Encryption in Shadowrun

Encryption is an important security issue in a world where so much is hooked up to the Matrix. Assuming that that the p = np problem remains unsolved or that it has been firmly proved that p != np, it will always be easier to make encryption more difficult than decryption. No encryption scheme is absolutely unbreakable, but it’s not difficult to put enough computing power into encrypting to make it arbitrarily difficult to decrypt.

Public Key Cryptography

Public key cryptography is an important tool in a society that relies on cryptography for privacy. Basically, it creates a relation between two pieces of data called “keys”. If you use one key to encrypt a particular piece of data, the other key can decrypt it. If you designate one key as “private” and keep it to yourself, and the other as “public” and make it known to the world, it becomes possible for anyone to send a secure message to you by encrypting it with your public key (thus making it only readable by you). Similarly, if you send someone a message encrypted with your private key, they can verify that it’s from you by using your public key to decrypt it. (Thus, a secure transaction between two paranoid people is for person A to “sign” a message with their private key and then encrypt it a second time with person B’s public key. Person B can then decrypt the doubly-encrypted message with their private key and then person A’s public key.)

One-Time Pads

The one-time pad is the only encryption method that can be mathematically proved to be unbreakable. Basically, if you have a vast amount of digital garbage, you can then use that garbage to XOR a digital signal, and you end up with what appears to be more garbage. Only someone else with that one-time pad can do anything with it. (This would probably be stored inside a standalone unit containing a huge amount of data and not permitting access from the outside, offering only ports for encryption use. Opening the case would, of course, immediately trash the contents. This unit could vary from a tiny device designed to sit on top of a datajack to a terapulse datastore the size of a large tool box. You can figure out how big it needs to be by determining how much space the communication would occupy using the Shadowbeat rules.)

Encrypted Group Computation

There are ways, albeit more expensive than a straightforward retrieval, for N parties to supply N secret inputs to a computation and get back only the answer. Each party knows only their own secret input.

By defining some standard credit-check algorithms like “Does this SIN match this DMV ID?” and implementing them as encrypted group computation, you could avoid giving away the sensitive personal information to the Matrix as a whole. The local verifier would still have to know, and any institution taking the verifier’s word would of course have to trust the verifier.

Naturally, credstick verification services tend to only release hardware that can do this with black boxes that contain the appropriate encryption codes. Of course, an enterprising decker might be able to extract these...

Chaffing and Winnowing

Chaffing and winnowing is a technique for encoding that doesn’t use encryption. It consists of transmitting both useful data and bogus data, along with a key that permits the recipient to select the useful data from the whole stream, “winnowing the wheat from the chaff”. It does require that the two parties have a prearranged scheme for selecting the data.

Quantum Cryptography

True security is available at tremendous expense by using a hardware technique based on quantum theory. It requires having a very expensive direct fiber link between the two sites that want untappable communications. Any attempt to eavesdrop would disrupt the communications (due to the basic problem in quantum physics of any observer disturbing that which they observe). This is called quantum cryptography; the main use of such a system would be for secure transmission of encryption keys that could then be used to transmit larger amounts of data elsewhere. (A current problem in quantum cryptography is getting the distance available to go up; the best we can do in 1996 is about 10km before the signal on the fiber peters out. For Shadowrun purposes, we can assume that it’s possible to make a “quantum repeater” that has solved this problem. Naturally, this sort of thing would still be hideously expensive, since you can’t just ship packets around on a switched network like you do today...)


Steganography is the art of communicating through hidden information. If your opponent doesn’t know to look for hidden messages, they won’t bother trying to decrypt them. Generally, this can be done by hiding data in insignificant details of otherwise noisy information— the random hiss of a microphone could be masked out and replaced with a hidden signal, or the lowest bits in a color image taken from a noisy photograph replaced with useful information. (Since perfectly compressed data is indistiguishable from white noise, it would still sound just like hiss.)


Encryption can provide the hook for a number of possible shadowruns. Getting hold of someone’s private encryption key would be a natural way to get at their secret files, already grabbed by a decker. (Of course, it still might be necessary to fake his retina scan, fingerprints, cellular scan, and passcode, which could necessitate an extraction as well.) Runners could be used as couriers to deliver one time pads to people who need extreme secrecy.

Getting hold of the most important private keys— the ones used by governments, megacorporations, and banks— should be incredibly difficult, due to the potential for abuse. Game masters are encouraged to come up with elaborate means of safeguarding such things: the most common will be that one has to interact with a processor of some sort that will refuse to give up a private key, but will be happy to encrypt things with it. Attempting to open up the device should wipe the memory.

But what about the encryption in the source material?

Basically, FASA seems to be unaware of just how powerful good encryption algorithms can be. However, let’s try to put a reasonable patch on these things:

We can assume that the given encryption technology in the Street Samurai Catalog is as much encryption hardware as you can fit into that small an amount of Essence. Anything more than that would require larger amounts of processing hardware in order to translate that much bandwidth that fast. There’s no reason that anyone actually using an external headset should not be able to have extremely secure communications.

Scramble IC (and the Decrypt utility for defeating it) are simply nuisance levels of encryption, designed to get in the way of a decker, but not to stop someone from being able to restore the encrypted files.

Game Notes

In general, anyone who wants unbreakable encryption and has a Computer Theory of at least 3 or puts in a week of research can have it. (Making something truly unbreakable is very hard, but decryption can be made arbitrarily difficult.) Schemes can easily be devised that would require all the computing power in the Matrix to be crunching well after the universe has collapsed back upon itself, and they are used by businessmen and criminals alike.

The trick is, of course, getting to the encryption key— and shadowrunners are just the people to try. Remember: the more people that need access to something, the easier it is to get. Don’t design any secure measures that can’t even be used by the people who need them.