Designing a secure manual encryption algorithm is a challenge. Some cryptographers have developed ciphers that require a deck of playing cards. The best-known one of this kind is Bruce Schneier’s Solitaire. Today, I am going to introduce another one: Talon by Aaron Toponce.

Designing a purely manual cipher (i.e., one that can be executed without the necessity of a computer, cipher machine, or cipher tool) has proven a difficult problem. Most designs are either too complicated for practical use or insecure (some are even both). Almost all manual ciphers that were developed in the pre-computer era can be broken with a computer program today. Although manual encryption algorithms lost importance with the advent of computer technology, they are still an active field of research.


A few manual ciphers

Here are a few of the best known manual ciphers:

  • The Double Column Transposition (DCT, also known as “double cube”) is considered a good manual cipher. For the DCT to be secure, both keywords need to have at least 25 letters.
  • ADFGVX (a World War I cipher) is another potentially secure manual cipher, provided that the second step of this method (a transposition) is carried out twice.
  • There’s an encryption algorithm based on a Rubik’s Cube.
  • Solitaire is a cipher invented by Bruce Schneier. It uses a deck of cards.
  • Handycipher was invented by Bruce Kallick.
  • LC4 is a manual cipher based on the RC4 encryption algorithm.

There’s more: Pocket-RC4, Quadibloc, DECK, Mirdek, and Card-Chameleon are interesting manual ciphers, too. I have never looked at these in detail.



As mentioned above, Bruce Schneier has invented Solitaire, a cipher using a deck of cards. Solitaire is mentioned in Neal Stephenson’s bestseller Cryptonomicon, which made this algorithm popular. Here’s a video explaining it (the description of the actual algorithm starts at 2:44):

Today, Solitaire is probably the best studied manual cipher. Cryptanalysts have found a number of problems (check here for details) in this method, but as far as I know, it is still considered secure. On the other hand, encrypting a text with Solitaire is quite tedious. Six card operations are necessary for every letter encrypted. I wouldn’t like to encrypt a diary or a long letter this way.



After the success of Solitaire, several cipher designers developed more playing card ciphers – for instance, Talon, Mirdek, and Card-Chameleon. Talon is the algorithm I want to introduce today. It was developed by Aaron Toponce, a member of the FaceBook Cryptograms & Classical Ciphers group and, as far as I know, a reader of this blog. Talon is decribed on a website Aaron made.

Talon uses a Poker or Bridge card deck without the jokers (i.e., there are 52 cards). The key lies in the initial order of the deck. As with Solitaire, Talon is a stream cipher. To encrypt one letter, four steps need to be executed. The user will be making four discard piles (also known as “talons”), labeled 1, 2, 3, & 4 from left to right. Here is how the four steps work:

  1. Create four discard piles. With the deck face-up in your hand, place the top card in discard pile #1, the second card in discard pile #2, the third card is discard pile #3, and the fourth card in discard pile #4.
  2. Note the face value of discard pile #1, ignoring suit, and count that many cards minus 1 from the top of the deck, and place them on top of discard pile #1. If the card was a Jack, then count 10 cards from the face up deck in your hard, and place them on top of the Jack. Do the same for the other three piles, in order (#2, then #3, then #4). In other words, the first card placed down in the discard pile will determine the total number of cards in that stack.
  3. Collect the piles by placing discard pile #1 on top of pile #2 on top of pile #3 on top of pile #4, and place the stack behind the face up deck in your hand. If all 52 cards were in discard piles (13 cards in each pile), then place the newly collected stack in your hand, face up.
  4. Find the output card by summing the deck value of the top card, with the deck value of the bottom card, modulo 52. Count down that many cards into the deck, and record the value of the next card. If the top card is a Queen of Hearts, then the value would be 12 + 26 = 38. And if the bottom card is the 3 of Diamonds, then the value would be 3 + 13 = 19. (38 + 19) mod 52 = 5. Count 5 cards from the top of the deck, and record the face value of the 6th card, including suit. This ensures that each card is equally likely to be the output card as the rest in the deck. To make sure you are doing the counting correctly, if the sum value mod 52 is 0, you would record the value of the top card. If the sum value mod 52 is 51, you would record the value of the bottom card.

The output card is turned into an output number according to the following scheme:

  • Clubs: face value + 0
  • Diamonds: face value + 13
  • Hearts: face value + 26
  • Spades: face value + 39

To encrypt a letter, one adds its numerical representation (A=1, B=2, C=3, …) to the output number, rolling over back to 1 if the resulting value exceeds 26 (modulo 26 arithmetic). To decrypt, one subtracts each output value from its corresponding character in the ciphertext. An example is available on Aaron’s Talon web page.

The following video demonstrates how a Talon encryption works:

According to his website, Aaron created Talon in order to fix some of the cryptographic problems that have been discovered in Solitaire. I don’t know if Talon is much faster than Solitaire. Even if this is the case, encrypting a text with Talon requires some time and concentration. This is the price we pay for its presumed security.

If you have any experience with playing card ciphers, please let me know.

Further reading: Who knows the encryption device ACP 212?


Subscribe to Blog via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Kommentare (1)

  1. #1 Aaron Toponce
    17. Oktober 2018

    I’m the author of the Talon algorithm. I noticed a weakness in Talon’s PRP that follows the Poisson distribution, rather than a uniform distribution, as expected. As such, I’ve been developing “Talon v2.0” which will likely replace the PRP with a shuffle based on the Thorp PRP.

    Any questions, let me know.