In the most general sense, the XOR function can be perceived as a Boolean function that detects inequality. For two inputs, XOR returns True (1) if the two inputs are different from each other and it returns False (0) if the two inputs are similar to each other. In a more technical language, it can be called a ‘sum modulo 2’ function and is famously used for binary addition operations.
Its truth table in the case of 2 inputs is as shown below.
So how exactly is this XOR function useful for cryptography? Basically, the answer to this question comes down to its two most important features as discussed below.
What does ‘exposing information about the plaintext’ really mean? Do other Boolean functions do it? Let’s discuss this.
It is clear from the truth table of AND ( & ) operation that the output bit is '1' if and only if both the input bits are '1'. So, if we ANDed our plaintext and our key to get the encrypted text, we'd know the positions in the original plaintext occupied by '1' just by observing the encrypted bits. So, there is a clear exposure of information about the plaintext here.
Similarly, if we observe the truth table for the OR ( | ) operation, we can deduce that the output is '0' if and only if both the input bits are '0'. So if we ORed plaintext and key to generate our encrypted text, the positions of the '0' bits in the encrypted text give a crystal clear hint that the original plaintext too has ‘0’ in those positions. Hence, we can all agree that OR is also guilty for exposure of the information about the plaintext.
And, unlike the leaky AND and OR operations, XOR is fairly safe as it doesn’t expose information about the original plaintext. Knowing the positions of ‘0’ and ‘1’ bits in the encrypted text won’t give us a single hint for identifying the original plaintext. So kudos to XOR!
Basically, XOR is an involutory function I.e. it is its own inverse. In simpler words, if we apply XOR twice, we get the original character back.
It can be expressed in a mathematical relation as:
(A ⊕ B )⊕ B = A
If we XORed plaintext and key to obtain the encrypted text, we can obtain the original plaintext by XORing the encrypted text with the key again. Hence, it is a really effective tool in encryption and decryption, which is ultimately the essence of cryptography.
Still, it’s to be noted that the XOR cipher is hardly used in production due to the fact that the key has to be of the same length as the plaintext which is fairly impractical. However, XOR is hugely implemented as a fundamental operation in the Block Ciphers such as DES and AES.
Long live XOR!