One-Time Pad

One-Time Pads

In this work I have implemented the simple one-time pad encryption technique in Python using the XOR operator for both encryption and decryption.

The one-time pad is an encryption technique that has been recognized as impossible to break, if the given key is completely random.

In Gilbert Vernam, of AT&T Corporation, patented the system in 1919, two years after of the reinvention (Frank Miller had already described the OTP in 1882).

Joseph Mauborgne helped to improve the technique establishing that the message could be impossible to break if the key were truly random.

After that and others improves, the actual OTP have the next characteristics:

• Each letter used in the alphabet A has assigned a numerical value, e.g., “A” could be 0 and “B” could be 1.
• The message is encrypted using addition in modulo n = |A|.
• The message is decrypted by subtracting in modulo n = |A|.
• Both the sender and the receiver have the same key.
• The used keys must be destroyed.

The One-Time Pad system has a property called perfect secrecy. Someone can intercept the cipher text, but it will never give some additional information about the message. Although the spy can see the cipher text and decrypt it by brute force it could be seriously hard to get the message, because applying the brute force yields all the possible texts and all could be the actual message. Nevertheless, the OTP system is not widely used due to problems while saving the two copies of the keys.

Our work

We used the XOR operator instead of the addition and the subtraction in the encryption and decryption phases respectively.

First of all, I used a standard random number generator to create all the keys. I wrote the keys in the AliceKey.txt file and then I copied the file to BobKey.txt. The pads are created in the next function.

The encrypting and decrypting come in the next subroutine. As you can see, this function receives the name of the sender, or receiver, and then opens the file where the key must be written. I had to use seek() to change the position in the file in order to read the key correctly and replace it with the character “ ” to destroy it.

The string cipher is the cipher text if the function is called to encrypt and it is the message if the function is called to decrypt.

The XOR operator is applied for every character in the message using its value in the ASCII Table with every character in the key. The i % keySize is used for the reutilization of the characters in the key when the message has a bigger length. Then the resulting character and cipher are concatenated.

You can get all the code from:

Código completo en Github

Now the code in action

You can run the script giving the two parameters (number of keys, size of the keys).

 

  

You can also run the script without giving the parameters, it will ask for them later.

  

Then the prompt will ask for the sender, Alice or Bob. You will have to enter a message for each key.

 

In this example, I entered the same plain text four times “hi alice”, the sender was Bob and the receiver was Alice. For each time I sent the message I got different cipher texts (sometimes it has some unprintable characters due to '\' or ASCII values under 32), because the key was different for each message.

Concluding about this “impossible to break” technique, the information security will always be safe while you guarantee the correct use and the true randomness of the keys.

It is easy to encrypt and decrypt messages applying the OTP, the problems will be the storage and the distribution of the copies of the keys.

References

 Schneier, Bruce. Applied Cryptography, John Wiley &  Sons, 1994.