When you hear OTP, the first thing that comes to mind is most likely the authentication mechanism that uses a temporary, single-use code to verify a user’s identity as part of a two-factor security mechanism. However, before that was the “OG” OTP (One-time Pad) an information-theoretic encryption technique first described by Frank Miller in 1882. The OTP remains the only encryption system mathematically proven to be unbreakable. One-time Pad The process involves combining a plain text message with a secret key, known as the "pad". Each character of the plain text is combined with its corresponding character from the pad using modular addition. For decryption, the receiver uses an identical copy of the secret pad to reverse the process. Since the pad is random and is used only once, the resulting ciphertext appears as a completely random sequence of characters. This lack of statistical relationship to the original message makes cryptanalysis impossible as long as the following conditions are met: True Randomness: The secret must be genuinely and unpredictably random. Length Matching: The secret must be exactly the same length as the plaintext message it is encrypting. Strict Confidentiality: The secret must be kept absolutely confidential by both the sending and receiving parties. Non-Reusability: The secret must never, under any circumstances, be reused for another message. True Randomness: The secret must be genuinely and unpredictably random. True Randomness Length Matching: The secret must be exactly the same length as the plaintext message it is encrypting. Length Matching Strict Confidentiality: The secret must be kept absolutely confidential by both the sending and receiving parties. Strict Confidentiality Non-Reusability: The secret must never, under any circumstances, be reused for another message. Non-Reusability For increased security, physical OTP’s were sometimes printed on flammable sheets, allowing them to be easily destroyed immediately after use. Digital versions of OTP have since been developed and utilized in highly sensitive communications in diplomatic, military, and other confidential sectors. How it works To illustrate the concept, consider a practical scenario: an IDF covert agent needs to secretly transmit the name of a double agent, "Klaus," to their handler. Generally, each letter is assigned a numerical value as denoted in the table below: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z A A B B C C D D E E F F G G H H I I J J K K L L M M N N O O P P Q Q R R S S T T U U V V W W X X Y Y Z Z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 0 0 0 1 1 1 2 2 2 3 3 3 4 4 4 5 5 5 6 6 6 7 7 7 8 8 8 9 9 9 10 10 10 11 11 11 12 12 12 13 13 13 14 14 14 15 15 15 16 16 16 17 17 17 18 18 18 19 19 19 20 20 20 21 21 21 22 22 22 23 23 23 24 24 24 25 25 25 Encryption involves a simple process: Conversion: The plaintext (e.g., "Klaus") is converted into its corresponding numerical value. The secret key is also converted to its numerical equivalent. Modular Addition: A modular addition (modulo 26) is performed on both numerical values. Final Conversion: The resulting number is converted back into an alphabetical term to produce the ciphertext (the encrypted message). Conversion: The plaintext (e.g., "Klaus") is converted into its corresponding numerical value. The secret key is also converted to its numerical equivalent. Conversion Modular Addition: A modular addition (modulo 26) is performed on both numerical values. Modular Addition Final Conversion: The resulting number is converted back into an alphabetical term to produce the ciphertext (the encrypted message). Final Conversion Let’s get into it! Encryption Message: KLAUS, Secret: TPGHY Message: Secret: Converting the message to its corresponding numerical value, we have; K L A U S 10 11 0 20 18 K L A U S 10 11 0 20 18 K L A U S K K L L A A U U S S 10 11 0 20 18 10 10 11 11 0 0 20 20 18 18 Converting the secret to its corresponding numerical value, we have; T P G H Y 19 15 6 7 24 T P G H Y 19 15 6 7 24 T P G H Y T T P P G G H H Y Y 19 15 6 7 24 19 19 15 15 6 6 7 7 24 24 Message + secret Message 10 11 0 20 18 Secret 19 15 6 7 24 Message + Secret 29 26 6 27 42 Message 10 11 0 20 18 Secret 19 15 6 7 24 Message + Secret 29 26 6 27 42 Message 10 11 0 20 18 Message Message Message 10 10 10 11 11 11 0 0 0 20 20 20 18 18 18 Secret 19 15 6 7 24 Secret Secret 19 19 15 15 6 6 7 7 24 24 Message + Secret 29 26 6 27 42 Message + Secret Message + Secret Message + Secret 29 29 29 26 26 26 6 6 6 27 27 27 42 42 42 For the MOD operation, if a number is greater than 25, 26 is subtracted from the number and the result is taken. MOD 26 of the Message + Secret; gives us 3 0 6 1 16 3 0 6 1 16 3 0 6 1 16 3 3 3 0 0 0 6 6 6 1 1 1 16 16 16 Converting the MOD 26 result to cipher-text: 3 0 6 1 16 D A G B Q 3 0 6 1 16 D A G B Q 3 0 6 1 16 3 3 3 0 0 0 6 6 6 1 1 1 16 16 16 D A G B Q D D D A A A G G G B B B Q Q Q The Cipher-text: DAGBQ is then transmitted to the handler. The handler utilizes the corresponding key and reverses the original process to recover the plain text. Decryption Now, the handler is in possession of the cipher-text DAGBQ and the secret TPGHY. The first step will be to convert both the cipher-text and secret to their corresponding numerical values. DAGBQ TPGHY D A G B Q 3 0 6 1 16 D A G B Q 3 0 6 1 16 D A G B Q D D A A G G B B Q Q 3 0 6 1 16 3 3 0 0 6 6 1 1 16 16 T P G H Y 19 15 6 7 24 T P G H Y 19 15 6 7 24 T P G H Y T T P P G G H H Y Y 19 15 6 7 24 19 19 15 15 6 6 7 7 24 24 Ciphertext - Secret Ciphertext 3 0 6 1 16 Secret 19 15 6 7 24 Ciphertext - Secret -16 -15 0 -6 -8 Ciphertext 3 0 6 1 16 Secret 19 15 6 7 24 Ciphertext - Secret -16 -15 0 -6 -8 Ciphertext 3 0 6 1 16 Ciphertext Ciphertext Ciphertext 3 3 3 0 0 0 6 6 6 1 1 1 16 16 16 Secret 19 15 6 7 24 Secret Secret 19 19 15 15 6 6 7 7 24 24 Ciphertext - Secret -16 -15 0 -6 -8 Ciphertext - Secret Ciphertext - Secret Ciphertext - Secret -16 -16 -16 -15 -15 -15 0 0 0 -6 -6 -6 -8 -8 -8 Similar to the MOD operation in the encryption phase, when the subtraction yields a negative number, 26 is added to it. MOD 26 of the Cipher-text - Secret results in: 10 11 0 20 18 10 11 0 20 18 10 11 0 20 18 10 10 10 11 11 11 0 0 0 20 20 20 18 18 18 Converting the result to alphabets using the original table, we have; 10 11 0 20 18 K L A U S 10 11 0 20 18 K L A U S 10 11 0 20 18 10 10 11 11 0 0 20 20 18 18 K L A U S K K L L A A U U S S The handler has now reconstructed the original message in plain text. They then proceed to destroy the secret in order to prevent the information from falling into the wrong hands or reusing the keys. Cryptanalysis Intercepting the encrypted message "DAGBQ" would not compromise the original content without the correct decryption key. Lacking the key, any attempt to decode the message would yield multiple plausible but incorrect results, for instance, by using a secret such as "WALNO." Ciphertext D (3) A (0) G (6) B (1) Q (16) INCORRECT SECRET W (22) A (0) L (11) N (13) O (14) Ciphertext - Incorrect Secret -19 0 -5 -12 2 MOD 26 7 0 21 14 2 Result H A V O C Ciphertext D (3) A (0) G (6) B (1) Q (16) INCORRECT SECRET W (22) A (0) L (11) N (13) O (14) Ciphertext - Incorrect Secret -19 0 -5 -12 2 MOD 26 7 0 21 14 2 Result H A V O C Ciphertext D (3) A (0) G (6) B (1) Q (16) Ciphertext Ciphertext Ciphertext D (3) D (3) D (3) A (0) A (0) A (0) G (6) G (6) G (6) B (1) B (1) B (1) Q (16) Q (16) Q (16) INCORRECT SECRET W (22) A (0) L (11) N (13) O (14) INCORRECT SECRET INCORRECT SECRET W (22) W (22) A (0) A (0) L (11) L (11) N (13) N (13) O (14) O (14) Ciphertext - Incorrect Secret -19 0 -5 -12 2 Ciphertext - Incorrect Secret Ciphertext - Incorrect Secret -19 -19 0 0 -5 -5 -12 -12 2 2 MOD 26 7 0 21 14 2 MOD 26 MOD 26 7 7 0 0 21 21 14 14 2 2 Result H A V O C Result Result Result H H H A A A V V V O O O C C C The resulting plaintext, HAVOC, is certainly a plausible word. However, any other five-letter word is also possible, as it can be achieved by testing every combination of characters. Reusing a cryptographic key allows an interceptor to cross-reference and decrypt cipher-texts to find the correct result. Hence, every secret key must be random and unique Practical Challenges Although theoretically perfect, the widespread adoption of One-Time Pads (OTPs) is limited by several practical challenges: Key Distribution: Securely sharing a key as long as the message itself is a major logistical challenge. If you can securely transmit a key that size, you might as well send the message through the same secure channel. Key Management: Generating, managing, and securely destroying vast amounts of truly random key material is difficult in practice. Verification: A basic one-time pad provides confidentiality but no integrity or verification, meaning an attacker could alter the cipher-text in transit without the recipient knowing. Key Distribution: Securely sharing a key as long as the message itself is a major logistical challenge. If you can securely transmit a key that size, you might as well send the message through the same secure channel. Key Distribution Key Management: Generating, managing, and securely destroying vast amounts of truly random key material is difficult in practice. Key Management: Verification: A basic one-time pad provides confidentiality but no integrity or verification, meaning an attacker could alter the cipher-text in transit without the recipient knowing. Verification: Conclusion Despite significant practical challenges, the offer of perfect secrecy still makes OTPs a very viable tool for secure communication. OTPs are also excellent for teaching cryptography and are valuable in scenarios where computer access is unavailable. Additionally, several web applications are available for practicing OTP encryption and decryption. I hope this has been informative. See you in the next one!
