a way for users to communicate privately even if government or other controls make distribution of normal cryptographic software completely impossible.

Basically it just means that it's a cheap to run and easy to use algorithm.

The interesting implication is that this may make it pointless for "relatively free" nations to ban cryptography. The vast quantities of good, publicly accessible crypto would make it an impossible rule to enforce (although it would give them a leg up in a courtroom setting).

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact