A complete hand cipher system combining straddling checkerboard encoding, mod-10 arithmetic, operational codebook, and true one-time pad key material. Designed for no-electronics operation against a nation-state threat model.
This system combines four components, each solving a distinct problem. No single component provides security on its own. Together they form a complete field cipher system operable by hand with no electronics.
| Component | Purpose | What It Solves |
|---|---|---|
| Row Encoding System | Convert letters to digits | Efficient encoding -- avg 1.35 digits per letter vs 2.0 for A=01 |
| Mod-10 Arithmetic | Cipher operation | Single consistent operation -- no 26x26 table required |
| Operational Codebook | Compress common phrases | Reduces key consumption for standard vocabulary by 60-80% |
| One-Time Pad Key | Provide information-theoretic security | Unbreakable regardless of compute -- mathematical guarantee |
The system is derived from the Soviet VIC cipher (used operationally from the 1940s through the 1980s and never broken by cryptanalysis), combined with improvements from SOE Worked Out Keys, CIA field practice, and modern analysis of hand cipher error rates under operational stress.
Three criteria drove every design decision:
Speed under stress. Every unnecessary lookup step is a source of error. The system minimizes distinct mental operations per character.
Consistent arithmetic. Mod-10 addition throughout. One table. One operation. No mode switching between encoding systems for different character types.
Physical security. The pad sheet format, material selection, and destruction protocol are designed for complete and fast elimination of key material.
A correctly executed one-time pad provides information-theoretic security -- not computational security. This distinction is fundamental.
| Property | Computational Security | Information-Theoretic Security |
|---|---|---|
| Example | AES-256, ChaCha20 | True OTP |
| Broken by | Sufficient compute (theoretical) | Cannot be broken by any compute |
| Future-proof | No -- quantum compute is a threat | Yes -- mathematical proof, not assumption |
| Key requirement | Short key (128-256 bits) | Key as long as message |
| Broken in practice | Rarely, via side channels | Never -- only operational failures |
The security guarantee: a ciphertext produced by correctly applying
a truly random OTP is statistically identical to a random string.
An adversary observing only the ciphertext cannot distinguish
ABORT from PROCEED from any other message
of the same encoded length. There is no mathematical signal to attack.
Key material must be truly random. Dice rolls, hardware entropy sources. Not pseudo-random number generators, not pi digits, not memorable sequences. Deterministic key material is recoverable by an adversary who suspects the source.
Key material must be at least as long as the message. A key that runs out forces reuse or truncation. Both destroy security.
Each portion of key material used exactly once. Reuse of even a single digit sequence is catastrophic. The VENONA program (1943-1980) broke Soviet OTP traffic exclusively because wartime paper shortages caused key material duplication. Two messages encrypted with the same key can be XOR'd together, eliminating the key entirely.
The encoding system assigns digits to letters based on frequency. The nine most common letters in English receive single-digit codes. All remaining letters, digits, and punctuation receive two-digit codes. This is a straddling checkerboard -- the same principle used in the VIC cipher.
// ROW 0 -- nine most frequent English letters -- SINGLE digit codes E T A O I N S H R 1 2 3 4 5 6 7 8 9 // ROW 1 -- prefix 1 -- two digit codes (1x) D L C U M W F G Y 11 12 13 14 15 16 17 18 19 // ROW 2 -- prefix 2 -- two digit codes (2x) P B V K J X Q Z . 21 22 23 24 25 26 27 28 29 // ROW 3 -- prefix 3 -- numerals and special (3x) 0 1 2 3 4 5 6 7 8 9 30 31 32 33 34 35 36 37 38 39 // SPACE = 00
| Letter | Code | Letter | Code | Letter | Code | Letter | Code |
|---|---|---|---|---|---|---|---|
| E | 1 | D | 11 | P | 21 | 0 | 30 |
| T | 2 | L | 12 | B | 22 | 1 | 31 |
| A | 3 | C | 13 | V | 23 | 2 | 32 |
| O | 4 | U | 14 | K | 24 | 3 | 33 |
| I | 5 | M | 15 | J | 25 | 4 | 34 |
| N | 6 | W | 16 | X | 26 | 5 | 35 |
| S | 7 | F | 17 | Q | 27 | 6 | 36 |
| H | 8 | G | 18 | Z | 28 | 7 | 37 |
| R | 9 | Y | 19 | . | 29 | 8 | 38 |
| SPC | 00 | 9 | 39 |
English letter frequency data shows Row 0 letters (E T A O I N S H R) account for approximately 65% of all characters in standard text. This produces an average code length of:
Average = (0.65 x 1 digit) + (0.35 x 2 digits) = 1.35 digits per letter Compared to: A=01 simple encoding = 2.00 digits per letter WOK mod-26 = 1.00 letter per letter (but 26x26 table required) This system = 1.35 digits per letter (mod-10 table only) For a 100-character message: Simple encoding needs 200 key digits This system needs 135 key digits -- 32% fewer dice rolls
Row 0 is the only encoding that must be memorized. The two-digit codes follow mechanically from the row prefix and position.
E T A O I N S H R
Mnemonic: "Eat Tangerines And Oranges In Nice Spanish Hotels, Regularly"
Row 1 prefix 1: D L C U M W F G Y
Row 2 prefix 2: P B V K J X Q Z .
Row 3 prefix 3: 0 1 2 3 4 5 6 7 8 9
Space: 00
Encode the following plaintext to digits using the row system above. Write the digits in groups of five.
Plaintext: NORTH
Identify which row each letter is in before assigning a code. Check your work by verifying the digit count.
N = Row 0, position 6 --> 6 O = Row 0, position 4 --> 4 R = Row 0, position 9 --> 9 T = Row 0, position 2 --> 2 H = Row 0, position 8 --> 8 Encoded: 6 4 9 2 8 Groups: 64928 All five are Row 0 letters. 5 plaintext characters = 5 encoded digits. Note: this is unusually compact. Row 0 dominates in short common words.
Encode the following plaintext. It contains letters from multiple rows and a numeral. Note the digit count versus character count.
Plaintext: DROP AT 0300
D = Row 1, position 1 --> 11 R = Row 0, position 9 --> 9 O = Row 0, position 4 --> 4 P = Row 2, position 1 --> 21 SPC = 00 --> 00 A = Row 0, position 3 --> 3 T = Row 0, position 2 --> 2 SPC = 00 --> 00 0 = Row 3, position 0 --> 30 3 = Row 3, position 3 --> 33 0 = Row 3, position 0 --> 30 0 = Row 3, position 0 --> 30 Encoded: 11 9 4 21 00 3 2 00 30 33 30 30 Digits: 11942 10032 00303 330 (grouped by 5) 12 characters --> 22 digits Average: 1.83 digits/character (numerals inflate the average)
Decode the following digit string back to plaintext. Watch for the row prefixes -- a digit of 1, 2, or 3 followed by another digit is a two-digit code. A standalone 1-9 not following a row prefix is a Row 0 letter. 00 is a space.
Digits: 7 1 9 5 11 1 12 00 3 2 00 11 3 16 6
7 --> S (Row 0) 1 --> E (Row 0) 9 --> R (Row 0) 5 --> I (Row 0) 11 --> D (Row 1, pos 1) 1 --> E (Row 0) 12 --> L (Row 1, pos 2) 00 --> SPC 3 --> A (Row 0) 2 --> T (Row 0) 00 --> SPC 11 --> D (Row 1, pos 1) 3 --> A (Row 0) 16 --> W (Row 1, pos 6) 6 --> N (Row 0) Plaintext: SERIDELAT DAWN Wait -- reparse: SERIAL DEL AT DAWN Recheck: 7=S 1=E 9=R 5=I 3... Actually: S E R I + D(11) + E(1) + L(12) + SPC + A T + SPC + D(11) + A + W(16) + N = SERIDELAT DAWN Hmm: S-E-R-I-D-E-L [SPC] A-T [SPC] D-A-W-N = SERIDEL AT DAWN
The cipher operation is modular addition in base 10. No carries. Each digit pair is independent. The table below replaces all mental arithmetic -- find the row (plaintext digit), find the column (key digit), the cell is the ciphertext digit.
ENCRYPT: C = (P + K) mod 10 DECRYPT: P = (C - K + 10) mod 10
| + | K=0 | K=1 | K=2 | K=3 | K=4 | K=5 | K=6 | K=7 | K=8 | K=9 |
|---|---|---|---|---|---|---|---|---|---|---|
| P=0 | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 |
| P=1 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0 |
| P=2 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0 | 1 |
| P=3 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 0 | 1 | 2 |
| P=4 | 4 | 5 | 6 | 7 | 8 | 9 | 0 | 1 | 2 | 3 |
| P=5 | 5 | 6 | 7 | 8 | 9 | 0 | 1 | 2 | 3 | 4 |
| P=6 | 6 | 7 | 8 | 9 | 0 | 1 | 2 | 3 | 4 | 5 |
| P=7 | 7 | 8 | 9 | 0 | 1 | 2 | 3 | 4 | 5 | 6 |
| P=8 | 8 | 9 | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 |
| P=9 | 9 | 0 | 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 |
The shaded diagonal (top-left to bottom-right) marks where P=K. These cells always produce a value where the key digit is zero -- meaning the ciphertext equals the plaintext. Any key digit of zero is a transparency -- the position passes through unchanged. This is not a security flaw (zero is as likely as any other digit from a random source) but it is visible in the table and worth knowing.
Decryption does not require a separate table. Given the ciphertext digit and the key digit, find the key digit's row, then scan across that row for the ciphertext digit value. The column header is the plaintext digit.
Example: Ciphertext digit: 3 Key digit: 7 Find row K=7: 7 8 9 0 1 2 3 4 5 6 Find value 3 in that row: position 6 Column header of position 6: P=6 Plaintext digit: 6 Verify: (6 + 7) mod 10 = 13 mod 10 = 3. Correct.
Use the table to perform the following additions. Do not use mental arithmetic -- practice the table lookup motion.
(a) P=4, K=7 --> C = ? (b) P=9, K=4 --> C = ? (c) P=0, K=0 --> C = ? (d) P=7, K=7 --> C = ? (e) P=3, K=9 --> C = ?
(a) (4 + 7) mod 10 = 11 mod 10 = 1 (b) (9 + 4) mod 10 = 13 mod 10 = 3 (c) (0 + 0) mod 10 = 0 = 0 (diagonal -- transparency) (d) (7 + 7) mod 10 = 14 mod 10 = 4 (diagonal -- transparency, passes through) (e) (3 + 9) mod 10 = 12 mod 10 = 2
Recover the plaintext digit from the ciphertext and key digit.
Use the formula P = (C - K + 10) mod 10
or use the table lookup method described above.
(a) C=1, K=7 --> P = ? (b) C=3, K=4 --> P = ? (c) C=0, K=0 --> P = ? (d) C=4, K=7 --> P = ? (e) C=2, K=9 --> P = ?
(a) (1 - 7 + 10) mod 10 = 4 --> P=4 (matches Ex 4.1a) (b) (3 - 4 + 10) mod 10 = 9 --> P=9 (matches Ex 4.1b) (c) (0 - 0 + 10) mod 10 = 0 --> P=0 (matches Ex 4.1c) (d) (4 - 7 + 10) mod 10 = 7 --> P=7 (matches Ex 4.1d) (e) (2 - 9 + 10) mod 10 = 3 --> P=3 (matches Ex 4.1e)
The codebook maps standard operational phrases to 4-digit codes. All codebook entries begin with 9 -- a prefix that never appears in normal plaintext encoding (Row 3 only reaches 39, and Row 0/1/2 codes never start with 9). This makes codebook entries unambiguous in the digit stream.
| Code | Meaning | Code | Meaning |
|---|---|---|---|
| 9000 | END OF MESSAGE / NULL FOLLOWS | 9010 | AS PLANNED |
| 9001 | CONFIRMED / YES | 9011 | MEET |
| 9002 | ABORT / CANCEL | 9012 | TOMORROW |
| 9003 | PROCEED | 9013 | TODAY |
| 9004 | DANGER / COMPROMISED | 9014 | LOCATION FOLLOWS |
| 9005 | DELAY | 9015 | TIME FOLLOWS |
| 9006 | COMPLETE / DONE | 9016 | SWITCH TO ALTERNATE |
| 9007 | ACKNOWLEDGE | 9017 | DEAD DROP |
| 9008 | EMERGENCY | 9018 | SURVEILLANCE DETECTED |
| 9009 | UNDERSTOOD | 9019 | CLEAR / ALL CLEAR |
| 9020 | ERROR IN LAST / RESEND | 9021 | PRIMARY LOCATION |
| 9022 | ALTERNATE LOCATION | 9023 | FALLBACK LOCATION |
| 9024 | DOCUMENT FOLLOWS | 9025 | COORDINATES FOLLOW |
| 9026 | NAME FOLLOWS | 9027 | NUMBER FOLLOWS |
| 9028 | NEXT MESSAGE IN | 9029 | USE PAD SHEET |
| 9030 | HOURS (follows time) | 9031 | DAYS (follows number) |
Message: SURVEILLANCE DETECTED ABORT SWITCH TO ALTERNATE
Without codebook (spelled out):
S U R V E I L L A N C E = 7 14 9 23 1 5 12 12 3 6 13 1 = 13 digits
[SPC] = 00
D E T E C T E D = 11 1 2 1 13 2 1 11 = 8 digits
[SPC] = 00
A B O R T = 3 22 4 9 2 = 5 digits
[SPC] S W I T C H [SPC] = 00 7 16 5 2 13 8 00 = 8 digits
T O A L T E R N A T E = 2 4 3 12 2 1 9 6 3 2 1 = 11 digits
Total: ~48 digits --> 48 key digits consumed
With codebook:
9018 = SURVEILLANCE DETECTED
9002 = ABORT
9016 = SWITCH TO ALTERNATE
Total: 12 digits --> 12 key digits consumed (75% reduction)
Code 9000 marks the end of meaningful content.
All digits after 9000 are random pad material with no plaintext
meaning. Messages are always transmitted to a fixed block length
(e.g., 50 groups of 5 = 250 digits). This eliminates message length
as a traffic analysis vector -- all messages look identical in length
regardless of content.
Real message: 9003 9011 9013 9000 Padded to 250: 9003 9011 9013 9000 [236 random digits from key material] An adversary sees 250-digit transmissions every time. PROCEED MEET TODAY and ABORT EMERGENCY are indistinguishable from each other and from a null/test transmission.
Encode the following operational message using the codebook where possible, spelling out only what has no codebook entry. Count the digits before and after to see the savings.
Message: CONFIRMED MEET TOMORROW AT ALTERNATE LOCATION
CONFIRMED = 9001 MEET = 9011 TOMORROW = 9012 AT = spell out: A(3) T(2) --> 32 ALTERNATE LOCATION = 9022 Full digit string: 9001 9011 9012 32 9022 = 18 digits total Spelled out fully: C O N F I R M E D M E E T T O M O R R O W A T... = approximately 74 digits Savings: 56 digits = 76% reduction in key material required
Key material must be truly random. This means physically irreproducible entropy -- not algorithmic generation, not memorized sequences, not dates or phrases. The standard tool is a set of d10 dice (10-sided, 0-9 face values).
Use precision dice -- casino-grade if available. Standard game dice have pip weighting bias (the 6 face has more material removed than the 1 face). This bias is measurable and in theory exploitable against short key sequences. For key material of 100+ digits the practical impact is negligible, but precision dice cost little more.
Roll onto a felt or cloth surface inside a box lid or tray. Dice that fall off the surface or land cocked are re-rolled. No exceptions -- rejecting rolls introduces bias.
Record one digit per roll. Do not group mentally before writing. Do not round. Do not reject any valid roll result for any reason including "that seems too many zeros." Clusters are expected in random sequences. Rejecting them destroys randomness.
Generate the full key before writing any message. Key material must not be influenced by plaintext content even subconsciously.
For duplicate pads (two parties need identical keys): use carbon paper under your writing surface, or have both parties write simultaneously while one person calls the rolls. Verify digit-for-digit after generation. A single transcription error causes complete decryption failure with no indication of where the error occurred.
Standard block size: 250 digits (50 groups of 5) For a message using codebook heavily: 10-15 codebook entries = 40-60 digits of plaintext Pad to 250 with 9000 + null digits Key required: 250 digits For a message spelled fully: 100 characters * 1.35 avg = 135 digits of plaintext Pad to 250 with 9000 + null digits Key required: 250 digits Recommendation: generate key material in fixed blocks of 250 digits. Every message uses exactly one 250-digit block regardless of content.
The pad sheet is a 12x12 inch sheet of mulberry or rice paper, sized on one side with dilute corn starch. It is divided into four quadrants, each handling one component of the cipher operation. Working order follows natural reading direction: Q4 to orient, Q1 to generate key, Q2 to encode plaintext, Q3 to produce ciphertext.
+----------------------------+----------------------------+ | | | | Q1 -- KEY MATERIAL | Q2 -- PLAINTEXT | | | | | Generated from dice. | Raw plaintext written | | Written first. | above, encoded digits | | One digit per cell. | written below. | | Cross out after use. | Groups of five. | | | | +----------------------------+----------------------------+ | | | | Q3 -- CIPHERTEXT | Q4 -- REFERENCE | | | | | Result of Q2+Q1 mod 10. | Row encoding table. | | Written in groups of 5. | Mod-10 cipher table. | | Transmit from here. | Codebook 9000-9031. | | Verify strip at bottom. | Pad ID and metadata. | | | | +----------------------------+----------------------------+
Each quadrant: 6 x 6 inches = 152 x 152 mm At 8mm digit height, 10mm line spacing: Digits per line: ~18 groups of 5 = 90 digits Lines available: ~12 lines per quadrant Capacity: ~1080 digits per quadrant You only need 250 digits for a standard block. The quadrant has generous space. Write large. Clarity under stress outweighs compactness.
Verify pad identity. Confirm with your counterpart (via pre-arranged signal or in person) which pad sheet number is in use. Both parties must use identical sheets. Write the pad ID in Q4.
Generate key material. Roll d10 dice. Record in Q1, left to right, top to bottom. Generate the full block (250 digits) before writing any message. Keep the block size fixed regardless of message length.
Apply codebook. Write the raw message in Q2 (upper section). Identify which phrases have codebook entries. Replace those phrases with their 9xxx codes in the encoded section below.
Encode remaining plaintext. Convert each remaining letter or numeral to its row code. Write the complete digit string in Q2 (lower section), in groups of five.
Append 9000 and null padding.
Write 9000 at the end of the encoded message.
Continue writing key digits from Q1 into Q3 until the block
is full (250 digits). The null digits after 9000 are just key digits --
the recipient ignores everything after 9000.
Add mod-10, digit by digit. Take one digit from Q2 and one digit from Q1 (in sequence). Look up the result in the Q4 cipher table. Write the result in Q3.
Record verify strip. Write the first five digits of the Q3 ciphertext in the verify strip at the bottom of Q3. This will be confirmed by the recipient before the next exchange.
Transmit ciphertext. Read off Q3 in groups of five. Transmit only the ciphertext -- never the pad ID, never the plaintext, never the key.
Destroy immediately. The pad sheet is destroyed as soon as transmission is complete. Water method: submerge, agitate, confirm no legible fragments. Do not fold and keep. Do not file. There is no valid reason to retain used key material.
Encrypt the following message using the system. Apply codebook entries where applicable. Use the key digits provided (in a real operation you roll these yourself).
Message: ABORT DANGER SWITCH TO ALTERNATE Key digits (pre-rolled): 8 3 1 4 7 2 9 0 5 6 3 8 1 2 4 7 0 9 3 5
Step 1 -- Apply codebook: ABORT = 9002 DANGER = 9004 SWITCH TO ALTERNATE = 9016 + 9000 (end) Step 2 -- Plain digit string: 9 0 0 2 9 0 0 4 9 0 1 6 9 0 0 0 (16 digits) Step 3 -- Add mod-10 with key: Plain: 9 0 0 2 9 0 0 4 9 0 1 6 9 0 0 0 Key: 8 3 1 4 7 2 9 0 5 6 3 8 1 2 4 7 9+8=17->7 0+3=3 0+1=1 2+4=6 9+7=16->6 0+2=2 0+9=9 4+0=4 9+5=14->4 0+6=6 1+3=4 6+8=14->4 9+1=10->0 0+2=2 0+4=4 0+7=7 Cipher: 7 3 1 6 6 2 9 4 4 6 4 4 0 2 4 7 Groups: 73166 29446 44024 7[pad] Verify strip: 73166
Verify pad identity. Confirm you are using the correct pad sheet number. Confirm the verify strip (first five cipher digits) matches what your counterpart recorded. A mismatch before you start saves complete decryption failure after.
Write received ciphertext in Q3. Copy the received digit groups exactly as received. Do not correct apparent errors -- write what you received.
Subtract mod-10, digit by digit.
Take one digit from Q3 (cipher) and one from Q1 (your key).
Apply P = (C - K + 10) mod 10.
Use the cipher table lookup: find the key digit's row,
find the cipher digit in that row, read the column header.
Write result in Q2.
Decode digit string to plaintext. Parse the Q2 digit string using the row encoding table. A standalone 1-9 is a Row 0 letter. A 1, 2, or 3 followed by another digit is a two-digit code. 00 is a space. Any sequence starting with 9 is a codebook entry. Stop at 9000.
Record verify strip and destroy. Write the first five cipher digits of this message in your verify strip. Destroy the pad sheet immediately.
Decrypt the following received ciphertext. Use the key digits provided. Recover the plaintext message including any codebook expansion.
Received ciphertext: 37499 30381 03124 98994 Key digits: 4 7 3 8 6 1 9 2 5 0 4 7 8 2 1 3 5 9 6 4
This is the output from Worked Example 8 above. Verify your result.
Cipher: 3 7 4 9 9 3 0 3 8 1 0 3 1 2 4 9 8 9 9 4
Key: 4 7 3 8 6 1 9 2 5 0 4 7 8 2 1 3 5 9 6 4
Subtract mod-10: (C - K + 10) mod 10
3-4+10=9 7-7=0 4-3=1 9-8=1
9-6+10=3 3-1=2 0-9+10=1 3-2=1
8-5=3 1-0=1 0-4+10=6 3-7+10=6
1-8+10=3 2-2=0 4-1=3 9-3=6
8-5=3 9-9=0 9-6=3 4-4=0
Plain digits: 9 0 1 1 3 2 1 1 3 1 6 6 3 0 3 6 3 0 3 0
Parse:
9011 --> MEET (codebook)
3 --> A (Row 0)
2 --> T (Row 0)
11 --> D (Row 1, pos 1)
3 --> A (Row 0)
1 --> E (Row 0) ... wait
Re-parse more carefully:
9 0 1 1 = 9011 --> MEET
3 --> A
2 --> T
1 1 --> D (two-digit: Row 1, pos 1)
3 --> A
1 6 --> W (two-digit: Row 1, pos 6)
6 --> N (Row 0)
3 0 --> 0 (two-digit: Row 3, pos 0)
3 6 --> 6 (two-digit: Row 3, pos 6)
3 0 --> 0 (two-digit: Row 3, pos 0)
3 0 --> 0 (two-digit: Row 3, pos 0)
Plaintext: MEET AT DAWN 0600
| Material | Burn Rate | Water | Ingest | Detection | Verdict |
|---|---|---|---|---|---|
| Rice Paper | 3-8 seconds | Dissolves in 30s | Safe | None | Best overall |
| Mulberry (Kozo) | 5-15 seconds | Slow, tears | Safe | None | Strong, durable |
| Silk | 15-30 seconds | Poor | Safe | None | Best concealment, ingestion |
| Nitrocellulose | <300ms | Fails | Toxic | Chemical | Fastest burn, controlled substance |
| Standard paper | 30-60 seconds | Slow | Safe | None | Avoid -- ash retains structure |
Cut paper to 12x12 inches before sizing.
Spray 2 pumps of corn starch spray (Niagara or equivalent) onto a clean blue shop towel. Wait 10-15 seconds for absorption. The towel should feel barely damp, not wet.
Wipe lightly across the paper surface in one direction. Single pass only. Sized side up.
Allow to air dry 10-15 minutes (touch-dry) on a hard flat surface over one sheet of wax paper. Do not cover or weight during initial drying.
Place second wax paper sheet on top. Weight with smooth ceramic or glass. Full dry: 30-60 minutes.
Emboss quadrant dividers and guide lines with a dry stylus before sizing for best definition. Can be done after if needed -- light pressure only on dry sized paper.
| Instrument | Performance | Notes |
|---|---|---|
| 2H pencil (sharp) | Excellent | Best overall. No liquid. Survives moisture. |
| Staedtler Lumocolor 0.4mm | Very good | Alcohol-based. Fast dry. No bleed on sized paper. |
| Pressurized ballpoint (Fisher) | Good | Light pressure required. Hard backing surface essential. |
| Standard ballpoint | Fair | Risk of tearing. Hard surface, minimal pressure. |
| Fountain pen | Poor | Water-based ink bleeds. Do not use. |
| Felt tip (water-based) | Unusable | Immediate bleed even on sized paper. |
PRIMARY -- Water immersion: Submerge fully in any container of water Agitate -- tear apart if possible Rice paper: unreadable in 30 seconds Mulberry paper: 2-4 minutes for full dissolution Confirm no legible fragment remains before leaving Flush or discard the pulp SECONDARY -- Flame: Hold with non-dominant hand, light corner Rice/mulberry: complete in 5-15 seconds Hold until fully consumed, not just ignited Crush ash physically before dispersal Do not burn indoors -- smoke and smell are detectable TERTIARY -- Ingestion (mulberry or rice paper only): Tear into small pieces Swallow with water Reserve for situations where water and flame are unavailable Nitrocellulose is TOXIC -- do not ingest
| Case | Cipher | How Compromised | Cipher Broken? |
|---|---|---|---|
| VENONA (Soviet, 1940s) | Mod-10 OTP | Key material reused under paper shortage | No -- key reuse only |
| Rudolf Abel (1957) | VIC cipher | Hollow nickel with microfilm found accidentally | No -- physical discovery |
| Cuban Wasp Network (1998) | Mod-10 OTP | Used pad sheets not destroyed -- recovered by FBI | No -- key material seized |
| Robert Hanssen | OTP variants | Human intelligence from defector | No -- human source |
| Aldrich Ames | OTP variants | Lifestyle surveillance, human intelligence | No -- human source |
In every publicly known case, the cipher held. Operational security failed. The rules above address specifically the failure modes that actually occurred in practice.
Work through these in sequence. Each exercise builds on the previous. Do not advance until you can complete the current exercise without referring to the encoding table -- the table should be memorized before operational use.
Write ETAOINSH R from memory. Then write its digit mapping (E=1, T=2, A=3, O=4, I=5, N=6, S=7, H=8, R=9) from memory. Repeat until you can write the full mapping in under 10 seconds.
Then encode these words without looking at the table:
NORTH RAIN STONE HEART NOISE
NORTH: 6 4 9 2 8 RAIN: 9 3 5 6 STONE: 7 2 4 6 1 HEART: 8 1 3 9 2 NOISE: 6 4 5 7 1 All Row 0 letters. All single-digit codes. Total characters: 22. Total encoded digits: 22. Efficiency: 1.0 digits/character for all-Row-0 text.
Encode the following sentence completely. Time yourself. Target is under 90 seconds total for a first attempt, under 45 seconds after practice.
DELIVER PACKAGE TO DEAD DROP LOCATION
D = 11 E = 1 L = 12 I = 5 V = 23 E = 1 R = 9 [SPC] = 00 P = 21 A = 3 C = 13 K = 24 A = 3 G = 18 E = 1 [SPC] = 00 T = 2 O = 4 [SPC] = 00 11 = D E = 1 A = 3 D = 11 [SPC] = 00 11 = D R = 9 O = 4 P = 21 [SPC] = 00 L = 12 O = 4 C = 13 A = 3 T = 2 I = 5 O = 4 N = 6 Full string: 11 1 12 5 23 1 9 00 21 3 13 24 3 18 1 00 2 4 00 11 1 3 11 00 11 9 4 21 00 12 4 13 3 2 5 4 6 Grouped: 11112 52319 02131 32418 10024 00113 11001 19421 00124 13325 46
Compose a complete operational message using the codebook, spelling out only what has no entry. Then count the digits and compare to the fully spelled-out version.
Message intent: Surveillance has been detected. Abort current operation. Proceed to alternate location. Meeting tomorrow as planned.
Codebook encoding: 9018 (SURVEILLANCE DETECTED) 9002 (ABORT) 9003 (PROCEED) 9022 (ALTERNATE LOCATION) 9011 (MEET) 9012 (TOMORROW) 9010 (AS PLANNED) 9000 (END OF MESSAGE) Digit string: 9018 9002 9003 9022 9011 9012 9010 9000 = 32 digits Fully spelled out: SURVEILLANCE DETECTED ABORT PROCEED TO ALTERNATE LOCATION MEET TOMORROW AS PLANNED = approximately 130 characters = ~185 digits Savings: 153 digits = 83% reduction in key material
Complete a full encrypt-decrypt cycle with a partner, or simulate both roles yourself with two sheets of paper.
Sender role: roll 20 dice to generate key material. Encode and encrypt the message below.
Receiver role: using the same key material, decrypt the ciphertext and recover the plaintext.
Message: CONFIRMED MEET TODAY 1400 NORTH GATE
Record your key digits, ciphertext groups, and verify strip. The receiver should recover the identical plaintext without seeing the sender's working -- only the ciphertext and key material.
The following ciphertext was received, but there is one transcription error somewhere in the first 10 digits. The correct key is given. Decrypt and identify where the error is by recognizing where the decoded output becomes nonsense.
Received (with one error): 9 3 4 7 8 2 0 1 5 6 Key digits: 4 1 2 3 5 7 9 0 4 2 Expected plaintext starts: 9 0 0 1 [codebook entry 9001]
Decrypt received: (9-4+10)%10=5 (3-1+10)%10=2 (4-2+10)%10=2 (7-3+10)%10=4 (8-5+10)%10=3 = 5 2 2 4 3 ... Expected: 9 0 0 1 ... Decrypted starts with 52243 which decodes to: I(5) T(2) T(2) O(4) A(3) -- nonsense for a codebook-heavy message The error is in position 1. Received 9, should have been: Need P such that (P - 4 + 10) % 10 = 9 --> P = 3? No. Need C such that (C - 4 + 10) % 10 = 9 --> C = 3 Received 9, expected 3. Digit 1 was received as 9 but should be 3. Corrected first digit 3: (3-4+10)%10=9 correct. Remaining: 9 0 0 1 = codebook 9001 = CONFIRMED The error is in position 1: received 9, correct value is 3.
Timed exercise. Set a timer. Encrypt the following message from scratch including key generation (roll actual dice), encoding, and cipher operation. Record your time.
Message: PROCEED TO PRIMARY LOCATION TOMORROW 0800 CONFIRMED
Target times:
First attempt: under 15 minutes After 1 week: under 8 minutes Operational goal: under 5 minutes
Identify which step consumes the most time. That step is your practice priority.
Repeat weekly until the operational goal is met consistently. Test under adverse conditions: poor lighting, cold hands, time pressure. Stress degrades fine motor control and working memory. Your cipher must work anyway.
Practice the water destruction method on a prepared but unused pad sheet (do not waste key material -- use a blank or practice sheet of the same paper stock).
1. Fill a container with water (glass, bowl, sink) 2. Submerge the sheet fully 3. Start timing 4. Agitate with your hand -- tear the sheet apart 5. Note when text becomes unreadable 6. Note when the sheet is fully dissolved 7. Check for any legible fragments
Record your times. Repeat until you know exactly how long each destruction method takes for your specific paper stock. Under operational conditions you will not have time to estimate.
Then practice the flame method on a second sheet. Confirm that mulberry paper ash retains structure longer than rice paper ash. Crush the mulberry ash completely before dispersal.
The VIC cipher was used by Soviet intelligence from approximately the 1940s through the 1980s. It was never broken by cryptanalysis. The only successful exploitation came through human intelligence when Rudolf Abel's assistant Reino Hayhanen defected to the CIA in 1957 and revealed the system operationally -- not mathematically.
The VIC system used a straddling checkerboard with a keyword derived from a memorable phrase via numerical transposition, followed by two stages of transposition, followed by mod-10 addition against a one-time key derived from a short memorized number via a chain addition expansion process. The full system was significantly more complex than this document's hybrid -- the additional complexity served to make the system usable with very short initial key material (a 6-digit number could seed the entire process). For our purposes, generating genuine random key material by dice eliminates the need for the chain addition expansion entirely.
From 1943 to 1945, the Soviet KGB (then NKGB) distributed approximately 35,000 pages of one-time pad key material to field stations. Under wartime paper production pressure, some of this material was duplicated -- the same key pages appearing in pads sent to different stations.
The US Army Signal Intelligence Service (predecessor to NSA) began collecting Soviet diplomatic traffic in 1943. In 1946, cryptanalyst Meredith Gardner identified that some messages shared key material. Pairs of messages encrypted with the same key could be combined to eliminate the key entirely, leaving a superimposition of two plaintexts -- readable through frequency analysis and probable word cribs.
The VENONA program ultimately decrypted portions of nearly 3,000 Soviet messages. It identified hundreds of Soviet agents including Julius Rosenberg, Alger Hiss, and Kim Philby. The program ran until 1980 and was declassified in 1995.
The lesson is not that the Soviet cipher was weak. It was, and remains, mathematically perfect. The lesson is that the logistics of key material production and distribution at scale under operational pressure produced a failure that no cryptographic sophistication could prevent. Rule 1 exists because of VENONA.
The British Special Operations Executive deployed hundreds of agents into occupied Europe from 1940 to 1945. Initial communications used poem codes -- a memorized poem provided the key via a double columnar transposition. The system was broken repeatedly. The Gestapo extracted poems under torture and read future traffic. In the Netherlands, the entire SOE network was run by German intelligence for over a year (Operation North Pole) partly enabled by poem code exploitation.
Leo Marks, head of SOE communications, replaced poem codes with Worked Out Keys -- printed silk one-time pads. The key material was not memorized and could not be extracted under torture. An agent genuinely did not know the next key -- it had not yet been generated. Marks' memoir Between Silk and Cyanide (1998) remains the primary public source on SOE cipher operations and is recommended reading for anyone serious about hand cipher tradecraft.
From the 1950s through to the present day, shortwave radio stations have broadcast streams of numbers to field agents worldwide. The agent tunes to a pre-arranged frequency at a pre-arranged time, copies the digit groups, applies their one-time pad, and recovers the plaintext. The station never knows if the message was received. The agent never transmits acknowledgment on the same channel. Traffic analysis reveals only that transmissions occurred -- not their content, origin, or recipient.
Numbers stations attributed to various intelligence services include HM01 (Cuban DGI/CIA), The Lincolnshire Poacher (GCHQ), Cherry Ripe (GCHQ Pacific), and numerous unattributed stations active through the Cold War and beyond. The Conet Project (1997) documented hundreds of recordings. Several stations identified in the 1990s continued broadcasting into the 2020s.
E T A O I N S H R
1 2 3 4 5 6 7 8 9
Row 0 (single digit): E=1 T=2 A=3 O=4 I=5 N=6 S=7 H=8 R=9 SPC=00 Row 1 (prefix 1): D=11 L=12 C=13 U=14 M=15 W=16 F=17 G=18 Y=19 Row 2 (prefix 2): P=21 B=22 V=23 K=24 J=25 X=26 Q=27 Z=28 .=29 Row 3 (prefix 3): 0=30 1=31 2=32 3=33 4=34 5=35 6=36 7=37 8=38 9=39
ENCRYPT: C = (P + K) mod 10 DECRYPT: P = (C - K + 10) mod 10
9000=END 9001=CONFIRMED 9002=ABORT 9003=PROCEED 9004=DANGER 9005=DELAY 9006=COMPLETE 9007=ACKNOWLEDGE 9008=EMERG 9009=UNDERSTOOD 9010=AS PLND 9011=MEET 9012=TMRW 9013=TODAY 9014=LOC FLWS 9015=TIME FLWS 9016=SW ALT 9017=DEAD DROP 9018=SURV DET 9019=CLEAR 9020=RESEND 9021=PRI LOC 9022=ALT LOC 9023=FALLBACK 9024=DOC FLW 9025=COORD FLW 9026=NAME FLW 9027=NUM FLW 9028=NXT MSG 9029=USE PAD 9030=HOURS 9031=DAYS
BEFORE: [ ] Confirm pad sheet ID with counterpart [ ] Confirm previous verify strip matches [ ] Hard non-porous writing surface prepared [ ] Water container available for destruction ENCRYPT: [ ] Generate full 250-digit key block (Q1) [ ] Write raw plaintext (Q2 upper) [ ] Apply codebook, encode remainder (Q2 lower) [ ] Append 9000 + null to 250 digits [ ] Add mod-10 digit by digit (Q3) [ ] Record verify strip (Q3 bottom) [ ] Transmit Q3 in groups of 5 AFTER: [ ] Destroy pad sheet immediately [ ] Confirm no legible fragments