4

I'm writing a one-time pad encryption program because I got really interested in the idea of "encryption which has been proven to be impossible to crack if used correctly".

I'm writing the program just for fun, as programming and cryptography are my hobbies. Therefore, I don't expect the program to be used for highly vulnerable data. I just wonder how secure my program is, and what I can improve (considering that the hacker won't have any access to the key file).

The program starts off by:

  1. Making a list of 50 numbers from the mouse movement coordinates at the start of the program.
  2. That number list is then the seed to the ISAAC Random Number Generator (More info here).
  3. A key file is generated based on the size of the file to be encrypted. The key file is generated from random numbers from the ISAAC Random Number Generator.
  4. The file-to-be-encrypted and the generated Key file are XOR'ed and saved to a new file--the ciphertext file.
  5. (deciphering) Happens by XOR'ing the key file and ciphertext file, and you get the plaintext file.
mephisto
  • 2,968
  • 20
  • 29
Janman
  • 335
  • 1
  • 9

1 Answers1

8

The perfect security of OTP hinges on the fact, that keys must be chosen truly at random and uniformly from the domain of all possible keys, i.e. all bitstrings of a certain length. The problem with your approach is that you use a pseudorandom number generator to generate the key.

It does not matter how good the generator is, because the entropy that can be used to generate the key is limited by the seed you use.

Let's, assume that the 50 numbers you use are really random and distributed uniformly -- and that is at least debatable for mouse movement. If you use 50 number in some range, lets say between $0$ and $x-1$, then for files of any size, you only ever produce at most $x^{50}$ different keys.

Obviously, for large enough files, this is much smaller than the total number of all possible keys and therefore, your perfect security does no longer hold.

An attack would for example consist of deciding which of two messages $m_1,m_2$ is encrypted in a ciphertext (your basic indistinguishability game). Keep in mind that for perfect security the runtime of the adversary is unbounded. That means that $\mathcal{A}$ could enumerate all $x^{50}$ possible keys and check if any of those decrypts the ciphertext to one of the two messages. This works basically, because the number of possible keys is much smaller than it should be and the chance that the ciphertext could also be decrypted to the other message is very small (for large enough messages).

Maeher
  • 7,185
  • 1
  • 36
  • 46