Throughout history, spies, soldiers, and others have relied on so-called {\em hand ciphers} to send encrypted messages. Since the creation of Pontifex (also known as Solitaire) by Bruce Schneier in 1999, a number of hand ciphers utilizing a standard deck of playing cards have emerged. Since there are $52! \approx 2^{225.58}$ possible ways to order a deck of cards, there are over 225 bits of entropy in a well-shuffled deck of cards. Theoretically, this can provide enough security to rival modern computer-based cryptosystems. In this paper, we describe and analyze one such playing card cipher, Card-Chameleon, created by Matthew McKague. Our analysis reveals new weaknesses in this cryptosystem, particularly the tendency for a letter to encrypt to itself. This bias makes it easy to recover the plaintext if it is encrypted into multiple different ciphertexts. We will describe variations of Card-Chameleon which significantly reduced these weaknesses but did not completely eliminate them.



To view the content in your browser, please download Adobe Reader or, alternately,
you may Download the file to your hard drive.

NOTE: The latest versions of Adobe Reader do not support viewing PDF files within Firefox on Mac OS and if you are using a modern (Intel) Mac, there is no official plugin for viewing PDF files within the browser window.