# Visual Cryptography For Physical Keyrings

Visual cryptography is one of those unusual cases that kind of looks like a good idea, but it turns out is fraught with problems. The idea is straightforward enough — an image to encrypt is sampled and a series of sub-pixel patterns are produced which are distributed to multiple separate images. When individual images are printed to transparent film, and all films in the set are brought into alignment, an image appears out of the randomness. Without at least a minimum number of such images, the original image cannot be resolved. Well, sort of. [anfractuosity] wanted to play with the concept of visual cryptography in a slightly different medium, that of a set of metal plates, shaped as a set of keyrings.

Metal blanks were laser cut, with the image being formed by transmitted light through coincident holes in both plate pairs, when correctly aligned. What, we hear you ask, is the problem with this cryptography technique? Well, one issue is that of faking messages. It is possible for a malicious third party, given either one of the keys in a pair, to construct a matching key composing an entirely different message, and then substitute this for the second key, duping both original parties. Obviously this would need both parties to be physically compromised, but neither would necessarily notice the substitution, if neither party knew the originally encrypted message.  For those interested in digging in a little deeper, do checkout this classic paper by Naor and Shamir [pdf] of the Wiezmann Institute. Still, despite the issues, for a visual hack it’s still a pretty fun technique!

Want to learn a little more about crypto techniques you can do at home? Here’s our guide. Encryption too hard to break, but need a way to eavesdrop? Just punt out a flawed system, and you’re good to go.

## 14 thoughts on “Visual Cryptography For Physical Keyrings”

1. Neat! It would be *really* cool if someone could figure out how to make something similar that operated with xor instead of and. Not sure how that would be done, off the top of my head.

1. Mum says:

Polarization film?

1. George says:

Mum always knows best

2. Nathan says:

I’ve been trying to create a system to do just this. Generate an array of polarized cells, randomly oriented either parallel to or perpendicular to a reference orientation, of the same size as the secret to be encrypted. (Linear or circular polarization would work.) Then, using that as a key, XOR the secret to produce a cipher array of polarized cells. Both the key and the cipher will appear completely random; it won’t even be evident to a third party which is the cipher and which is the key.

The challenge is physical construction. Other than hand (or pick-and-place) assembling the arrays from thousands of pre-cut cells, I don’t know of a method to produce a polarized sheet with thousands of regions of differing polarizations. If anyone has ideas, I’d love to hear them.

1. Blueloop says:

You could lasercut holes in a lambda/2 plate turning the polarization 90° or not. And then stac multiple of them between two polarizing films.

2. irox says:

Seems like you could introduce a set of “verifier plates” which should be consider private keys, that would be used to verify the message plates without changing the message. Making it harder to substitute a plate without detection. This could in the actual message, or perhaps along the edge of the plate or some non-message area.

3. Ostracus says:

Reminds me of those puzzle games where you have to look at something a certain way to solve it.

1. The Commenter Formerly Known As Ren says:

That’s XORdinary!
B^)

2. David says:

That looks more like an AND operation than an XOR (or, as your readme says, an XNOR). XNOR is (false&&false==true), which doesn’t match the behavior of these slides. I don’t think an XOR is possible with bare slides. Someone up-thread had the idea of using a grid of polarizing films, which would work, but would also be incredibly fiddly.

Nevertheless, this is a cool project, and I will likely be using it for a puzzle at some point. Thanks!

1. Henner Z. says:

Well if you look at each of the sub-spacings, they are working of course as an AND (only when both are matching light comes through), but here each square pixel is made out of two elongated half-blocks of which only one is open depending on the bit it represents.

Only if both of the ‘half-bits’ are at the same place, they let light through when overlayed. So the cases [█ ][█ ] (00) or [ █][ █] (11), while opposite arrangement [█ ][ █] (01) or [ █] [█ ] (10) does not let light through. This is why it behaves as an XNOR (with output either no-light or 50% gray).
So you’re right that XOR is not possible that lets 100% light through, but it is 0% and 50%.

Due to this symmetrical pattern it makes it possible that each of the separate outputs look random; the actual encoding deciding what to output is then in fact done with a simple XOR operation.

4. Michael Joseph Ballezza says:

Check sum pattern in the margins, or have agreed upon or transmitted check sum pattern at 50% overlap of two plates on the long dimension. Pretransmitted pattern would not reveal encrypted message, but would reduce permutations of deviated messages. Most encryption systems are hackable if third party has unmonitored access to both Alice and Bob, and both understands encryption pattern and can translate their own message. Two QR style stamps, both leading to valid points, would be a good application. Overlay them, get a third containing message

Please be kind and respectful to help make the comments section excellent. (Comment Policy)

This site uses Akismet to reduce spam. Learn how your comment data is processed.