Using playing cards to store hidden data:
The implied card method for
encoding data into playing cards
The Basic Implied Card Method and the Recursive Implied Card Method lend themselves well to encryption.
The method of encryption best suited to the Implied Card Method is to alter the original order of the pack of cards. If the pack is completely random before data is encoded into it, it would be (very nearly) impossible to decode it correctly without knowing its original order. [I say "very nearly" because, strictly speaking, someone could try every combination.] Without knowing the order, you cannot know which cards are "absent" and which are "present". If the pack's order is random to start with, the encryption is as good as a one-time pad.
The best way to create (and keep a record of) the random order of the pack, is to shuffle a second pack of cards, and arrange the cards in the first pack to match it. We will call the second pack of cards the "Shuffled Pack", and the pack of cards that the data is encoded into, the "Data Pack". We shuffle the Shuffled Pack as much as we can, then arrange the cards in the Data Pack to be in the same order. The Shuffled Pack will be the only record of the original order of the cards in the Data Pack. If the Shuffled Pack is lost then the data will be lost too.
Once the Data Pack is in the same order as the Shuffled Pack, binary numbers can be encoded into it in exactly the same way as if it had not been shuffled. There would be no difference in the encoding method at all. The difference would come when the cards came to be decoded. With the decoding, instead of writing out a list of the card names on a piece of paper in order from the ace of spades to the king of diamonds, we would write out the card names in the order in which they appear in the Shuffled Pack. When that is done, the method of decoding would be identical.
Whoever intended to decode and decrypt the Data Pack would need to have the Shuffled Pack in order to know the original order of the cards. This would essentially be the same as using a one-time pad and would raise the problems of getting the Shuffled Pack to the decoder without it being intercepted. Supposing you really did want to encrypt important messages with cards, the encoder could encode their cards and then post just the Shuffled Pack to the decoder on its own. The Shuffled Pack would be innocuous as a pack of cards, and could be boxed and sealed up in cellophane to detect tampering. If it arrives tampered with, then the encoder can choose not to send the Data Pack and both parties can start again. Nothing is lost if an adversary sees the Shuffled Pack without the Data Pack as long as the encoder and decoder are aware of it. They can start again with a new Shuffled Pack and mix up the Data Pack again. If the Shuffled Pack arrives without having been tampered with, then the Data Pack can be sent on afterwards. If the Data pack is intercepted by someone without them having seen the Shuffled Pack, then it would be completely meaningless and indecipherable.
A possible attack on the encryption:
Although a shuffled pack is technically random, the encryption is not 100% impossible to decrypt. There are a finite number of combinations of cards in a pack (the factorial of 52). Therefore, if an adversary tried every single possible combination, they would eventually stumble across the correct combination that allowed them to decrypt the message. The factorial of 52 is 8 x 10^67, so it might take a very long time, but it is still technically possible.
If the encoded data contained something intelligible such as ASCII text or a known range of bits, it would be possible to know when the correct combination had been found. If the encoded data consisted of just a bundle of 1s and 0s without any pattern, it would be much harder for an adversary to know when the correct data had been decoded. If the encoded data contained an encryption key for something else, it might not appear intelligible, but it would still be possible to test the results of each combination against whatever had been encrypted with that key. From an adversary's point of view, one draw back in brute forcing in this way is that there might be more combinations of cards than there are combinations for keys. In other words, it might be quicker just to brute force the original key, rather than try to find out what the key was by decrypting the cards.
To improve the card encryption, more than one pack of shuffled cards could be used. 2 packs have 104! (1 x 10^166) combinations; 3 packs, 7 x 10^275 combinations. If the different packs had different coloured backs, then they would not be confused in the encoding and decoding procedures.