One-Time-Pad

cryptography

Definition

One-Time-Pad

The One-Time-Pad is a symmetric encryption scheme that provides perfect secrecy.

Plaintexts, ciphertexts, and keys are bitstrings of equal length; the key is randomly generated and used exactly once. Encryption and decryption are performed via bitwise XOR:

$$\mathsf{Enc}(k,m)=m\oplus k\mathsf{Dec}(k,c)=c\oplus k$$

Correctness

$$\mathsf{Dec}(k,\mathsf{Enc}(k,m))=(m\oplus k)\oplus k=m\oplus 0=m$$

Perfect Secrecy

$$\mathrm{Pr}[M=m\mid C=c]=\mathrm{Pr}[M=m]$$

The proof relies on the fact that for any observed ciphertext $c$, every plaintext $m$ is equally likely: there exists exactly one key $k=m\oplus c$ that produces $c$ from $m$, and since $K$ is uniformly distributed and independent of $M$, this holds with probability $\mathrm{Pr}[K=k]=\mathrm{Pr}[K=m\oplus c]$.

Problems

Key Requirements

• True randomness of the key is difficult to achieve
• Key storage requires as much space as the ciphertext itself
• Key must be communicated securely to the receiver and used only once

Key Reuse

If two messages $m_1$ and $m_2$ are encrypted with the same key $k$, then $c_1\oplus c_2=m_1\oplus m_2$. If both plaintexts are in a natural language, they can typically be recovered using heuristics. If one plaintext is known to the attacker, the other is easily computed: $m_2=c_2\oplus c_1\oplus m_1$.

No Integrity

Changes to the ciphertext are directly reflected in the plaintext. An attacker who knows part of the plaintext can flip the corresponding bits in the ciphertext to produce a targeted modification.