Hacking in Cryptomancer
When not to include a character option in a role playing game
Players and Characters
Some time ago, I wrote a short post about genre and setting. In it I mentioned the difficulty of running a detective story in a generic role playing games (RPGs) system:
[A detective story] is a somewhat more difficult story to adapt to role-playing games because it relies on the players’ ability for deduction. This means that the player – rather than the character – is doing the detective work. It would render the whole thing very boring to ask players to roll for deduction instead of letting them solve the mystery at hand.
This means that the role-playing aspect of such a game shouldn’t involve too much game mechanics. It cannot be played in all rule systems.
When playing an RPG, the Player sits around the table and makes decisions about their Character’s action. Player and Character are distinct. This imposes limits on what RPGs can do – as per discussion about detective stories above.
However, each RPG system distributes responsibilities to Player and Character in its own way.
Cryptomancer
More recently, I’ve started to look up non-D&D RPGs. I’m both trying to find other games to play (D&D falls short in a lot of places) and learn about other mechanics out of mere curiosity.
One game I stumbled upon is Cryptomancer. A classic fantasy setting (Dwarves, Elves, and Humans, Magic, Swords, and Castles, etc.) with the addition of cryptomancy: the magical practice of cryptography. This magic takes the form of spells to encrypt, sign, decrypt, or authenticate messages.
Interestingly, Cryptomancer has no hacking skill. From the rule book:
There is no “hacking” or “information security” skill available to characters by design. That’s because instead of rolling dice and saying “I hack the things,” players will instead be saying “I will use the keyphrase I interrogated out of our prisoner to impersonate him and send a message to his comrades to meet at the old windmill, where our trap will be set.”
In other words, all the information security in Cryptomancer is done by the Player. It is not merely a Player’s mechanical choice that results in a Character’s success/failure (e.g., “I attack the goblin” is followed by the player rolling dice rather than swinging a sword), but it is the Player’s doing entirely.
Drawbacks, advantages, considerations and open questions
I haven’t played a game of Cryptomancer yet. I’ll try to get a group of players together and run a short campaign. But in the meantime, I have started planning. And as part of the planning, I am considering what to do with this deliberate lack of hacking skill, how to leverage it and what to watch out for.
Cryptography novices
What if some players are complete novice to cryptography? Cryptomancer seems like a good game for players to learn the fundamentals and to think about different uses and implications of cryptography. But how much would they enjoy the game?
In general, if a part of the game is the responsibility of the player rather than the character, how do you ensure that players with various competence in that part of the game still enjoy it.
In the same area of concern: When the players have mixed level of understanding of cryptography, how to make sure everyone enjoys the experience?
To some extent, there’s no unique answer to these questions and it depends on the group composition. And in addition, it might be that some players will not enjoy the do-it-yourself cryptography and that Cryptomancer is not a game for them.
Full immersion
Because the Player-Character boundary is shifted somewhat, it can lead to more immersion for the players. That is, by putting more responsibility on the Player themselves, by giving some of the Character’s responsibility to the Player, it can lead to the Player feeling like a more integral part of the in-game universe. I say “can lead” because it’s not automatic, it must be worked into the play.
There is a meme that goes along the lines of “Press X to pay respect”, poking fun at the immersion-breaking overuse of character-centric mechanics.
For most groups playing most RPGs, the players speak the words of their character. That is there is no skill for speak, converse, or dialogue. Except that there often sort of is: D&D has deception, intimidation, and persuasion skills. These skills feel strange to use: there are no consequences for a player delivering convincing versus unconvincing lines to an NPC, instead, the result is determined by a dice roll. It somewhat breaks the immersion, the feeling of being involved in an unfolding story, when a NPC accepts really bad arguments.
Generally, D&D has lacklustre rules concerning social interactions and it takes a good DM to work around the mechanical limitations. Maybe, D&D should not have any Charisma skills?
Fantasy, Challenge, Discovery
The absence of hacking skills in Cryptomancer is a design decision about Mechanics. And as all decisions about Mechanics, it affects Dynamics and ultimately Æsthetics – using the Mechanics-Dynamics-Æsthetics (MDA) framework1. Some æsthetics to watch out for:
- Fantasy (Game as make-believe) As mentioned above, Cryptomancer’s approach to hacking can enhance immersion which reinforces Fantasy.
- Challenge (Game as obstacle course) Because hacking becomes a player’s responsibility, it becomes a different challenge, a more direct and tactical one.
- Discovery (Game as uncharted territory) The player being drawn in-game to complete cryptography-related tasks makes the cryptography an uncharted territory that needs exploring. This loops back to the use of Cryptomancer as a teaching tool for cryptography.
Flexible Player-Character boundaries
Cryptomancer is not the only TTRPG to give the players the responsibilities for a core skill, and TTRPGs are not the only games to do so.
Video Games
In video games, character actions are under more or less direct control of the player. E.g., in The Legend of Zelda: Breath of the Wild, the player is in direct control of the positioning of Link but the same player only instruct Link on what ingredients to mix together. The former involves somewhat direct controls (albeit positioning is a function of movement which is arguably somewhat indirectly controlled by the player) whereas the latter involves very indirect controls (choosing ingredients is not cooking). In other words, positioning (unlike cooking) is the responsibility of the player, not of Link.
Less well known but more to the point, A Normal Lost Phone smashes the in-game out-of-game boundary by presenting the in-game Lost Phone as a mock interface on the Player’s out-of-game actual phone. As a Player, you tap on the screen of your phone to control an in-game phone. The bulk of the responsibilities is shifted to the Player.
Flexibility
Video games generally have a fixed set of Player responsibilities and Character responsibilities. Table top RPGs tend to have a more fluid separation of responsibility. The game master can skip a whole shopping sequence or montage a travel sequence when the stakes are relatively low, and decide to involve the players when the stakes are high. E.g., if the party is wanted by the authorities, then maybe shopping starts by locating a merchant that might be sympathetic and continues by finding the right words to convince them to accept the party as customers.
Remarks/Questions to end this post
Some responsibilities cannot be given to the Player (e.g., casting spells), and some should not be given to the Player (e.g., the use of weaponry). Arguably, some responsibilities cannot be given to the Character (e.g., agency), and some should not (e.g., see remark about detective stories above).
As a game designer, how to decide the distribution of responsibilities?
As a DM, how to leverage the distribution to improve the game?
A future post might go into details of the MDA framework, in the meantime, the original paper is can be found on https://users.cs.northwestern.edu/~hunicke/MDA.pdf↩︎