13

The symmetric cryptosystem one-time pad (OTP) seems to be very beautiful since it is perfectly secret according to Shannon. Many books, however, point out the main drawback: one must create a secret key the same length as the plaintext. For this reason, the concept of perfect secrecy has these days been abandoned, and we prefer other cryptosystems.

Now, for example, suppose I want to encode my text message with the ASCII scheme, and moreover suppose that this plaintext is 10 gigabytes long, therefore (using an OTP) the key must be the same length, 10 gigabytes. I think, however, this is a ''sustainable price'' because I'm sure that the ciphertext can't be attacked.

Practically, I don't understand why having such long keys with an OTP is a big disadvantage if we reach "the dream"-- namely, perfect secrecy. Nowadays the storage of information is very easy, so what is the real problem? I can, for example, share the "long key" in person.

kelalaka
  • 49,797
  • 12
  • 123
  • 211
Dubious
  • 273
  • 1
  • 2
  • 6

3 Answers3

20

Actually, the problem with OTP isn't the storage of the pad (although secure erasure of the parts of the pad you used is trickier than it looks), and it isn't the pad generation (although, again, that's trickier than it looks), but the secure transport.

After all, it's not enough for you (Alice) to have the secure pad, you also have to give a copy to the guy (Bob) you're sending the message to, and you need to send it in a way that's secure.

That's the real reason OTP's aren't used that often; OTP's would require meeting with the other side directly, or alternatively using a trusted courier; we rarely want to put up with the expense with either, especially since there are cheaper alternatives available.

poncho
  • 154,064
  • 12
  • 239
  • 382
2

There are too many pitfalls preventing effective usage of the one-time pad electronically, but they were used extensively during several real-life conflicts, especially during the Cold War.

Firstly, for the one-time pad to be truly secure, the key must be at least as long as the message. If you have a secure channel you can rely on to transmit the key, you may as well skip the whole OTP process and just directly use that channel.

Secondly, generation is tricky. If the attacker is able to determine the algorithm and parameters you used to generate the key, they can determine the entire key, giving them the ability to crack your message. A normal PRNG won't work. For maximum security, you'd need to rely on some natural process (dice, atmospheric noise, radioactivity, etc.)

One-time pads sound amazing, but are very hard to organize in practice.

adrian
  • 161
  • 9
-2

A stream cypher uses a password to create a unique key of same length as the plaintext, so it can be thought of as like a one-time-pad.

Some problems are: 1. ensuring that a particular key is never re-used, 2. ensuring that there are no patterns in the generated keys which make it possible to guess or predict.

These problems were part of the downfall of the RC4 cypher.

AD1MT
  • 1