1.2: One-Time Pad

Last updated
Save as PDF

Page ID: 7314

Contributed by Mike Rosulek
Associate Professor (Computer Science) at Oregon State University
Sourced from Open Oregon State

Now with a clear definition of encryption syntax, we can give the specifics of one-time pad (OTP)encryption. The idea of one-time pad had historically been attributed to Gilbert Vernam, a telegraph engineer who patented the scheme in 1919. In fact, one-time pad is sometimes called “Vernam’s cipher.” However, an earlier description of one-time pad was recently discovered in an 1882 text on telegraph encryption by banker Frank Miller.

Construction \(\PageIndex{1}\) : One-Time Pad:

\[K={\{0,1\}}^{\lambda}\space\space\space\space\space \underline{\text{KeyGen:}}\space\space\space\space\space \underline{\text{Enc(}k,m):}\space\space\space\space\space \underline{\text{Dec(}k,c):}\\M={\{0,1\}}^{\lambda}\space\space\space\space\space \space k\leftarrow K\space\space\space\space\space\space\text{return}\space k\oplus m \space\space\space\space\space\space \text{return}k\oplus c\nonumber \] \(C={\{0,1\}}^{\lambda}\space\space\space\space\space \space \text{return}\space k\)

Here are a few observations about one-time pad to keep in mind:

Enc and Dec are essentially the same algorithm. This results in some small level of convenience when implementing one-time pad.
One-time pad keys, plaintexts, and ciphertexts are all the same length. The encryption schemes we will see later in the course will not have this property.
Although our encryption syntax allows the Enc algorithm to be randomized, one-time pad does not take advantage of this possibility and has a deterministic Enc algorithm.
According to this definition, one-time pad keys must be chosen uniformly from the set of λ-bit strings.

The correctness property of one-time pad follows from the properties of XOR listed in Section 0. For all \(k, m\in\{0,1\}^{\lambda}\), we have:

\[\text{Dec(}k, \text{Enc(}k,m))=\text{Dec}(k, k\oplus m)\\\space\space\space \space\space\space\space\space\space\space\space\space\space\space\space \space\space\space\space\space\space \space\space\space\space\space\space =k\oplus(k\oplus m)\\\space\space\space\space\space\space\space\space\space\space\space\space \space\space\space\space\space\space\space\space\space\space\space\space =(k\oplus k)\oplus m\\\space\space\space\space\space\space \space\space\space\space\space\space\space\space\space\space\space\space =0^{\lambda}\oplus m\\\space\space\space\space\space\space \space\space\space\space =m\nonumber\]

Example \(\PageIndex{1}\):

Consider using OTP encryption to encrypt the 20-bit plaintext m under the 20-bit key \(k\) givenbelow:

Screen Shot 2019-02-11 at 10.55.43 PM.png

The result is ciphertext \(c\). Decrypting \(c\) using the same key \(k\) results in the original \(m\):

Screen Shot 2019-02-11 at 10.55.51 PM.png

References

1. Steven M. Bellovin: “Frank Miller: Inventor of the One-Time Pad.” Cryptologia 35 (3), 2011.