If you want to calculate the cipher on paper everything that works on binary will be a huge overhead and basically require you to write stuff down for the calculations. So you need to burn sheets of paper for every en/decryption. So no XOR or anything.

I would go for a stream-caesar-cipher. Find a mathematical formula that you can calculate in your head and that gives you a numbers between 1-35 (or something similar depending on how many different characters you need). The formula must be pseudo random so f(x)=5, f(x+1)=1, f(x+2)=28, … and not loop for a looooong time. Calculate a new value FOR EVERY LETTER OF YOUR TEXT!!! and use that as your Caesar cipher for that letter only (x is the position of the character in the text)

You need to keep track which letter in your cipher text was encoded with which x (write the x of the first letter of each page down) and keep the formula a secret. Never ever under any circumstance reuse an x. So you need to keep x going for every page/message and can’t restart at 1 each time.

If x becomes to large and the calculations to complicated, its better to change the formula than to restart x. Never ever ever ever reuse the same cipher because then you get all the drawbacks of Caesar ciphers (probability of letters, length of words (position of the space character) etc).

You can do RC4 on pen and paper, more precisely 256 pieces of paper. There’s also a variant of this cipher that uses deck of cards instead, RC4-52. There’s also another stream cipher that uses deck of cards to store state and it’s called Pontifex/Solitaire. Both have some weaknesses

VIC has way too short key for modern uses, but maybe there’s a way to strenghten it

On related note, i guess that it would be possible to implement modern stream cipher with NLFSR in electromechanical machine, no silicon needed. WW2 era cryptography like this (enigma, M209 etc) were in a way stream ciphers and these require some of least hardware. Key storage and scheduling becomes bigger problem

Have a list of pregenerated numbers that each participant has, and do a ciphering system based on those. Like a book cipher, but smaller, more portable, and faster to eat in case of emergency.

Book cypher. 2 copies of the exact same book. The cypher is an agreed upon system of indicating letters or words.

https://en.wikipedia.org/wiki/One-time_pad

No, not possible.

The closet we’ve seen are the zodiac killer’s scribbles and they lasted as long as they did because he made a mistake (and frankly because no security researcher was really trying).

Modern cryptography works because it shuffles data around so much that it appears random. There’s simply no way to do those sorts of operations with just pen and paper.

The chair is against the wall and John has a long moustache.

You need a way to generate a psuedo random sequence that’s synchronized. You can then use that random stream as something that works like a stream cipher.

Getting synchronized sources of random numbers like that isn’t trivial, but it can be done.

To spitball a notion: get something like a small microcontroller that can drive a small screen, no wireless capabilities needed. Putting an implementation of something like the hotp algorithm on it will let you get some random data with each button press. That data can basically be used like a one time pad where you press a button each time you need more data. People decrypting the data just need to start at the same point in the sequence.

There are so many issues with this that I haven’t thought of, but it’s the most reasonable approximation of a pen and paper algorithm that has modern security levels and can be done in a reasonable amount of time.

Basically, you’re going to want to look into stream ciphers. Since those can be done without feeding the data into them, it’s possible to have a more disconnected system.

It’s worth noting that against a governmental adversary, you’re far more likely to be revealed via poor application of a custom crypto system than by a targeted bypass of a commonplace one.
If you’re under suspicion, a cop can grab the piece of paper you did your work on out of the trash if you forgot to burn it and no decryption is required. Being physically readable, the key material can be seized and it’s lost. If they have a warrant they can put a camera in your house and just record your paper.
With a cellphone, the lowest level of scrutiny that can use a backdoor that we know of would be a sealed fisa court order. Anything less official would require more scrutiny, since the NSA isn’t going to send a targeted payload to the phone of a generic malcontent/domestic subversive.

Widely used crypto systems address an extremely wide array of possible attacks, most of which aren’t related to the cipher but instead to issues of key management and rotation. This can give you guarantees about message confidentiality being preserved backwards in time if the key is stolen,cand only new messages being readable, as an example. (Perfect forward secrecy)

What you’re looking for can be made, but you need to strongly consider if it actually makes you more secure, or less. Probably less.

The code could associate skipped or unskipped symbols with the location of stars in the sky at a distant point in time unknown to those trying to break the code

Also maybe microdots would be more effective. Not exactly pen and paper, but still analog. Hard to crack a code you can’t find.

Just use a simple keyword like “TESLA” as your cipher. Sure, they can crack it, but they’ll probably be wasting time in Colorado for weeks before they get to the end of your journal.

Make your own language

Maybe something akin to a book code, although machine learning may be able to crack those by that time.

I am not a cryptographer so I have no idea really.