It is well-known that the two-time pad is very insecure. However, it seems unexploitable in the case where the plaintext is indistinguishable from random (ex. symmetric keys).
Is this property useful?
Note: I don't plan on using this in production.
Asked
Active
Viewed 464 times
1 Answers
6
By two-time pad I assume you mean using a one time pad key to encrypt two messages. Lets say $K$ is the key and $m_1, m_2$ are your messages. Then from the ciphertexts $c_1 = m_1 \oplus K$ and $c_2 = m_2 \oplus K$ an adversary could trivially learn information such as $x = c_1 \oplus c_2 = m_1 \oplus m_2$. Whether or not this information is "exploitable" may be application specific (in general it is very hard to say what "exploitable" should mean). However, the fact is that you are leaking information on your secret messages and you should be very careful.
Take the following example of how this could go very wrong: Say I want to send two random 128 bit strings $m_1$ and $m_2$ to a friend who should then use $x = m_1 \oplus m_2$ as an AES key. If I send $m_1$ and $m_2$ using regular OTP then there is no problem. Using the two-time pad, as described above, the AES key is revealed.
Guut Boy
- 2,907
- 18
- 25