The One Time Pad
A system is perfectly secure or perfectly secret if knowing the cipher text gives no more information about the message that one would know without intercepting the encoded message at all, meaning, if P(M = m) = P(M = m | C = c) for any c ∈ C and any m ∈ M, regardless of what probability distribution is chosen on M. This is the same as stating that P(C = c) = P(C = c | M = m) for any c and m. - Claude Shannon (1949)
"A one-time pad isn't a cryptosystem: it's a state of mind."     - Marcus Ranum
"We cryptologists always assumed we have to deal with a superior opponent, who has billions available and is in the possession of technology, which others do not possess."
- Ruediger Weis Mathematician and Professor for Informatics at Berlin University
(We would like to thank Professor Ruediger Weis to permit us to use his quote.)
Three statements, with the first one giving us an inside into the view held by antagonists of the OTP and its past and the second one, showing the confusion about the current situation as far as the tools we use to protect our e-communication has risen. The third one a peek into the future (Or it is already here and we don't know yet?). The OTP is the only, in theory and mathematically, proven secure form of encryption which can not be broken using a brute-force attack or any other crytological tool available to cryptologists if the rules that apply for encrypting plaintext are observed. Since its conception about 100 years ago, it is one of the few things men have invented, designed and shaped that hasn't been undergone a makeover to improve on it. We are told that it would be impossible to do so without violating one of the rules which are required and handing it the nimbus of perfect secrecy. Let us take a look at these rules and try to figure out what the interpretation could mean.
1. The key must be truly random 2. The key must be as large as the plaintext (or larger) 3. The key can never be reused in whole or part 4. The key must be kept secret
The first observation we can make is that there is nothing in the contents of these four points that stipulates a second secure transmission for the key(s), which by some opponents of the OTP has been added to the list of requirements and being declared a dogma that can not be challenged. Our second observation is, that the argument often thrown into the discussion to discourage the use of the OTP, by stipulating the point that huge amounts of data (key material) would have to be transmitted (on DVD's, USB's or other devices), prior to sending a one-time pad cipher if a second transmission was to be avoided; during WWII and the Cold War between East and West that followed, intelligence agents during that time carried these pre-arranged keys with them to avoid the second secure transmission. Again, there is nothing in the papers Shannon wrote that would request this requirement, but what he wrote was:
It is shown that perfect secrecy is possible but requires, if the number of messages is finite, the same number of possible keys. If the message is thought to of as being constantly generated at a given "rate" R (to be defined later), key must be generated at the same or a greater rate.
There is no exclusion mentioned of a system that would permit sender and recipient to create and re-create the key for each exchange of a cipher, avoiding a second transmission; there is nothing mentioned which requires the creation of keys which prior to the cipher transmission need to be exchanged. A system that offers sender and recipient to re-create the key after a transmission and still abides by the four rules shown above is still using an OTP without the pitfalls introduced by experts. The rules are vague and permit antagonist of the OTP to insist that there is only one way the OTP can operate, but what do these four rules really tell us when we look at them and try to fathom their meaning? The first one - The key must be truly random - will be difficult to explain, since there is no universally accepted description what truly random means. The second one - The key must be as large as the plaintext - becomes a problem when we try to define what a key is by looking at the OTP and comparing it with a permutation cipher that only encrypts one character at a time. The third one - The key can never be reused in whole or part - begs the question what defines a part of a key in the OTP? Is it a single character; a sequence of characters? Even the fourth one - The key must be kept secret - depends on the interpretation of the person and how this person defines a secret.
The PDF file we have attached for readers to download deals with it in more detail and explaining a modus operandi that will permit the transmission of ciphers without the need to send with each transmission a key (or keys). Here we will turn to the next page and take a closer look at the key used in the OTP and a permutation cipher.
If you are new to the subject of cryptology we recommend reading an article written by Barry K. Shelton, which makes it easy for a novice to get to grip with the basics of cryptology. Barry is a patent lawyer and partner in an US law firm and has a special interest in encryption and data compression software. The article deals with the past and present of encryption technology and also points to the future of things to come. Easy to read and understand and very entertaining written.Quote: "An important concept in security is that virtually any security system can and will be compromised eventually; it simply takes time."
Thank you Barry, for permitting us to quote from your article and set a link to the website containing it.
Keith Martin is Professor at the Information Security Group, Royal Holloway in the UK. He wrote an article in the online publication The Conversation that deals with the future of data security at a time when quantum computers will appear on the scene.
Here too, thank you Keith, for permitting us to quote from your article and set a link to the website containing it.