Preface

December 20 2022 Home | Cryptography by Hand | Prev | Next ·

Secret messages are fun. Who hasn't dreamed about becoming a spy, forming secret societies, or simply sending encoded messages to a friend or lover? Maybe you and your school friends tried to write notes to each other that would escape the teacher's notice or understanding. Or perhaps you love spy movies and novels and wish you could do what the characters do. Whatever the reason, most of us find secret writing intriguing.

This is my guide to practicing cryptography by hand. I wrote it with the conviction that doing things manually is both fun and rewarding. Ironically, I'm a software engineer who doesn't believe that everything has to be automated. Efficiency isn't life's ultimate goal — some things are more enjoyable when done slowly. Manual crafts and hobbies are joys because we are ultimately physical beings who evolved to live in and interact with a physical world.

Cryptography, the science of encoding messages so that unintended recipients cannot read or modify them, is no exception. Our modern digital world relies on it, but the ciphers that protect personal communications, commerce, medical care, government operations, war, and even diplomacy and espionage today are too complicated to be done by hand. They require computers and have sophisticated and inscrutable mathematical proofs. Is there a cipher we can do with pencil and paper that computers struggle to break?

Fortunately, there is a cipher that is easy to do by hand: the one-time pad. Remarkably, it can never be broken if done correctly, not even by enemies with infinite time and computing power. (Modern ciphers can't guarantee this!) And proving its security is relatively simple. This handbook will show you how to use the one-time pad. All you'll need is a pen or pencil, some paper, and some way to randomly generate small numbers, such as dice.

Unlike other one-time pad guides I've seen online, this one will also teach you how to ensure (with high probability) that encrypted messages are authentic — that they weren't modified or garbled in transit. For reasons I'll explain, the one-time pad by itself cannot prevent adversaries from altering messages in transit. But by using a simple procedure, we can attach message authentication codes (MACs) — small numeric tags — to encoded messages that recipients can use to verify our messages' authenticity. Together, one-time pads and MACs provide unbreakable encryption.

But sending your friends and family messages, email, and letters with random letters and numbers would make you look suspicious to any casual observer. Sure, your messages might be indecipherable to prying eyes, but they would know that you're sending secret messages (as well as when, where, to whom, and how). Hiding your messages in plain sight — the art of steganography — keeps you, your recipients, and your messages from arousing suspicion, although it does nothing to keep others from reading your messages if they're discovered: That's what cryptography is for! This handbook discusses several steganographic methods.

My goal is to teach you a historically important cipher and help you have fun. These lessons will not make you a professional spy; in fact, getting caught using the one-time pad can get you into serious (even fatal) trouble with the law in some countries because of its close association with espionage. The one-time pad and the MAC in this guide are also slow and impractical for most tasks that require both speed and secrecy. There are important restrictions that limit their usefulness in modern digital communications, such as Internet traffic. But they're fun to use with friends and family and useful in some limited situations; I outline a few ways to try them in real life (if doing so is safe).

So grab your pen or pencil and paper and let's start!