Create a Stacked Cipher

Ciphers are algorithms for performing encryption or decryption–a series of well-defined steps that can be followed as a procedure. Codes are usually a language; whole new words. Ciphers are letter-by-letter changes. A stacked cipher is two or more ciphers applied to a text in series. This is primarily for classical ciphers that can be worked with pencil and paper. Military grade encryption gets its security through key strength and is unlikely to be made more secure by these methods. Most classical ciphers, either alone or in combination, can be cracked by a skilled cryptanalyst if the messages are long enough or numerous enough, but stacking several simple ciphers together can make that job more complicated than if they were to be cracked separately.

Steps

Sample Ciphers

Doc:Stacked Caesar Cipher,Stacked Substitution Cipher

Creating Your Own Stacked Cipher

  1. Create the ciphers you'll be using. Skip this step if you'll be using already existing ciphers, such as Caesar's cipher. When creating ciphers for stacked codes, don't worry about making them hard to decode. Even simple ciphers can go a long way when working with rules.
  2. Apply the first cipher. For the purpose of this article, the example uses the sentence "Hello World". Start with Caesar's cipher.[1] "Hello World" would become Ifmmp xpsme if we switched it one to the right.
  3. Double-check your work. It can be very frustrating to work hard on your message, only to find out that it's wrong. A simple typo or miscalculation can be disastrous. Ifmmp xpsme can easily become fmnp xpsme, which translates to elmo world. If you live in a town that has a theme park called "Hello World" and a children's playground called Elmo World, and your message is "Meet at...", the result would be a mess-up! Check, double check, and triple check if it's that important.
  4. Apply the next cipher. For this example, use the substitution cipher[2] on it. You can use any substitution you want, this example uses:
    • Applying this cipher, you will get: Wkhha qachv. The benefit of using stacked ciphers clearly shows up here. Anyone who tried to decode this would have a very hard time finding a pattern, with two ciphers applied.
  5. Double-check your latest work. As stressed above, double checking is needed, especially when dealing with stacked ciphers.
  6. Repeat the last two steps until you've used all the ciphers you want to use. Three ciphers stacked will probably be enough. More than three will be too complicated for you, and especially your friend, to decode, even with the key laying beside you. While more than three is too many, less than three can be easy to decode. Don't use substitution code or Caesar's code more than once. Try another kind of code, such as a symbol code.
    • Use phone code now. Phone code relies on the keypad of a phone or cell phone to do its work. If you look at a phone, you'll notice that the letters in small print under the number start at 2. 2 = abc, 3 = def, 4 = ghi and so on. To write in phone code, jot down the number that corresponds to the correct letter, then add a dot either to the left, on top, or to the right of the number. For example, to write b, write a 2 with a dot on top. To write L, write a 5 with a dot to the right of it.
    • Go ahead and write the message, Wkhha qachv, in phone code. Note that some numbers have 4 letters under them; for these, carry on the same, but for the last letter on that number, put two dots to the right. Look at the seven in the following image, you'll see two dots for s.
    • Your phone code should look like this:
    • The stacked cipher can now be illustrated by the following image:
  7. Add rules. The problem with all this so far is that a certain letter or number will still represent the same letter, even if you stack many ciphers on your message. But if you add rules, they'll allow for inconsistencies in your cipher, which makes it harder to decode. Rules are what throw off a "spy" or nosy person the most. With rules, you're not bound down by the normal ciphers that can easily be cracked; and you can't just "guess" what certain words are. An example rule would be: "Every other word, the Caesar's cipher is applied by two." This means that every other word, instead of A = B, it's A = C, B = D, and so on. If someone found out what wkhha means, they wouldn't be able to apply it to every wkhha in the code, because some would be different. The next steps explain how to make and apply rules.
  8. Make the rule. Come up with something creative. Think of grammar, and use rules such as "after each a, the next letter is one up in the alphabet." You could even go incrementally (each word goes up one in the alphabet.) So "Hello World" would be Ifmmp Yqtnf, instead of Ifmmp Xpsme. (The second word, "world", goes up two in the alphabet instead of one.) Although going up incrementally would be very hard in a code that is more than ten words long, it is useful in messages less than ten words long.
  9. Apply the rule. Applying rules gets tricky, especially if you make them once you've finished writing the message in code. Once applied, though, a rule will stump any spy who tries to read your messages. Once you've applied your rule, double check your work.
  10. Make a chart of rules. Write out a list of the rules you have, and give it to your friend. That way, you never have to send a message in the same code again. (At the top, you can just write Applied Rule 1, 5, and 7, then whoever you're communicating with can look at his/her chart and decode with those rules.)
  11. Make keys. Unless you expect your friend to decode each and every message you send him or her without a key, create one. Never have more than one copy per person, otherwise you increase the likelihood that someone else will find the key. You can have preset codes with cryptic names, too. For example, you could name the stacked cipher just created above CSP. (Caesar's cipher, Substitution cipher, Phone cipher.) If you apply rule 5 out of all your rules to this code, then you can add 5 to the name, so it's CSP5. Most likely, a spy won't figure out the names. Just send the code in this format:

Examples

C1N2 Stacked Cipher

This stacked cipher consists of: Caesar's cipher, Rule 1, Number code, and Rule 2. The message to be encrypted here is: Meet me at the cafe.

  1. Begin with Caesar's cipher. The result is: Nffu nf bu uif dbgf.
  2. Apply Rule 1. The rule reads as follows: Every second letter, not including spaces, shift up two, instead of one. So, if you were to encrypt "Meet", it wouldn't be Nffu, it would be Ngfv, because you shift the second letter, f, and the last letter, v up one more. The result is: Ngfv ng bv ujf ebhf.
  3. Apply number code. Number code is simple. Just replace each letter with its corresponding position in the alphabet. So "a" is 1, "b" is 2, "c" is 3, "d" is 4, "e" is 5, etc. Write it with dashes between each letter: "abc" becomes 1-2-3. The result is: 14-7-6-22 14-7 2-22 21-10-6 5-2-8-6.
  4. Apply Rule 2. Rule 2 reads as follows: Divide the number after each 6 by two. So if the message is 6-8-22-4, it becomes 6-4-22-4. If it's 6-5-11-3, it becomes 6-2.5-11-3. Once the rule is applied, the message becomes 14-7-6-11 14-7 2-22 21-10-6 2.5-2-8-6. (Optional): You could also amend the rule so that if a 6 is at the very end of the message, the beginning number is divided by two.
  5. Congratulations! That is the finished code. All you have to write to your friend is:
    • Using: C1N2
    • 14-7-6-11 14-7 2-22 21-10-6 2.5-2-8-6

Braille-Morse

An example based on Braille and Morse code. Taken individually, they offer zero security. They were invented to make communication (with blind people and by telegraph) easier, not harder. But if combined, anyone who intercepted the encrypted message might not see how to crack it. In this example, we'll encrypt the phrase, "Meeting Monday in Lincoln Park."

  1. Convert the plain text into Braille. In Braille, each letter is represented by a block of dots 2 dots long by three dots tall.
  2. Read each of the three rows of Braille as Morse code with a raised dot as a dash and an unraised dot as a dot. This requires grouping the dots and dashes so that the Morse code can be converted into letters. There will be several ways to do this, but since "E" is a single dot and "T" is a single dash you can't get stuck.
  3. Convert the Morse code back into letters. This yields, "orrmoojqnotumoawmcnir9azrcudmlbgpepenhbbc6pekvvrcitr" which to a casual observer doesn't suggest an obvious way to decipher.
  4. To decrypt, apply the same steps in reverse.
    1. Convert the cipher text into Morse code without spaces between letters.
    2. Divide the symbols into three equal rows.
    3. Read as Braille.
  5. If there's a chance your adversary could figure out that you're using this type of code, you should add a keyed cipher like Vigenère or Playfair to the stack. Even then, stacking can complicate frequency analysis and other usual approaches to cracking a known cipher with an unknown key.

Transposition-Caesar

This is a simple example of combining substitution and permutation ciphers. We'll use a transposition cipher based on a five by five square as shown in the next step and a Caesar cipher with a forward shift of one letter to encrypt the phrase, "We have run out of grape juice." This isn't unbreakable, but the advantage is that one is unlikely to make progress on the transposition part before breaking the Caesar cipher to get the right letters in the grid.

  1. Apply the transposition cipher as shown. The obvious risk here is that the attacker might see part of a word along a diagonal, but the next step somewhat mitigates that unless he first learns the dimensions of the box used to generate it.
  2. Read across the rows and present as a single line of text. This gives, "WHAOUEVNTEEUOPJRFAUEGRIC".
  3. Apply the Caesar cipher. Replace each letter with the next alphabetically to yield, "XIBPVFWOUFFVPQKSGBVFHSJD".

Tips

  • It's best to combine ciphers that work in different ways. For example, combining a simple or polyalphabetic substitution cipher like Vigenère with some sort of transposition cipher will be harder to crack than either alone. On the other hand, a stack of substitution ciphers is equivalent to a single substitution cipher with a different key. Therefore stacking Caesar, Atbash, and Polybius square ciphers adds very little. Once the adversary realizes that there are exactly 26 symbols, he can solve it like a cryptogram without even knowing which ciphers were involved.
  • Apply rules mainly to simple ciphers, such as the Substitution cipher or Number cipher.
  • Create many complicated ciphers. That way you have a list of ciphers you can use in stacked ciphers, and you won't need rules to make them more complicated if they're already hard to crack.
  • To speed up your work, first create a chart of rules; maybe 10 of them; then start piling on ciphers that already exist, such as Caesar's cipher. Once finished, apply some of the rules in your chart to the ciphers to make them complicated.

Warnings

  • Don't rely too much on just substitution code, Caesar's cipher, or symbol ciphers. Use rules to mix them up a bit.
  • This only works for non-professionals. Professional cryptanalysts will pick apart even stacks of all common ciphers relatively quickly and in some cases stacking ciphers can make it trivial for computerized brute force methods to crack it extremely rapidly (reduced key space). If you need encryption that is truly secure use AES or Blowfish with the maximum available key length, even without additional ciphers these have been shown to be uncrackable in the reasonably near future (~10 years.)
  • Use at least one complicated cipher, or at least one rule. If it's just a bunch of easy ciphers, they can be cracked.
  • http://webnet77.com/cgi-bin/helpers/blowfish.pl contains a handy tool for encrypting and decrypting in Blowfish. If you want to be more "professional" with your encrypting, this is the way to go. Stacking a cipher on top of Blowfish encryption would make it nearly impossible to crack.

Sources and Citations

  1. Wikipedia, Caesar's cipher, http://en.wikipedia.org/wiki/Caesar's_cipher.
  2. Definition and information about the substitution cipher at Wikipedia, Substitution cipher, http://en.wikipedia.org/wiki/Substitution_cipher