Image of the glider from the Game of Life by John Conway
Skip to content

Hand Ciphers: Solitaire Cipher

This hand cipher was invented by cryptographer Bruce Schneier, and requires nothing more than a full 54-card deck of standard playing cards. Here is the basic idea, then we'll get into the details.

First, you need a standard 52-card poker deck of playing cards (4 suits, 13 unique cards per suit), with the two jokers. This cipher assumes that if you are out in the field, you may not have access to a computing device, but carying around a deck of playing cards might be possible. If not, it's easy enough to build. And carrying playing cards with you certainly isn't incriminating.

Second, you will need to agree on the multiple arrangements of the deck of cards with the other party in advance. I say multiple arrangements, because no key should ever be used twice in a symmetric encryption algorithm. So, an algorithm should be determined before hand on how to build each deck arrangement.

Third, both parties should be proficient at the algorithm. It's a slow algorithm. Very, very slow, but easy to memorize, as if you were playing a card game. Part of the algorithm memorization is knowing the numerical value of each card, numbered 1-53 (we'll cover this in a bit).

Last, you need to understand the numerical values of each letter of the alphabet, and be able to add and substract those values modulo 26, depending on whether you are encrypting or decrypting. This will take practice. Try strings such as "ATTACK AT DAWN" and "THE EAGLE HAS LANDED" to get the hang of it. One mistake, and you get to start over, which is painful. Encrypt and decrypt your practice strings.

Now, let's get into the nitty-gritty. Here's a more detailed view of the algorithms:


  1. Write your message down.
  2. Remove all punctuation and spaces.
  3. Convert numbers to their word equivalent (1 = "one", 2 = "two", etc).
  4. Divide the message by 5 (convention- can be any number).
  5. Pad the end of the message with X to divide evenly.
  6. Convert the letters to numbers: A=0, B=1, C=2, ..., X=23, Y=24, Z=25
  7. Setup the deck of cards according to your key (must be agreed on with the recipient beforehand).
  8. Follow the algorithm in the animation.
  9. Write down each key value at the end of step 5 in the animation.
  10. Add that value to your message, modulo 26.


  1. Convert the encrypted message letters to their numerical equivalent (A=0, B=1, ...).
  2. Setup the deck of cards according to your key (must be agreed on with the sender beforehand).
  3. Follow the algorithm in the animation.
  4. Write down each key value at the end of step 5 in the animation.
  5. Subtract that value from your message.
  6. Convert modulo 26 using addition.
  7. Convert the numbers to letters: 0=A, 1=B, 2=C, ...
  8. Strip trailing X's from the message.

Now, the cards in the deck each have a unique numerical value as follows:

  • Clubs: Face value +0
  • Diamonds: Face value +13
  • Hearts: Face value +26
  • Spades: Face value +39
  • Jokers: Both value of 53

Notice, the names of the suits are in alphabetical order to help you remember their values. Also, because there are two jokers in the deck with the same numerical value, you will need to designate one of them as "Joker A" and the other as "Joker B". This should remain consistent with both parties.

Now, I'm not going to cover the algorithm in great detail. Instead, there is a wonderful Python utility, complete with fluid graphical animations, that does this for you. I will give you the overall algorithm, however:

  1. Think of the deck as a circlular array, where the bottom of the deck meets with the top of the deck.
  2. Find Joker A.
  3. Move Joker A down the deck by one card. If it is at the bottom of the deck, place it beneath the top card.
  4. Find Joker B.
  5. Move Joker B down the deck by two cards. If Joker B is the bottom card of the deck, move it just below the second card at the top of the deck. If Joker B is one up from the bottom card, move it just below the top card.
  6. Perform a triple cut on the deck by taking all the cards on top of the top-most joker, and all the cards beneath the bottom-most joker. The cards between the jokers remain.
  7. Place the cards above the top-most joker beneath the bottom-most joker, and place the previously selected cards beneath the bottom-most joker above the top most joker.
  8. Perform a count cut. Look at the bottom card, and find its numerical value. Then count that number of cards from the top, and cut those from the deck.
  9. Place this cut immediately above the bottom card, and between the cards above it.
  10. Find the output card. Look at the numerical value of the top card, and count that many cards into the deck. The next card is the output card.
  11. Record the numerical value of this output card. If this card is a Joker, repeat the above process starting from step 1 until the output card is not a Joker.
  12. Add the output card to the plaintext numerical value, mod 26, and conert to a letter to create the encrypted message.

While the above algorithm is critical to get every step exactly right, I would like to focus on setting up each key (deck arrangement).

Both parties must always start the deck for encrypting and decrypting a specific message with the same key. Each message should have a different key. But, finding that arrangement can be difficult. Here are some possibilities for keying the deck:

  1. Random shuffle. The result must some how be communicated securely to the other party. For two people overseas, this is unpractical, but most secure. And, if you can communicate the key securely, why not just use that method to communicate your message?
  2. Bridge ordering. Agree on a newspaper or magazine where bridge puzzles are printed, and agree on which puzzle will be used for which day. Note that should the secret police find the source of your key, the communication is no longer secure. For someone overseas, this can be secure, but still unpractical if access to the same paper or magazine is impossible or very difficult.
  3. Passphrases. Start with the deck arranged in numerical order (Ace of Clubs at the top through King of Spades followed by Joker A then Joker B at the bottom). Follow the steps of the algorithm, but instead of using the last card for the count cut, use the numerical value of the first word in the passphrase. Continue through the algorithm for each character in your passphrase. Because the parties might be separate by long distances, agree on a way to choose the passphrase, such as a static word with a dynamic salt. The static word could be "P" and the dynamic salt could be the combined character value of the first of each month. For example, "P4112" would be "PFOURONETWELVE". Or "LONE" for letter one, "LTWO" for letter two, etc. Whatever works- you get the idea. If the passphrase algorithm is chosen well, this can be fairly secure, and highly practical.

One difficulty of this hand cipher is having enough time to work through the message. This cipher is slow, and will take you the better part of an evening to work through a message. Bruce Schneier recommends keeping the message under 2,000 characters. Probably a good idea. You will need a similar amount of time to reply, if needed. It might be worth your time to use "SMS speak" by shortening words, but maintaining readability. This also adds entropy through lossy compression.

Another difficulty of this hand cipher, like all stream ciphers, is getting the algorithm just right. One mistake, and everything will be wrong after that point. You have to be exact in working through the algorithm. Like they say, perfect practice makes perfect.

For best security, you will want to do as much in your head as you can. If you must write down the details of the algorithm as you work through it, make sure you securely destroy the copy, and do not work on top of an impressionable surface, such as another sheet of paper, or a pad. For destroying the copy, overwriting each character with jibberish, then burning it would probably be best. If someone walks in on you while working on the cipher, calmly shuffle the cards as much as possible to destroy the key, and try to maintain control of the copy you were working on. After completing the cipher, definitely shuffle the deck several times before setting it aside.

So far, I enjoy this cipher, and there are developers who have already implemented the Solitaire Cipher in various programming languages (like the Python animation above). This can be useful if at a computer to work through the message much more quickly. But, it can also be executed by hand, and the cards could even be built, should you not have access to a deck.

{ 3 } Comments

  1. J HARRIS | December 5, 2013 at 11:21 am | Permalink



  2. Aaron Toponce | December 6, 2013 at 12:31 pm | Permalink

    No need to shout.

    Yes, as mentioned in the post, the Solitaire Cipher is a "stream cipher". This means that the N+1 operation is 100% dependent on operation N. If N is incorrect, then so will be N+1.

    Another difficulty of this hand cipher, like all stream ciphers, is getting the algorithm just right. One mistake, and everything will be wrong after that point. You have to be exact in working through the algorithm. Like they say, perfect practice makes perfect.

    And redundancy is also good. But yes, the cipher is slow, and can be VERY boring to work through.

  3. Sachin Raste | August 1, 2016 at 1:55 am | Permalink


    Very recently I started working on Solitaire , however the intention was to introduce a Dynamic Generation Algorithm for using Decks.

    You may find the documentation and source-code by visiting and


Post a Comment

Your email is never published nor shared.