It's not really hard to derive backwards, the point is to understand the process of going forwards.
It's quite impossible to go from C1 to S1, so I guess going forwards is even more difficult to figure out than that.
So it's impossible to use 6 letters for each seed word, right?
Why not? Say you have 12 rows. In the first two, you use 12 letters to note the rules (as it seems needed). The rest of rows are consisted of 60 letters. Given that we only need the first four letters of each word and its position, we would need 4*12 letters + 12 positions = 60.
Imagine writing down the name of each wallet in a small notebook, with the corresponding seed phrase below in ciphertext, and then keeping a copy of the CipherCard in your safe with the rules for substitution encryption written on the back of the copy.
Again, I can tell the security of this setup. However, I believe it is more complex than needed, and complexity is the enemy of security. I think that a well-setup multi-sig could provide about the same levels of security.
You could even keep a picture of the CipherCard in Gmail's drafts folder, the rules in Outlook's drafts folder, and the ciphertext of the seed phrases in the drafts folder of all your email services, and then use another CipherCard to manage the passwords for all your mailboxes.
Doesn't that make sense?
In my view, if your setup has to rely on third parties, it isn't an ideal setup.