Cryptomancy for Fate

Version 0.2 - 2017-06-23

/user/fabiocosta/ Disclamer_and_notes

This is an adaptation of Cryptomancy, from Cryptomancer RPG by Chad Walker, for Fate Accelerated Edition by Evil Hat. Although this refers in some points to Masters of Umdaar, a World of Adventure for Fate Accelerated by Dave Joria, the rules are generic enough to be used in any Fate Core or Accelerated based setting with little to nothing adaptation. All the moral rights were respected here.

This is part of Mozilla Cryptomancer Challenge.

/user/fabiocosta/ Changelog

/root/fate/ Shards_and_Shardnet

Permissions and Costs

  • Permission: None
  • Cost: Stunt (indicating the posse of a Shard)

The Shards are special mystical crystals from the Demiurge Age (or before), that can be used to send echoes, messages to a Shardnet. There’s no need to roll to send an echo: just take an action (or even a free action) to just think about the message while holding the shard.

So, to send an message to another person, one needs to have a shard from the same crystal the other have, so he can echo his message into his private shardnet. The echo stays into the shardnet by a time based on the number of shards that make them, in hours. For example, in a shardnet made of 6 shards, an echo stays on the shardnet by 6 hours, fading away after that.

Also, the most recent echoes resonates more powerful into the shardnet than the older ones, so sometimes try to read an older echo could be burdensome, needing some roll to find his total content (although just know that there’s an echo needs no check). This is useful as a way to find if an information is useful or not, or to find if someone echoed something and then echoed some corrections on his information from the older echoes.

There’s no way to avoid someone to see shards not intended to him, except using the Cryptomancy techniques: cleartext echoes are public inside an specific shardnet, made from shards from the same crystal. There’s some special magical procedures to hide and cypher the echoes, beside other things, called Cryptomancy.

/root/fate/ Cryptomancy

Permissions and Costs

  • Permission: Aspect indicating the knowledge on Cryptomancy
  • Cost: Stunts (for the Cryptomancy Magics)

Keyphrase using

Using a Keyphrase to send an echo into a shardnet (either private or Shardspace), is considered a Clever Create Advantage Roll against Fair (+2) difficulty. In Failure, the echo was sent as cleartext and/or there’s a chance the sender sent the Keyphrase. In a Tie, the echo was sent as cyphertext, however there’s a chance the sender accidently sent the Keyphrase for the echo with it (GM discretion).

Those who knows the Keyphrase will automatically receive the echo as cleartext: the mystical decrypting process is automatic as long the target knows the keyphrase. Anyone that looks for an encrypted echo into a shardnet but doesn’t know the keyphrase will only see gobleedegook. However, as this keyphrase method is simmetric, those who use it need to secure the shardnet by other was, as people that knows the keyphrase can either send or receive any message encrypted with the keyphrase.

Brute Force

Using Brute Force to discover the Keyphrase has a difficult based on (a) the number of words in the keyphrase and (b) the size and how common it is in idioms. Foreigner words can offer +1 on the difficult to brute force the keyphrase. The roll is done by Clever (or Careful) using the difficult based on the Keyphrase (normally Fair (+2)). A Failure could result either in still having gibberish or on the original user being alerted on the compromise of that Keyphrase. However, in a Success, the character discover the keyphrase and so can decrypt the echo.

True Name and Soul Key

Every living thing has a True Name, a special and unique name that was given someway (normally by their parents) to him. And with him there’s a Soul Key a mystical word, so powerful that freezes time. The Soul Key can’t be passed through voice: even someone could say another’s Soul Key (which is almost impossible), this would be not effective for any cryptomancy reason.

Anyone that knows someone’s True Name can encrypt an echo that will be decrypt just by the Soul Key of that person. Also, someone can “authenticate” an echo by sending a message encrypted using his Soul Key, so someone that knows his True Name could see this message as sent by the person.

To use this, the sender needs to know the True Name of the receiver (as an Aspect) and use a Clever Create Advantage, as in the Keyphrase. However, in case of failure, there’s no way to either reveal the receiver’s True Name or Soul Key, just the message was sent as Cleartext.

An important thing: if someone dies, his True Name became a simple Keyphrase. This is important because, if someone kills other person and knows his True Name, there’s some ways for him to pass on it, and, as the True Name is now a common Keyphrase, he could decrypt echoes sent encrypted with it. This will be important in the future.

Cryptomancy Stunts

/root/fate/ The_Shardscape

In the ancient past, even before the Demiurge time, a massive shard crystal was found in a big mountain. The Demiurge documents founds says that this crystal crashed in Umdaar ages before the Demiurge ascension, and the Gods themselves sent it to Umdaar. Some says that those who touched this crystal found knowledge beyond the wildest dreams from the humans or any race. Some, however, says that those who tried to touch it straight had gone totally, utterly bonkers, babbling about the future, the past, the stars and utterly having their mind shattered, crashed by the sheer, massive, quantities of knowledge they needed to process all those.

However, some discovered how to safely lapidate the crystal, taking some big shards to cities and, using this, they could create the Shardscape, a kind of public network where everyone could search for information.

However, there’s some problems on the Shardscape.

First of all, the shards from Shardscape are really big, too much to be practical for common use, the smallest ones at the size of a melon. So, very difficult to be transported.

Second, the Sheer volume of information on it turns very difficult to use it as communication network. The one who tries to find things into the Shardscape needs to really focus himself into the action, to “search” for the echoes that they wants.

Third, unlike the private shardnets, in the Shardscape there’s almnost no echo fading, echoes getting into the Shardscape for months. This is important because:

  1. There’s no way to remove an echo from the Shardscape, so there’s some problemns with fake information and so on;
  2. Echoes encrypted with True Name can be read for other people, as soon the True Name owner is dead: this because the True Name then turns itself into a common Keyphrase, so everyone who knew it can decrypt any echo still on the True Name;

Fourth, if you want to send a message to a specific person, you’ll need to make it clear somewhat that the message is for her specifically. Some techniques for this:

  1. Using Cryptomancy, either by arranging a common Keyphrase or by know her True Name
  2. Just send as cleartext and using his common name, as it’s a common practice for those who use the Shardscape search for their own common name to find information about him;
  3. Using some initial information that put on focus on the message, like “Looking for bodyguards at the Fartime Elysium”, so everyone that is looking for a job as bodyguard and uses the Shardscape could find this echo easily. This can be used as a way to stabilish social networks inside the Shardscape: the Fartime Monastery Monks are knows by using this, confident into the Elysium tradition of non-violence as a way to propagate echoes with information and requests otherwise impossible to be done. Some of the Masters, however, are accomplished on use this technique to bring innocent people under their grasp.

And another problem, no Cryptomancy spell (like Denier, Tracer, Shard Spike and so) don’t work in the Shardscape

Querying the Shardscape

For searching for some information in the Shardscape, the character needs to be totally concentrated on the action of querying the Shardscape and roll against a Fair (+2) difficult, until otherwise said, even if he was expecting echoes encrypted with Keyphrases or True Name cryptomancy: the sheer volume of information in the Shardscape is enough to make things burdensome. The GM can increase the difficult based on time and specifics, or can decrese it if he was trying some generic information (like, discovering if there’s some job from a group he knows).

A Tie should be treated as an Success, but maybe he can take some Irrelevant Information with the desired echo. In case of Failure, a character can suffer a Too Much Information!!! Aspect (or similar), representing the amount of echoes he somewhat bring with the one he needed, as a Cost for the Success. A Sucess with Style can bring some Extra Information useful for the characters.

/root/fate/ Bridging_Shardnets

A Private Shardnet is a good thing, but sometimes the use of private shardnets are limited by the small number of shards oft the same shard crystal, and so in the same shardnet. But using the Shardscape has the drawbacks on the privacy and limitations because of the sheer volume of echoes on it.

But there’s a way to use more than a shardnet for communication, and it is by bridging the communication between two shardnets by holding shards of each shardnet on each hand, so the echoes from both shardnet resonates in both. The one who works as bridge can listen all the echoes on it (as long he could do it normally, like by knowing the keyphrases involved), but can’t echo himself any message. Also, this would be apply only for new echoes: old echoes don’t replicate into the shardnets.

The new echoes into group of bridged shardnets stays on them as the bridged shardnets where only one: so, in two bridged shardnets with 4 shards each, the echoes resonates for 8 hours. So, a way to discover if there’s any bridge in a shardnet that should not be bridged is by how much the echo stays on it.

You can expand even more the bridge, by putting a “broker” shardnet that surrogates the echoes between two shardnets that otherwise could not be bridged (by any reason). The resonation time is calculated the same way, by summing all the shards in the shardnets in hours. Normally, when someone wants to send an echo to other people using a third shardnet as bridge, by travesing it, uses True Name to warrant the message arrive to the sender and only for them.

This can be used agrresively, by offer access to a shardnet for people that should not, and as long no echoes are send, it difficult to detect the bridge. It can be done even by bridging the shardnet to the Shardspace, by touching a Shardscape shard while holding a private shardnet. Or people could send echoes and echoes, so creating so much noise in the private shardnet that the communication could be impractical for hours!


A Cryptoadmin is someone that act as a facilitator on bridging shardnets, and as a registrar of all communications that passed by him, with informations on who created an echo (if possible), the content and keyphrases used (if possible). They also know the authorized users and their passphrases they use to prove their identities and to access their services, all of them registered into a registry.

A Cryptoadmin can enforce security policies, by forcing people to exchange periodically their Keyphrases, scolding or kicking users that uses cleartext in the shardnet, query the Shardscape on the users’ behalf if needed, and using challenge questions to detect if the shardnet was somehow compromised.

As they can take information from a shardnet and repass them to another, they can work as information broker for some groups: some of the Masters uses henchmen as Cryptoadmins, so they could insolate themselves and send information to and from troop via a broker. Because of this, their homes, cryptovaults, tends to be heavily fortified and/or in a inaccesible place. Considering the registry, this is also very important.

When they bridge two shardnets, is common protocol the Cryptoadmin to create and send into each shardnet a keyphrase that they could use for secure communication, so if there was a illegal bridge after the bridge being stabilished the communications could be still secure.


Created by the Demiurges or some people before, they are artificial constructs that, when he first activates, create a True Name and tell to a cryptoadmin. Since them he use his multiple squid like limbs to bridge shardnets, while one of them register the operations into a registry. In a very simple understanding, the Golems are a kinds of automated cryptoadmin, fasters and more capable than common cryptoadmins. So, a Golem has lots of shards near himself, and sometimes even a Shardscape shard.

The main problem is that Golems are expensive, needs a constant power source (like a waterwell or steam), and a cryptoadmin needs to be there to make maintenances on it. Also, a Golem is somewhat vulnerable physically, so they should be put into cryptovaults.

To use a Golem to send an echo to another shardnet he could, the sender should first send a message to the Golem encrypted with his True Name, and them the message, encrypted by any keyphrase or True Name that he wants. Then the Golem will send the echo through all the shardnets he can, including if needed the Shardscape.

Also, he can listen for echoes that are encrypted with his True Name from all shardnets he’s connected, including the Shardscape: if someone in the Shardscape wants to send something to the shardnets connected to that Golem, he can do this by sending a message to it encripted with his True Name, the message being encrypted with any keyphrase or True Name he wanted.

Someone that knows the True Name of a Golem can use it to listen for some specifics keyphrases, by sending them to the Golem using a message encrypted with its True Name. Every echo in the shardnets that the Golem can access, including the Shardscape, are sent for the shardnet that send the message. This could be a problem, as someone could try to take down the shardnet and even the Golem by sending lots and lots of messages and mae the Golem goes down being unable to traverse all the messages to the shardnet, or to create so much noise the target shardnet could not be usable.

/root/fate/ Authentication_And_Cryptogears

Many shardnets, specially those that have cryptoadmins and/or Golems on it, can use some Authentication to use it, so the cryptoadmin/Golem could verify if the user is who they say they are and, by this, registry and somehow grant or forbid access to some shardnets or keyphrases he can listen or echo on it. Normally, the authentication on a shardnet secured this way is done by sending his name and a presetted passphrase, encrypting this message by the same combination of name and passphrase as keyphrase. When he authenticates, the cryptoadmin confirms if he’s an authorized user and grants the access for the resources he can use. Sometimes, in some shardnets that has some secured parts, some kind of Banners (we’ll see more about this later) can be set by Cryptoadmins, so new users (or lazy ones) can be remembered on the procedures to authenticate into the shardnet.

An even more complex and secure authentication is the True Authentication, that is based on True Name: when touching the secure shard, the used send his common name. The cryptoadmin/Golem encrypt a keyphrase with the True Name of the user (that he gave to them before). As only the Soul Key that matches that True Name (the user’s) can receive the message, only him could receive the keyphrase. After that, the user uses the keyphrase to ask for access to shardnet resources.

When the authentication potential of Cryptomancy was shown, some people started to develop cryptogears, mechanical devices that respond to operations based on cryptomancy authentication. The simpler one is the cryptolock, a lock with a shard imbedded on it that responds only when touched by the user, that them send a message with the passphrase encrypt with the passphrase (this is done to avoid the risk of someone just take an unused shard and listen to the passphrase as cleartext).

To change a cryptolock passphrase, you just need to send an echo with the new passphrase encrypted by the old one. If the cryptolock shard is removed, he can either get into a default state (like a door that should stay shut) or engage a security protocol (like start to make gas gone into the place).

There’s some more complex cryptogears, like those who would rotate a chamber accordingly with the passphrase used. Constructing and repairing cryptogears (including changing the shard) are Challenges. Specially when repairing, while repairing, the cryptolock goes either in the default state or in the security protocol.

Some of the most complex or secure cryptogears can have their shards hidden somewhere, only a remotely placed “command shard” being used for issuing commands.

In Fate Rules, you can treat cryptogears as Extras, and cryptolocks as Aspects on it. If you have access to the Fate Adversary Toolkit, Cryptolocks can be treated as a Distraction, Countdowns and Hazards, like the sample below:

Distraction: A common Cryptolock

  • Choice: How the character will open the Cryptolock?
  • Opposition: Fair (+2)
  • Repercussion (using the correct Keyphrase to activate it:) The cryptolock will open correctly
  • Repercussion (trying to remove/change the Cryptolock shard:) The cryptolock engage into a default state or security protocol
  • Hazard: Fair (+2) Knockout Gas Security Protocol Weapon: 3

/root/fate/ Cryptomancy_Magics_In_Real_Life

There’s some cryptomantic spells that can be used in “real life”, to somewhat encrypt parts of reality or make some of the reality works with the shardnets. Some of them have limitations, the main one being that no cryptomantic spell works against the Shardscape: it’s impossible to use the Shardspace as a Shard Scry or to Trace someone via Shardscape. Also, it’s impossible to do this by traversing shardnets, althought those directly bridged by real people (not by Golems) can be target of cryptomantic spells.

Below we list some of the more common cryptomantic spells that works into real life. Each one is treated as a Stunt, with an Cryptomancer Aspect as a Permission, with the optional rule for the GM to treat them as small artifacts: the user needs to pay 1 FP to be able to use them for an adventure, and they need to find someone the give them some kind of parchment or otherwise give them a copy of the spell.