unforum

[doublecross]

Having a look at the recent history of this card I think I'll have to do a U-turn and say that the prime number cards do not relate to it It is still just possible that whoever put the symbols on did put the correct pack ordering there, 'unbeknownst' to Mind Candy.

If the card is completely self contained then we are probably looking at a pass key rather than a pack ordering. The disappearing letters look like the prime (no pun intended) candidate for the derivation of the pass key.

EODMFXRUTHFHURGIFULP

Could these be encoded using one code - e.g. simple substitution - and then the result used as the pass key? I have checked and it isn't a Caesar cipher. It is a bit short to try to decode in other ways.

[BrianEnigma]

[ttfnrob]

Second Star to the Right

[Joe_the_OOF]

Assumptions

[UKver2.0]

Re: Assumptions

[maniacfive]

Re: Assumptions

[TekkiBreki]

Yes, somewhere in this stream is a response relayed from MC saying that everything we need is on the card. It was in reference to the idea that the 54 prime-numbered cards, most of which have a card and suit designation, might be related to the cipher text which has 2*54 characters.

On a related note, someone has raised the issue that the cipher we are seeking may not be solitaire and that the cipher text may not be the 104-character string.

This may only be muddying the waters again, but what if the cipher text is the 20 characters that fade on heating? We are looking for a name or some kind of designator for a person and 20 characters could carry that information easily.

Such an interpretation would make a twisted fit to Garnet's cryptic message - if the vanishing letters are of principle importance, disordering the card by heating it leaves us cold when the text disappears.

[beglee]

A random thought that popped into my head, was the possibility of the "If entropy wins...." statement being a mnemonic for something. So you'd have 9 words, each beginning:
I__ E__ W__ O__ L__ S__ L__ Y__ C__

I had a browse for known mnemonics with similar letters, to no avail, but it may be worth considering.

Also, an anagram of those letters is ICE SLOWLY, but that doesnt really strike as being important. Anyway, just thought id mention what im thinking about

[beglee]

As well as the above, ive been looking at:

[arnezami]

Hi. I've been analyzing this puzzle for quite some time now and I would like to share my thoughts. I've got several ideas that may help to solve this puzzle. Some of them are ideas regarding the suitable approach in general while others are more specific.

Search space:

The search space of a solitaire cipher is HUGE. There are more deck orderings possible than there are atoms in our universe! We simply cannot brute-force all possibilities. Finding only one 108-long (or 20-long for that matter) meaningful plaintext purely based on randomly choosing deck ordering is simply impossible (the fact that - theoretically - there is more than one deck ordering resulting in meaningful plaintext is - while true - also very trivial). The main reason why brute forcing deck orderings doesn't work is because we will never find one possible good answer (not because we would find too many).

The only reason we would be able to find a meaningful plaintext is by some kind of informed choice that leads to the one and only right deck ordering. All other deck orderings will result in completely garbelled text. This is important: there is no way of knowing you're "close" based on the resulting plaintext. Measuring progress cannot be based on the outcome of plaintexts. The only thing we can do this is by looking at the amount of reasonable methods tried so far.

In general there are a handful of methods that can be used to create deck orders (which can in turn be used to decrypt the cyphertext).

You could catogerize them as follows (roughly):

• Using any kind of "fresh" deck.
  
• Using Prime-numbered cards as a key-ed deck.
  
• Somehow "translating" the 108 letters into a key-ed deck.
  
• Somehow "translating" the 20 letters into a key-ed deck.
  
• Somehow "translating" some other text on the card into a key-ed deck.
  
• Using a passphrase to generate a key-ed deck.
  

Some of these methods require (or at least could use the help of) computers which can try many possibilities in a very short time. For example: we may not be able to come up with the right passphrase but by trying all possible words (or combinations of them) used in perplex city (including names etc) we might find the right passphrase. And if we were to find it we may realize the logic or reason behind the choice of this passphrase (that is: it may have been guessed by a well informed person like Garnet).

I've created a diagram picturing all possible methods in the total search space. The bigger blocks imply they need some kind of iterative process (by computers) to search for all possibilities. The idea is the bigger the block the more time it takes to try all possibilities within it. These blocks (very roughly) represent the amount of search space we can humanly cover. However that would still be a tiny fraction of the total search space (which is 54! ~= 1e71).



Several of these methods can/should be combined. For example: when trying out a passphrase its wise to try several different fresh starting decks. So far BriEnigma has come up with something like 4x6x24 reasonable starting decks. It is prudent to try all of them. However this also limits the amount of words we can try within a given time since our speed of searching would decrease by as many times as the number of starting decks we try.

Verification:

One of the problems is verification. While it may be likely the plaintext will contain certain words its not at all certain (if the verification is too restrictive you're basicly screwed because you'll have to do it all over again). I've personally brute forced all possible 6-letter combinations as passphrase (using Paul Crowley's very fast c implementation of the cypher) and used a very simple validation filter (similar to BriEnigma). However when trying lots of combinations with a simple filter (with either a dictonary search or a brute force search) there tend to be either too many "solutions" (to be verified by hand) or too little (its easy to be too restrictive).

I've been thinking about a "pattern"-recognizer. Basicly you download all online pages from perplex city and put them in a large text file. You then take out all unique combinations of 5, 6 and 7 letters present in the text and store them in another file. This file is loaded into memory before brute-forcing in such a way that 5-7 letter combinations can be detected very fast (I've got some ideas how to do this). For context: the likelyhood of a specific 7-letter combination being present in a random text is roughly 1 in several millions (the brute forcer I'm using can decypher "only" about 10000 plaintext messages of 108 letters per second). And although the text from perplex city would contain quite a lot of words as long as or longer than 7 letters this method could be used as a good (partial) filter.

While searching you could then assign a value to a decyphered message by using certain weights for the length of the letter combinations found. If it reaches a theshold it is considered interesting and is to be examined manually.

This above file (with all words/names used in perplex city) can of course also be used to create a dictionary for a dictionary search (using the words for passphrase input). Basicly you would then use dictionary words as input and patterns of dictionary words for verification of the output.

Measuring progress:

As mentioned before the only way of measuring progress is by keeping record of all methods tried so far (and all possibilities within a method). Given that there are only several reasonable methods and several methods of verification I believe it would be a good idea to keep a record of what has been tried.

For example: if somebody has an idea for a possible passphrase and he tries to decode this could be put in some kind of special dictionary (as opposed to a regular dictionary formed by the online text of perplex city). For each dictionary you could keep some record of what has been tried with it. For example: some words may have been tried with only one basic starting deck while other words may have been used by all 4x6x24 starting decks. The latter belong to a different group. We could also keep a record which verification filters have been used (especially when working with many different start decks and/or dictionary/brute force searches).

Here is an crude example of how we could do this.

[arnezami]

Ok. I will go on with my analysis. Including something very interesting I've found regarding the 20 letters.

Ciphertext

What I've been asking myself (as others have) is: what is the ciphertext? Is it the 20 letters or the 108 letters? Or some kind of combo/mix of these letters? And what arguments are there for any of these possibilites?

I've tried to sum up the arguments for the ciphertext being the 108 letters. (most of them are mentioned somewhere in the long thread)

• The 108 letters are grouped in 5 letters (common for cyphertexts). Its likely these the groups of 5 should be left intact.
  
• The other 20 letters disappear which could indicate its all about the 108 letters. And this could also be seen as a security measure because if the correct deck order was used on the whole 128 letters (beginning with the first group of 10) it would still come out garbelled.
  
• The solve screen asks "What is the message?" not "What is the name?". A message usually contains one or more sentences. Its unlikely 20 letters would contain a full "message". The solve page gives a 40 char wide by 10 rows text box for the answer to fill in which further indicates it probably has to be a fairly long message.
  
• Garnet responds: "If you can tell me what the message you deciphered was". Again the notion of a message instead of a name. In fact if the answer was simply a name (and the name would already be known in perplex city) trying all likely suspects (their names) might make the puzzle too easy.
  
• The "missing" 2 letters (which would make the last letter group 5 long) could be explained by the fact it might make brute forcing easier. If XX-'s were added to the message it would be easier for a brute forcer to detect a valid message by checking how many XX's the plaintext had on the end.
  
• After quite thourough analysis the 108 letters seem pretty random. So far I've not been able to find any meaningful pattern (unlike the 20 letters btw) let alone be able derive a probable deck order out of it.
  

Arguments against it:

• 108 letters could imply they have something to do with 54 possible cards. Possibly a (concealed) deck order. However this length of 108 could have been deliberately done to throw us off.
  
• The 20 letters are also divided into groups of 5 (making them a candidate for being the ciphertext aswell)
  
• The last 3 letters of the 108 letters should in fact be 5 (according to the "official" way of encrypting)

It comes as no suprise I'm currently thinking the 108 letters are in fact the ciphertext. And I believe many of you do. Although there is no way to be sure. But lets work with that assumption for the moment.

If we assume the 108 letters are the output of a cypher (and therefore cannot be used as input anymore) that consequently leaves us with roughly two possiblities: (1) the cyphertext is decrypted with the use of a passphrase. This passphrase is somehow guessed based on the hints given by the mysterious man or by hints on the deck of cards or (2) the cyphertext is decrypted by the translation of the 20 letters into a deck order.

Since the passphrase option is already widely discussed (and the possible starting decks with it) I would like to discuss the possibility of the 20 letters somehow resulting in a deck order.

The 20 letters

I've been busy trying to find patters in both the 108 letters and in the 20 letters. On face value there doesn't seem to much going on. They both appear pretty random. But I think I've found a significant "pattern" in the 20 letters. And the beauty is it can very "naturally" result in a deck order (without Garnet having to use a computer )

Let me explain...

Unlike the passphrase-method - where we don't know if we are on the right track until the right solution comes rolling out of the decryption process - the method of somehow translating a 20 letter text into a deck order gives us the ability to recognize "wrong translations". So before even trying out a translated deck order we can already detect the deck order being false mainly because the translation into a deck order produces impossible deck orders. In practice this means a translation produces duplicate card numbers.

When trying to translate the 108 letters into 54 unique card numbers we have already experienced this ability. If the translation produces many duplicate card numbers you can't even try it as a deck order. And this is also true for the 20 letters. More importantly if we WOULD find a (natural) way to translate the 20 numbers into unique card numbers that would be very significant! This is because the likelyhood of 20 random numbers producing only unique numbers by pure chance is pretty much 0. So if there were a (natural) way to do this it could very possibly result in the right deck order. In other words: the unlikelyness of a valid deck order being produced by pure chance is a measure of the likelyness of the 20 letters not being random if a valid deck order was produced.

To cut to the chase: I've found a very simple way of producing 20 unique cards from the 20 letters while the chance of that happening (if the 20 numbers were actually random) being a mere 1,86%. Or in other words: given this method there is a 98% chance the 20 letters are not random at all but are instead a means to produce 20 unique cards (which can in turn be used to create a deck order).

I will elaborate.

Let us assume each one of the 20 letters designates exactly one card. There are two 10 letter groups. However one letter ranges only from 1 to 26 (A-Z). This poses somewhat of a problem. But if we look at the Solitaire cypher we can see how a similar problem is solved: the output of the cypher uses the following technique: cards 1-26 aswell as cards 27-52 both produce the letters A-Z. So in other words: the cards are divided into two groups: those above and those below or equal to 26. So in order to designate more than 26 cards it would be quite natural to say the left group would only designate cards 1-26 and the right group would designate cards 27-52 (this is btw very similar to the technique used by the Mirdek cypher which is derived from the solitair cypher). The really nice thing about this is that it is one of the most efficient ways to use all 20 letters to produce as many as possible card combinations while still being able to do this manually! In other words: IF Mind Candy wanted to put a deck order into the 20 letters this technique would have been a very good candidate.

While analyzing this I started looking if there was a way to produce two sets of 10 unique numbers between 1 and 26 from each 10 letter group. At first glance this seems unlikely: at least one of the two 10 letter groups contain duplicate letters and so any substitution method would fail to produce unique numbers. In fact the chance of both 10 letter groups containing unique letters (in that group) is very low: 1.86% (I can go through the math if you want to).

The solution I found was in using the value of letters as difference between the cards. If you use the value of letters as difference between the card numbers you can produce 2 sets of 10 unique card numbers! What is important is that the likelyhood of this happening by chance (if the 20 letters were random) is also 1.86%. This is because using the random values as differences is just as random as using the values of those numbers themselves.

How it works

Here is how it actually works.

You take the first letter (E) and transform it to a number (5). That is your first card number. Now you take the second letter (O = 15) and add it to your last result (5 + 15 = 20). This is your second card number. You go on with this until you've produced the first 10 card numbers. And if a card number goes beyond 26 you take the modulo 26 of it. You then do the same with the right 10 letters also producing 10 cards (but in this case you add 26 to the card numbers after producing all the 10 numbers since the right side only designates the higher card numbers).

This results in the following card numbers:

[Bendover]

That was some impressive reasoning, and I actually understood it.The question is what would you use to extrapolate the rest of the card order,and would the phrase "If entropy wins, outward looks should leave you cold." have any thing to do with it, or did it just point out that the disappearing letters were significant ?

[arnezami]

Pfff. I've just been debugging for several hours.

It appears Lloyd Miller's implementation of the solitair cipher has a nasty bug in it! I've been trying to use it for changing deck orders etc. But sometimes the decryption wasn't equal to the online implementation or the other implementation I'm using. I've been spending hours to figure it out. Now I finally found it.

This is very important for BriEnigma since he is using this implementation too!!

The problem is in the fact it does step 5 when key-ing with the passphrase (while it shouldn't). Miller might have thought it looked like an innocent step but if a joker is encountered it does the 5 steps all over again!

You can detect the error when using the passphrase "SHUFF" (or SHUFFLED is you will) with a standard deck. After the first 4 letters are key-ed it should do the 4 steps plus the "special" step using the last "F". However since it does 5 steps (and encounters a joker) it does another 5 steps before doing the "special" step. Which messes up everything...

Here is a fairly simple fix:

[BBuck]

arnezami,

this is really good stuff, and I like your thinking. I'm not sure though about the way you've worked out the chances of this happening randomly.

I understand your working, but I think you need to include some recognition of the method you use to translate from the letters to ten unique numbers.

I think that you've worked out the probability based on an assumption of a one-to-one correlation between a set of ten letters and a set of ten numbers. If there is only one method of translating the letters into numbers, this would (I think) be true. But because you can generate multiple results from the same set of ten letters, this assumption I don't think holds, and so your calculation of the probability is out. I think it would be quite an amazing feat to work out the correct one, though.

Take the string of unique numbers 1,2,3,4,5,6,7,8,9,10. If you had used your method, then this would be generated from AAAAA AAAAA. If you use a direct correlation of A=1, B=2, etc (which would be an equally valid translation) then this would be generated from ABCDE FGHIJ.

I'm not suggesting you're on the wrong track, and think this is one of the best ideas on attacking Shuffled for some time. But I just wanted to inject a note of caution about the 1.86%: this is the probability of 2 sets of ten unique numbers generated from 2 sets of ten letters using a defined method of generation.

Like you, I'm going to carry on playing with the disappearing letters because I don't believe they can be random, and are the way to a solution.

[arnezami]