Skip to main content
[ "article:topic", "showtoc:no", "license:ccbync", "Vernam\u2019s cipher", "authorname:mrosulek", "one-time pad" ]
Engineering LibreTexts

1.2: One-Time Pad

  • Page ID
  • Now with a clear definition of encryption syntax, we can give the specifics of one-time pad (OTP)encryption. The idea of one-time pad had historically been attributed to Gilbert Vernam, a telegraph engineer who patented the scheme in 1919. In fact, one-time pad is sometimes called “Vernam’s cipher.” However, an earlier description of one-time pad was recently discovered in an 1882 text on telegraph encryption by banker Frank Miller.

    Construction \(\PageIndex{1}\) : One-Time Pad:

    \[K={\{0,1\}}^{\lambda}\space\space\space\space\space \underline{\text{KeyGen:}}\space\space\space\space\space \underline{\text{Enc(}k,m):}\space\space\space\space\space \underline{\text{Dec(}k,c):}\\M={\{0,1\}}^{\lambda}\space\space\space\space\space \space k\leftarrow K\space\space\space\space\space\space\text{return}\space k\oplus m \space\space\space\space\space\space \text{return}k\oplus c\nonumber \]                                                                                                                                              \(C={\{0,1\}}^{\lambda}\space\space\space\space\space \space \text{return}\space k\)

    Here are a few observations about one-time pad to keep in mind:

    • Enc and Dec are essentially the same algorithm. This results in some small level of convenience when implementing one-time pad.
    • One-time pad keys, plaintexts, and ciphertexts are all the same length. The encryption schemes we will see later in the course will not have this property.
    • Although our encryption syntax allows the Enc algorithm to be randomized, one-time pad does not take advantage of this possibility and has a deterministic Enc algorithm.
    • According to this definition, one-time pad keys must be chosen uniformly from the set of λ-bit strings.

    The correctness property of one-time pad follows from the properties of XOR listed in Section 0. For all \(k, m\in\{0,1\}^{\lambda}\), we have:

    \[\text{Dec(}k, \text{Enc(}k,m))=\text{Dec}(k, k\oplus m)\\\space\space\space \space\space\space\space\space\space\space\space\space\space\space\space \space\space\space\space\space\space \space\space\space\space\space\space =k\oplus(k\oplus m)\\\space\space\space\space\space\space\space\space\space\space\space\space \space\space\space\space\space\space\space\space\space\space\space\space  =(k\oplus k)\oplus m\\\space\space\space\space\space\space \space\space\space\space\space\space\space\space\space\space\space\space =0^{\lambda}\oplus m\\\space\space\space\space\space\space \space\space\space\space  =m\nonumber\]

    Example \(\PageIndex{1}\):

    Consider using OTP encryption to encrypt the 20-bit plaintext m under the 20-bit key \(k\) givenbelow:

    Screen Shot 2019-02-11 at 10.55.43 PM.png

    The result is ciphertext \(c\). Decrypting \(c\) using the same key \(k\) results in the original \(m\):

    Screen Shot 2019-02-11 at 10.55.51 PM.png


    1. Steven M. Bellovin: “Frank Miller: Inventor of the One-Time Pad.” Cryptologia 35 (3), 2011.