Bad Crypto: Chessography and Weak Randomness of Chess Games
Martin Stanek
TL;DR
The paper analyzes Chessography by exposing imprecision in description, a non-reversible XOR-mod step, and incomplete encoding of moves, arguing that security claims based on chess complexity are flawed. It analyzes 100,000 Lichess games to show that final positions exhibit non-uniform, limited randomness, undermining the purported cryptographic strength. The findings suggest that Chessography yields weak partial permutations and is impractical for secure encryption, especially under potential known-plaintext attacks. The work cautions against relying on game complexity and final-position randomness for cryptographic security and calls for explicit, reversible algorithms with provable randomness properties.
Abstract
This short communication shows that the Chessography encryption scheme is incorrect, redundant, and the the security claims based on the complexity of chess games are unjustified. It also demonstrates an insufficient randomness in the final chess game positions, which could be of separate interest.