One-Time Pad
- Posted: 12/5/12
- Category: Miscellaneous Tutorial
- Topics: Cryptography
Introduction
A one-time pad is one of the best ways of making truly secret messages. Created and used correctly, it can be mathematically proven that it cannot be broken. While anyone looking at the ciphertext might easily guess it is a secret message, figuring out exactly what the cleartext says is truly impossible.
There is a brief but excellent introductory video at YouTube that was created by Khan Academy.
History
The concept of the one-time pad was first described in 1882. It was apparently forgotten until re-invented in 1917 for use during the final year of World War I. Since then it has been used a great many times. Most books on cryptanalysis describe one-time pads in great detail and many spy novels refer to them. Wikipedia also has a complete description with many historical details.
And while the NSA builds complexes of massively parallel computing systems to break contemporary cipher systems to get the edge on would-be terrorist organizations, one-time pads remain immune to all such efforts.
How It Works
Here’s how it works – the process begins in the lower-right corner.
Random Numbers
First, someone creates a table of random numbers. Those random numbers and keeping them secret from outsiders are the critical elements in this technique. Everything else is mundane drudgery.
To be practical and since we might want to send more than one message, lots of tables on lots of pages must be created with every table unique and completely random. Those pages are then assembled into a pad where each page is used once and then discarded.
Hence the name, one-time pad.
That pad is then copied and secretly given to the person that will be sending the secret messages, in our case that would be the “SPY” on the left in the above sketch. That person must, of course, keep the pad’s contents secret at all times. Indeed, being caught with such a pad in your possession could get you shot as a spy in war time.
There are some excellent pictures of actual one-time pads here at this link.
Applying the Pad (Once Only!)
But how does it work in actual practice?
Ok, let’s say our spy wants to send the message, “Now is the time”, to Central decoding.
Encryption
Here’s the one-time pad we will use for this message (it’s the one from the sketch above).
3 | 6 | 9 | 34 | 27 |
9 | 19 | 35 | 11 | 28 |
28 | 18 | 8 | 14 | 23 |
30 | 20 | 19 | 26 | 6 |
31 | 2 | 33 | 18 | 30 |
Notice that the first number in this table is 3 and the first letter of the message is “N”. If we advance 3 letters starting at “N”, we get “Q”. “Q” is the ciphertext for “N” using the first number from the one-time pad.
While some might be able to do the entire encryption process using only their fingers, two paper strips make it a lot easier.
Using the paper strips to encrypt “N”, line up the ^ mark on the lower strip with “N” and then opposite 3, you’ll see “Q”. As we said, that’s the first letter of the cipher (secret) text.
Then, line up the ^ with the second letter (“o”) and use the second number from the one-time pad, 6. The cipher text for “o” is “U”.
The third clear text letter “w” becomes “5” (using the third number from the pad, 9).
Thus, the clear text “Now” becomes “QU5” in cipher text.
Cipher text omits blanks and groups the message five characters at a time adding extra “garbage characters” to the end to round out the last group of five.
Here is the complete cipher text for this message: QU5GL 20D4A EWZ3A
Once the message is encrypted, the sender would destroy the one-time pad just used.
That cipher text could then be communicated to the other party without fear of it being decoded by anyone who might intercept it.
Decryption
When the message is received, it is decrypted using the receiver’s copy of the same one-time pad. But this time instead of going to the right for each letter, we go to the left. (Turn the number strip around so it is upside-down and place it above the letters.)
Again, line up the ^ with the first letter of the cipher text, “Q”, and use the first number from the one-time pad, 3, to back-up to the clear text letter “N”.
Repeating the process, “U” becomes “O”, “5” is “W” and so forth.
The decrypted text (with the garbage characters) is: NOWIS THETI MERPM
It is then pretty easy to see “Now is the time” as the message and dismiss “RPM” as “garbage characters”.
Critical Practices
To be completely unbreakable, the one-time pad process has some important requirements.
- The numbers in the one-time pad must be completely random.
- The one-time pads must be kept secret.
- As noted, each number may be used once. Never a second time no matter what.
- Once used, that page of one-time numbers is destroyed even if all numbers are not used up.
- Each message begins with a new page from the one-time pad.
- Each of the random numbers must be between 0 and the range of characters to be encrypted. That is, since there are 26 letters in the English alphabet, if we are to send only letters, each random number must be between 0 and 25. If we wish to include digits as well, then each random number must be from 0 to 35. Punctuation could be added as well but can usually be inferred from the clear text – it usually is not needed.
Making Random Numbers
The tricky part is the random numbers. Making them is difficult and time-consuming.
Computers are not good for this because most computer-generated random numbers really aren’t random. They are pseudo-random because the computer uses a mathematical process that, given enough samples, the sequence becomes predictable.
In one-armed bandits and other computerized gambling machines in casinos, the most carefully guarded secret is the random number generator. If someone can guess what the slot machine’s random number is going to come up with, they would know whether to wager a lot or a little. Slot machine manufacturers guard those algorithms extremely carefully.
Here’s a bullet-proof process, pun intended, using something I had handy, some empty 45 ACP shells.
Take 36 objects – shells in my case but ping pong balls would work well too – and number them from 0 through 35.
Put them in a box and shake so everything gets all jumbled up.
Close your eyes and take out one. Note the number. That’s your first random number.
Put that item back into the bin. Then shake it up again and draw again. That’s the second random number.
Each time, all 36 values are possible. If you shake the box well and don’t look before drawing, you will have a truly random sequence of numbers, each one with equal probability of being any number between 0 and 35.
Continue until you have the quantity of random numbers desired.
As you can see, this is a time-consuming – and in my case, noisy – process but since the randomness is the essential element, the repeated jumbling and blind-drawing of each number is essential. That’s what makes the sequence of numbers truly random. Any shortcuts would result in a flawed, not completely random and, therefore, breakable result.
The ping pong ball machine used in some state lottery drawings is also supposed to be 100% random.
Secret Message
Here is a table of 100 random numbers I made using this process.
28 | 1 | 17 | 1 | 12 | 31 | 30 | 13 | 9 | 6 |
34 | 11 | 12 | 2 | 7 | 2 | 2 | 7 | 26 | 14 |
20 | 22 | 35 | 7 | 4 | 33 | 4 | 19 | 16 | 3 |
16 | 25 | 7 | 19 | 6 | 18 | 20 | 1 | 23 | 3 |
14 | 11 | 6 | 9 | 30 | 16 | 21 | 12 | ||
2 | 2 | 26 | 31 | 23 | 27 | 34 | 21 | 6 | 6 |
5 | 17 | 16 | 14 | 9 | 14 | 34 | 12 | 7 | 14 |
5 | 10 | 8 | 5 | 21 | 1 | 33 | 6 | 21 | 11 |
29 | 18 | 30 | 10 | 16 | 33 | 4 | 20 | 9 | 17 |
28 | 5 | 8 | 33 | 12 | 20 | 17 | 19 | 3 |
And here is a message for you to decrypt using this one-time pad: 5SZOW JPNUZ RYQGC
Happy decoding!