•
•

Abstract

Throughout history, spies, soldiers, and others have relied on so-called {\em hand ciphers} to send encrypted messages. Since the creation of Pontifex (also known as Solitaire) by Bruce Schneier in 1999, a number of hand ciphers utilizing a standard deck of playing cards have emerged. Since there are $52! \approx 2^{225.58}$ possible ways to order a deck of cards, there are over 225 bits of entropy in a well-shuffled deck of cards. Theoretically, this can provide enough security to rival modern computer-based cryptosystems. In this paper, we describe and analyze one such playing card cipher, Card-Chameleon, created by Matthew McKague. Our analysis reveals new weaknesses in this cryptosystem, particularly the tendency for a letter to encrypt to itself. This bias makes it easy to recover the plaintext if it is encrypted into multiple different ciphertexts. We will describe variations of Card-Chameleon which significantly reduced these weaknesses but did not completely eliminate them.

COinS