Cryptography Stack Exchange
Cryptography Stack Exchange

Questions tagged [one-time-pad]

A cipher which uses a different encryption key every time, as long as the message. The key is XOR'ed with the message to render the cipher text which can then be XOR'ed with the same key to get the plain text.

A cipher which uses a different randomly-generated, pre-shared key stream of the same size as the message. Commonly the plaintext is XOR-ed with the key stream to generate the ciphertext. Similarly XORing the ciphertext generates the plaintext.

Modular addition / subtraction may be used instead of the XOR operation. As long as the key stream is perfectly random, the OTP is considered provable secure; in practice the stream is never perfectly random.

Another issue with the one-time-pad is that the size of the key stream must have at least the same size as the message. This makes it impractical for many use cases.

426 questions
124
votes
7 answers

Taking advantage of one-time pad key reuse?

Suppose Alice wants to send encryptions (under a one-time pad) of $m_1$ and $m_2$ to Bob over a public channel. Alice and Bob have a shared key $k$; however, both messages are the same length as the key $k$. Since Alice is extraordinary lazy (and…
Elliott
  • 1,711
  • 3
  • 15
  • 9
86
votes
11 answers

Is modern encryption needlessly complicated?

RSA, DES, AES, etc., all use (relatively) complicated mathematics to encrypt some message with some key. For each of these methods, there have been several documented vulnerabilities found over the years. Some even believe that there is a…
Ozzah
  • 977
  • 1
  • 7
  • 6
79
votes
3 answers

How does one attack a two-time pad (i.e. one time pad with key reuse)?

My question might appear the same as the question Taking advantage of one-time pad key reuse?, but actually I did read all the answers and none of them helped me with the details I need. I am new to cryptography and my problem is with two time pad…
Samer Makary
  • 993
  • 1
  • 8
  • 8
42
votes
8 answers

Simply put, what does “perfect secrecy” mean?

I would like to ask for a clear (but maybe not so deep) explanation of what the term "perfect secrecy" means. As far as I have researched and understood, it has to do with probabilities of assuming that a certain variable will be the key for a…
Emyr
  • 571
  • 1
  • 5
  • 6
29
votes
7 answers

Why is OTP not vulnerable to brute-force attacks?

I saw this question on the book Understanding Cryptography. At first glance it seems as though an exhaustive key search is possible against an OTP system. Given is a short message, let’s say 5 ASCII characters represented by 40 bit, which was…
Vladmostov
  • 295
  • 1
  • 3
  • 8
26
votes
3 answers

How is the One Time Pad (OTP) perfectly secure?

The Wikipedia entry on One Time Pads (OTPs) states that if this cipher is used properly; ie, the keys are truly random and each part of the key is independent of every other part, it's uncrackable, and yields perfect secrecy, i.e., $H(M|C) =…
xyz
  • 465
  • 1
  • 5
  • 9
22
votes
7 answers

What is the difference between a stream cipher and a one-time-pad?

A (synchronous) stream cipher is an algorithm which maps some fixed-length key to an arbitrary-length key-stream (i.e. a sequence of bits): $C : \{0,1\}^k \to \{0,1\}^{\infty}$. This key-stream is then XOR-ed with the plain text stream, giving the…
Paŭlo Ebermann
  • 22,946
  • 7
  • 82
  • 119
21
votes
1 answer

How to attack a "many-time pad" based on what happens when an ASCII space is XORed with a letter?

I've already sent my correct solution to a homework exercise from Dan Boneh's Introduction to Cryptography class on Coursera: "Let us see what goes wrong when a stream cipher key is used more than once. Below are eleven hex-encoded ciphertexts that…
sunrise
  • 321
  • 1
  • 2
  • 5
20
votes
9 answers

Is one-time pad encryption vulnerable when near identical data is sent many times with different OTP?

Let's assume a text file that grows at its very end but is otherwise not edited. We now have 100 transmissions of this, but OTP-encrypted (different OTP each time, of course). The first 50% of the original file are identical. Of course nothing can…
Dreamspace President
  • 341
  • 2
  • 9
20
votes
3 answers

How were one-time pads and keys historically generated?

In the 20th century, it was common for various intelligence agencies and military organizations to use ciphering machines and one-time pads. However, no source I've seen ever mentions the process of generating the keys and printouts for such…
Mark
  • 835
  • 7
  • 24
20
votes
3 answers

Can I use a one time pad key twice with random plaintext?

I understand the basics of OTP: $|\text{key space}| = |\text{plaintext space}|$ implies perfect security, key reuse destroys this. Cryptanalysis on the $N$-Time Pad for $N > 1$ involves finding patterns in the ciphertext; this, however, all seems…
mfsiega
  • 363
  • 2
  • 7
17
votes
5 answers

Is a PRG more costly than AES or any other encryption standard?

I know that there are many encryption standards that take a key and sometimes an IV to produce a cipher-text (the most prominent one is AES). These standards usually involve many rounds of addition and multiplication. However, using an OTP is much…
Ninja Bug
  • 319
  • 2
  • 7
17
votes
12 answers

Are one-time pads crackable in theory?

I've been taught that one-time pads are the only perfect encryption since the only way to recover the message is by knowing the key. For example, for a target bitstring of 100 bits, I cannot scan all bitstrings of 100 bits and XOR each with the…
yters
  • 429
  • 1
  • 3
  • 9
14
votes
2 answers

Can one claim that AES has perfect secrecy for a key size and message size of 128 bits?

While looking at this question I discovered the following here (question 5), and wanted to ask it as a separate question. Alice knows that she will want to send a single 128-bit message to Bob at some point in the future. To prepare, Alice and…
daniel
  • 912
  • 5
  • 15
13
votes
3 answers

One time pad: why is it useless in practice?

The symmetric cryptosystem one-time pad (OTP) seems to be very beautiful since it is perfectly secret according to Shannon. Many books, however, point out the main drawback: one must create a secret key the same length as the plaintext. For this…
Dubious
  • 273
  • 1
  • 2
  • 6
1
2 3
28 29