On the net: Encryption/notyencirp/yiptoncern/... In a previous Despatch article I talked about email and how it works well as a communications medium for playing games. It is much faster and cheaper than conventional mail. I mentioned one of the advantages of PBEM (play by electronic mail), as opposed to PBM, as being the availability of a die roller, activated by email, that sent back die rolls by return of email. These die rolls can be as many as are desired and made over unusual ranges (e.g. 50 rolls of a 63 sided die). This makes possible 2-player games as each player uses the email die roller to generate the rolls their moves require. The die roller builds up trust between players. Neither player can influence the results of the die roller. What about PBMing games which require hidden movement or simultaneous moves/orders? It is possible to trust an opponent not to move a hidden Napoleon from one end of the map to another. It is possible to trust an opponent who says that his move was made in ignorance of yours. But such things can cause suspicion and friction. Similarly there is a problem with PBMing multi-player games which allow secret treaties between players. In the absence of a GM (games master), player A can deny that he ever signed a treaty with player B. And being a GM is an unrewarding occupation. Other people get the fun of playing the game, while the GM merely gets dumped with the administration. What is needed in both these cases (hidden/simultaneous movement and secret treaties) is a mechanism which builds trust between players who may never meet. Such a mechanism exists for PBEM. It is something that will be familiar to all those interested in military history, encryption (also known as code making). You must have read some of the flood of revelations about the Allied code breaking activities during World War Two, and how these led to vital foreknowledge of German and Japanese plans. So how does encryption play a part in PBEM? Let us use an example of a game that requires hidden movement. One such is 'The Emperor Returns', a Clash of Arms game in the Zucker operational Napoleonic series on the Waterloo campaign. In a face-to-face playing of the game, at the beginning all the counters, representing either leaders controlling one or more units or dummies, are inverted. They all stay that way until the French invade Belgium. Then leaders can be revealed if they are contacted by opposing leaders. The detailed make up of forces controlled by leaders is not revealed until combat takes place. This is somewhat difficult to achieve fully face-to-face as an inadvertent peek at an opponent's organisation sheet can reveal what units make up what leader's force. It seems impossible to achieve in a PBM. But not so in a PBEM. The solution is for each player to send the other the complete organisation sheet for his forces. To prevent his opponent reading this sheet it is encrypted (coded) prior to sending. So each player ends up with his organisation sheet in readable form and a copy of his opponent's sheet but encrypted. As the game progresses and units change hex position, strength etc, updated organisation sheets are sent to the opponent in encrypted form. Leaders and units are revealed as normal as the game progresses. At the end of the game each player sends the other the 'key', the password or pass-phrase which decrypts (decodes) all his organisation sheets. Thus it is impossible for either player to cheat, because if Napoleon is 'nudged' across the map then this will be revealed in successive editions of that player's organisation sheet, which can be checked by his opponent at the end. Cheating is thus prevented by the guarantee that it will always be revealed at the end. The movement is actually more 'hidden' than in a face-to-face game, as peeking at an encrypted organisation sheet requires that you know how to decrypt it. Trust thus hangs on the strength of the encryption routine. It must be easy enough for ordinary mortals to use to encrypt text but tough enough to stop efforts to prematurely decrypt it. This rules out paper and pen based systems using simple letter transpositions (e.g. shift all letters 5 to the right, so that A becomes E, B becomes F etc). Software is an excellent tool for encryption. You may know that most word processors will store text in encrypted form using a password that you enter. You not know that there exist programs available from the Internet that can decrypt that text! However there is one piece of software that is freely available that can encrypt so well that even code breaking experts cannot break it: it is called Pretty Good Privacy (PGP) and is available from the Internet (as well as other places). PGP is so good at encryption that its widespread use is worrying certain governments who fear that it makes private communications between individuals untappable. Here is an example of a piece of encrypted PGP text: it is the current hex position and force composition of Napoleon in my current PBEM of The Emperor Returns:- - - -----BEGIN PGP MESSAGE----- Version: 2.6 pgAAASEjsBGaxgQqBYNQ9NK0B8cS4OiyF3gTnRbl1RSYb0eSpZ6w9sCxJ2/Xln2M p8NpBMBd11NNzSOzVs+ppHcB2gblfl1Z3rdaq0QNN4DdXnYGvAIeYZ3Gpcond6TL cs9O8+K9SFcmThwIVFqFdMlko+O0gQSDwcZHhaspC3I2CHJCLAekqrm5Qjqk0Lbl eeEd23Qpm1r9zoiQ+42GiQYkrdMgdGuHLvb71lXSF0F6hixOdbzjTVye6EFp2TUH hh7wc9WE6+DANnGx9iaF6WAtFgW34eNusjQ1WvO5EhfqhPMb9oUXgfSw8uha1unq tjeJ4CGVHDUhpTPhf28O8JePX0iTdk5Rggn8zBJS79Gt0makxUnbZPZx9ygS0EpQ HiMGncYK =Qrj4 - - -----END PGP MESSAGE----- A year's supply of beer to anyone who can tell me the exact hex position of Napoleon and the make up of his force! Encryption can be used for simultaneous actions or movement. For example in 'Nicaragua', an S&T game on the revolutions in that country, combat involves simultaneous declarations of type (either conventional or guerilla) by the two sides, government and rebel. In a PBEM the government player sends their choice encrypted. The rebel player, on receipt of the encrypted choice of the government player, sends their choice in ordinary text. On receipt of this choice, the government player sends the rebel player the password to decrypt his choice. It is not possible to send one password for one choice and another password for a different choice, so the government player cannot alter his choice after knowing the revel player's choice. Encryption can also be used for hidden picks. For example, in the Victory Game 'Civil War', each side, Union and Confederate, picks from a pool of inverted leader units when leaders are brought on. To do this in a PBEM each side makes a list of all their leaders in the pool and then puts the leaders on this list into a random order. The leaders are then numbered. An encrypted version of this list is sent to the opponent. A leader is then drawn by die rolling (by email using the email die roller mentioned above) a number to identify one of these leaders. Leaders are known by their numbers until revealed. At the end of the game players exchange passwords for the encrypted leader lists so that each can see that Confederate leader 23 really was Lee and Union leader 43 Grant. Recall that I mentioned earlier the need for a GM to run multiplayer games PBM. These often require that the GM handle things that certain players should not have knowledge of (like a secret treaty between other players). Encryption can help out here too. Firstly it can dispense with the need for a GM. I am the 'player-GM' in a PBEM game of 'Conquistador'. I am playing the German Banker and also GMing the game, i.e. I am responsible for working out the results of player orders. My orders as player-GM are encrypted, and sent to all other players prior to me receiving their orders. This stops me from knowing other player's orders before writing my orders. The encryption stops other players knowing my orders before they write their orders. I circulate the password to decrypt my encrypted orders when I have received all the other player's orders. All orders for a round are be published for all players to see, including the decrypted text of my orders. It is incumbent upon the other players to decrypt and check the encrypted orders I circulated first against the text version I circulate later. Not all the other players have to be able to decrypt the player-GM's orders (although at least one player should be able to, to keep the player-GM honest). All die rolls are generated by me using the email die roller mentioned earlier. In this way a multi-player game can progress quite happily without a GM. The player-GMship can be passed around the players, so sharing the load of running the game. If a player-GM drops out the game does not fold, as would a traditional GM'd game. Secondly encryption can allow players to sign secret treaties that can be validated later on by players who are not a party to the treaty. The mechanism for this is the use of 'digital signatures'. A digital signature is a string of characters (see the example at the bottom of this article) which identifies the author of a treaty and also serves as a check that the text of the treaty has not been changed. How is a digital signature generated? Each player needs to use special encryption software (like PGP mentioned earlier) to generate two 'keys', one called the 'public key' which can be published far and wide, the other called the 'secret key' which must not be revealed to anyone. These keys form a linked pair, although knowing the public key does not in any way give knowledge about the private key. I think of the public key as being a bank account number and the private key as the account's PIN number. My public key looks like this:- - - -----BEGIN PGP PUBLIC KEY BLOCK----- Version: 2.6 mQBNAi0KAbAAAAECAKvbAmNHUAltz0+5Aeol24zINIzrqFBzx68MP61EKgGXPJLf 61O3HjfgnkN6bFGbJbLMajbyByOm7kIz2ig3eJkABRG0IkFsYW4gUG91bHRlciA8 YS5wb3VsdGVyQGx1dC5hYy51az4= =M5dE - - -----END PGP PUBLIC KEY BLOCK----- A digital signature, like the one below, is made by using your secret key on the text to be signed. Anyone else, using your public key, because it is linked to your private key, can then check your digital signature. It sounds like voodoo, and the mathematics which prove the security and validity of its operation are truly complicated (I make no pretence to understand them) but it does work. All you have to do to believe me is get a copy of PGP, give it my public key above, the text of this article and the digital signature following and PGP would tell you I wrote this. If this all sounds fiendishly difficult and time consuming, remember that it is all done by computer. A by product of all this is that email is potentially the most secure form of communication around, if you use encryption. If you suspect your postman of being in league with your PBM opponents then start PBEMing instead and use encryption! -----BEGIN PGP SIGNATURE----- Version: 2.6 iQBVAgUBLvxHeu5CM9ooN3iZAQFzowH/Y4ZZjrvJ3IdtPCh996mWxCZTY3eMKc4Q Mcy6J7WkjieMQ/8Ryc7/R2wkpckRyjEYGi0qhmNClCCa2nzV+8Uqbw== =aKNr -----END PGP SIGNATURE----- Alan Poulter Originally published in EuroDespatch: AHIKS Europe Newsletter, Vol.1 No.1