One Time Pad In Cryptography Computer Science Essay

Published: Last Edited:

This essay has been submitted by a student. This is not an example of the work written by our professional essay writers.

Today's networks are seriously threatened by network attacks. As the usage of the internet and sharing information nowadays increased, it also attracts some of unfaithful users that will usually give bad effect to us. Besides, the rapid improvement of attacking technologies powered by profits, there are three reasons that cause the present serious status of network security, including internet itself having a weak basis, the current security technologies having respective drawbacks and limitations and the dilemma between security performance and according cost as we know high security performance will cause the high cost. By considering that problems, we try to put secure One-time Pad scheme with random key generation approach. One well known realization of perfect secrecy is the One-time Pad, which was first described by Gillbert Vernam in 1917 for use in automatic encryption and decryption of telegraph messages. It is interesting that the One-time Pad was thought for many years to be an "unbreakable" cryptosystem, but there was no mathematical proof of this until Claude Shannon developed the concept of perfect secrecy over 30 year later. His result was published in the Bell Labs Technical Journal in 1949. Properly used one-time pads are secure in this sense even against adversaries with infinite computational power.

What is One-Time Pad

In cryptography, the one-time pad (OTP) is a type of encryption, which has been proven to be impossible to crack if used correctly. Each bit or character from the plaintext is encrypted by a modular addition with a bit or character from a secret random key (or pad) of the same length as the plaintext, resulting in a ciphertext. If the key is truly random, as large as the plaintext, never reused in whole or part, and kept secret, the ciphertext will be impossible to decrypt or break without knowing the key. It has also been proven that any cipher with the perfect secrecy property must use keys with effectively the same requirements as OTP keys. However, practical problems have prevented one-time pads from being widely used.

If we notice, one-time pad looks similar with Vernam cipher. It is because one-time pad is derived from Vernam cipher, named after Gilbert Vernam, one of its inventors.

Vernam's system was a cipher that combined a message with a key read from a paper tape loop. In its original form, Vernam's system was not unbreakable because the key could be reused. One-time use came a little later when Joseph Mauborgne recognized that if the key tape were totally random, cryptanalytic difficulty would be increased.

The "pad" part of the name comes from early implementations where the key material was distributed as a pad of paper, so the top sheet could be easily torn off and destroyed after use. For easy concealment, the pad was sometimes reduced to such a small size that a powerful magnifying glass was required to use it. Photos accessible on the Internet show captured KGB pads that fit in the palm of one's hand, or in a walnut shell. To increase security, one-time pads were sometimes printed onto sheets of highly flammable nitrocellulose.

There is some ambiguity to the term due to the fact that some authors use the terms "Vernam cipher" and "one-time pad" synonymously, while others refer to any additive stream cipher as a "Vernam cipher", including those based on a cryptographically secure pseudorandom number generator (CSPRNG).

One-time Pad encryption algorithm

C i = E(P i ,K i) for I= 1,2,3,……n

Where : E = the encryption parameter

P I= the character of the plaintext

Ki = the bytes of the key used for massage

C i =the character of the cipher text

n = length of the key stream.

Both the encryption parameter and Key stream must be kept secret. For practical application, the key used for one-time pad cipher is a string of random bits, usually generated by a Cryptographically Strong Pseudo-Random Number Generator. However for ultimate security, it is suggested to generate the key by using the natural randomness of quantum mechanical events, since quantum events are believed scientifically to be the only source of truly random information in the universe. If the key is truly random an XOR operation based one-time pad encryption scheme is perfectly secure against cipher text-only cryptanalysis.

We come to the point that if the hackers do not know the sender or receiver key, then the one-time pad encryption scheme is 100 % secure. We can only talk about one-time pad if four important rules are followed. If these rules are applied correctly, the one-time pad can be proven to be unbreakable. However, if only one of these rules is disregarded, the cipher is no longer unbreakable. The first rule is the key is as long as the plaintext. Second rule is the key is truly random which is not generated by simple computer. Then there should only be two copies of the key which is one for sender and one for the receiver. Lastly, the keys used only once, and both sender and receiver must destroyed their key after use it.

Cryptosystem for One-time Pad

Let n _1 be an integer and take Þ =e = k = (Z2)n .

For K _ (Z2)n , define eK (x) to be the vector sum modulo 2 of K and x ( or equivalently , the exclusive -or of the two associated bit strings ) So, If x=(x1….xn) and K=(K1…..Kn) then

eK (x)= (x1 +K1….. ,xn + Kn) mod 2.

Decryption is identical to encryption.

If y=(y1….yn) , then , dK (y)= (y1 +K1….. ,yn + Kn) mod 2 [3]

Vernam patented his idea in the hope that it would have widespread commercial use but due to unconditionally secure cryptosystem like One-time Pad, the amount of key that must be communicated securely is at least as large as the amount of plaintext. The one-time pad is vulnerable to a known-plaintext attack. If the key is used once for every plaintext, it creates the severe key management.

From the above experiment, it is easily seen that the One-time Pad provides perfect secrecy and not breakable because of the two facts, encryption key which is random number and the key is used once only. The system is also more attractive because of easily encryption and decryption. One-time Pad has been employed where unconditional security may be of great importance includes military and diplomatic context. It should be clear that the One-time Pad is discarded after a one time use, so this technique is highly secure and suitable for small message only and impractical for large message.

Problem in One Time Pad

Despite Claude Shannon's proof of its security, the One-time Pad has serious drawbacks in practices. Despite of this, One-time Pad is widely used as mentioned in definition of One-time Pad (refer page 2). First, it requires perfectly random One-time Pad. Secondly, based on secure generation and exchange of the one-time pad material, which must be at least as long as the message (The security of the One-time Pad is only as secure as the security of the One-time Pad key-exchange). Then, it has to make careful treatment to make sure that it continues to remain secret any adversary, and is disposed of correctly preventing any reuse in whole or part-hence "one time".

The theoretical perfect security of the One-time Pad applies only in a theoretically perfect setting which is no real-world implementation of any cryptosystem can provide perfect security because practical considerations introduce potential vulnerabilities. These practical considerations of security and convenience have meant that the One-time Pad is, in practice, little-used. Implementation difficulties have led to One-time Pad systems being broken, and are so serious that they have prevented the One-time Pad from being adopted as a widespread tool in information security.

Key Distribution

As the pad must be passed and kept secure, the pad has to be at least as long as the message. However, once a very long pad has been securely sent (e.g., a computer disk full of random data), it can be used for numerous future messages, until the sum of their sizes equals the size of the pad.

Distributing very long one-time pad keys is inconvenient and usually poses a significant security risk. The pad is essentially the encryption key, but unlike keys for modern ciphers, it must be extremely long and is much too difficult for humans to remember. Storage media such as thumb drives, DVD-Rs or personal digital audio players can be used to carry a very large one-time-pad from place to place in a non-suspicious way, but even so the need to transport the pad physically is a burden compared to the key negotiation protocols of a modern public-key cryptosystem, and such media cannot reliably be erased securely by any means short of physical destruction (eg, incineration). A 4.7 GB DVD-R full of one-time-pad data, if shredded into particles 1 mm² in size, leaves over 100 kibibits of (admittedly hard to recover, but not impossibly so) data on each particle. In addition, the risk of compromise during transit (for example, a pickpocket swiping, copying and replacing the pad) is likely much greater in practice than the likelihood of compromise for a cipher such as AES. Finally, the effort needed to manage one-time pad key material scales very badly for large networks of communicants-the number of pads required goes up as the square of the number of users freely exchanging messages. For communication between only two persons, or a star network topology, this is less of a problem.

True randomness

High-quality random numbers are difficult to generate. The random number generation functions in most programming language libraries are not suitable for cryptographic use. Even those generators that is suitable for normal cryptographic use, including /dev/random and many hardware random number generators, make some use of cryptographic functions whose security is unproven.

In particular, one-time use is absolutely necessary. If a one-time pad is used just twice, simple mathematical operations can reduce it to a running key cipher. If both plaintexts are in a natural language (e.g. English or Russian or Irish) then, even though both are secret, each stands a very high chance of being recovered by heuristic cryptanalysis, with possibly a few ambiguities. Of course the longer message can only be broken for the portion that overlaps the shorter message, plus perhaps a little more by completing a word or phrase. The most famous exploit of this vulnerability is the VENONA project.

Making One-time Pad by Hand

One-time pads were originally made without the use of a computer and this is still possible today. The process can be tedious, but if done correctly and the pad used only once, the result is unbreakable.

There are two components needed to make a one-time pad which is a way to generate letters at random and a way to record two copies of the result. The traditional way to do the latter was to use a typewriter and carbon paper. The carbon paper and typewriter ribbon would then be destroyed since it may be possible for the pad data to be recovered from them. As typewriters have become scarce, it is also acceptable to hand write the letters neatly in groups of five on two part carbonless copy paper sheets, which can be purchased at office supply stores. Each sheet should be given a serial number or some other unique marking.

The simplest way to generate random letters is to obtain 26 identical objects with each letter of the alphabet marked on one object. Tiles from the game Scrabble can be used (as long as only one of each letter is selected). Kits for making name charm bracelets are another possibility. One can also write the letters on 26 otherwise identical coins with a marking pen. The objects are placed in a box or cup and shaken vigorously, then one object is withdrawn and its letter is recorded. The object is returned to the box and the process is repeated.

There is another way to make One-time Pad that is by using dice. We can generate random number groups by rolling 4 or 5 ten-sided dice at a time and recording the numbers for each roll. This method will generate random code groups much faster than using Scrabble tiles. The resulting numeric One-time Pad is used to encrypt a plaintext message converted into numeric values with a straddling checkerboard using non-carrying addition. We can then either transmit the numeric groups as is, or use the straddling checkerboard to convert the numbers back into letters and transmit that result. Regular six-sided dice should not be used.


One-time Pad solves few current practical problems in cryptography. High quality ciphers are widely available and their security is not considered a major worry at present. Such ciphers are almost always easier to employ than One-time Pad; the amount of key material which must be properly generated and securely distributed is far smaller, and public key cryptography overcomes this problem.(refer in page 3).

We have to remember that the key material must be securely disposed of after use, to ensure the key material is never reused and to protect the messages sent. It can be more vulnerable to forensic recovery than the transient plaintext it protects. It is because the key material must be transported from one endpoint to another, and persists until the message is sent or received

This algorithm has a lot of scope to enhance the security by using combining the different approaches such as binary addition; multiplication and modular arithmetic function are also common instead of using ASCII. We have outlined a number of defense strategies, many of which demand much further research. The algorithm becomes more dynamic if we choose the above approaches randomly. In further research we would like to design the algorithm on modular arithmetic base with complements concepts.