cryptography

[Johannes Hielscher]

Am Fri, 3 Apr 2020 12:09:52 +0200
schrieb "N. Andrew Walsh" <n.andrew.walsh at gmail.com>:

> Hi List,
> 
> I have a somewhat odd request for advice, which I hope can be solved
> here.
> 
> I'm writing a large, multi-part document with Lyx. One part of it (in
> its own separate child document) I want to encrypt. There are,
> however, some factors to consider:
> 
> 1) I want the encryption and decryption to be possible without
> resorting to a computer program, and to be secure. So far, the only
> method I've found for this is the Solitaire Cipher, described here:
> https://en.wikipedia.org/wiki/Solitaire_(cipher). That is, I want
> somebody equipped only with a printout of the encrypted file, a
> notepad (which can be computer), and analog tools, to be able to
> decrypt the document.

youllprobablyhavenoticedthatrestrictingtotwentysixlettersmightalreadybeq
uitedifficulttodealwith. But the algorithm does not rely on the alphabet
having exactly 26 letters. Either squeeze a “Base26” encoding in
between, or increase your deck size to include happy things like spaces,
punctuation, capital letters, numbers, \, {, }, *, #, …

Also let me quote the wobsite you referred to: “Since its creation,
analysis has revealed flaws in the cipher. It is now considered
insecure.”
It's your decision to long-term rely on such algorithms. Paper doesn't
blush.

> 
> 2) however, the document includes footnotes, citations, and
> formatting. The Solitaire Cipher only works with letters, so I have
> two issues: a) the plaintext should have as little formatting as
> possible, so that it can be output in a format that can easily be
> compiled into something matching the rest of the document. I've
> thought markdown might work for this, but then: b) I'd need to adapt
> the Solitaire Cipher in a way that can manage markdown markings.
> Would converting everything to UTF-8 hex encoding make this easier?
> Is there some other way? Is there some document format that can
> compile into a pdf output including sections, headers, footnotes,
> citations, etc., all without assuming the user has any particular
> software on their machine? (without, of course, asking them to
> decrypt 20 pages of raw pdf data)

HTML? You could replace any non-ASCII letter with the corresponding
&xCodepoint; to keep encoding overhead minimal. Use your web browser (or
its print function) to create human-readable structured text.

However, it is not entirely clear if you want the typesetting system to
allocate syntactic structural information (page/footnote numbering etc.)
for you. This case be tricky, since then you are leaving the realm of
pure semantics (plain text) and your intermediate format has to include
typesetting mark-up commands, that are notoriously difficult to display
in a human-readable way (cf. PostScript, Knuth TeX, or the whole point
of a type setter's apprenticeship).
> 
> 3) page numbers and footnotes are numbered continuously, which means
> I'd need to force the next child document after the encrypted one to
> start both at specific numbers. Page numbering might not be an issue
> if the encrypted text is included as a child document, but footnotes
> and cross-references pointing toward the ciphertext would need to be
> tweaked. How would I do this?

You aim on having references to the encrypted sub-document within the
human-readable portion of the document? Besides being bad style, this
also reveals (meta)information on what is encrypted, hence weakens the
encryption level.
If you want your document to be fundamentally safe against crypto
attacks, I recommend to resort to well-proven techniques like EBCDIC.

> 
> I realize this is something of an odd request. Please don't ask why
> I'm doing this (the answer will be "because Reasons™").
Aaah, you are the one holding copyright on “Reasons” (-:
> Is there a way to achieve what I'm trying to achieve?
Maybe. I'm just unsure if a list for infrastructure organisation on
typographical nitpicking is the best place to find it.
> 
> Thanks for the help,
> 
> A