## The One Time Pad: Ciphers & Codes Part I

The One Time Pad (OTP) is the only cipher that has been theoretically proven to be “unbreakable.” It has one other virtue as well: it is one of the easiest to use! For the benefit of anyone who either needs, or simply wants to know how to use, an unbreakable cipher I now present one of the simplest ways to use the world’s only “perfect” cipher:

#### How does it work?

There are many different ways OTP can be used, but here is the easiest:

• Write out the message you wish to encipher (in cryptography, this is called “plaintext”), running all the characters together, leaving out punctuation. You may use the word “stop” instead of a period if you really need to. Leave enough space so that you can write a two digit number under each character (e.g., if using graph paper, place one character every two spaces). Add some “X”s to even out the number of characters to some multiple of five.
• Underneath each character write a two digit number corresponding to the character (e.g., 1-26 for the alphabet, and 27-36 for numerals 0-9).
• Underneath these numbers, write a series of random digits that line up perfectly with the others. Draw a line under these three rows.
• Now add the columned pairs of numbers together in a special way: only write down the last digit of the sum (a method of arithmetic called “modular addition”). For example, 3+2=5, and so does 9+6=5 (it equals 15, but we’re only writing down the last digit, remember?). Write the sums in a long fourth row under the line.
• Break these up into groups of five, and send them. This is your encrypted message (called “cipher text”).

#### Can I see an example?

Sure:

S E C R E T M E S S A G E X X } Plaintext
190503180520130519190107052424 } Substituted numbers
568989532456788764347808753245 } Random Numbers
658482612976818273437905705669 } Cipher Text

Final message to be sent is:

65848 26129 76818 27343 79057 05669

#### How does the other person decipher it?

The just reverse the process; write the received cipher text down, and draw a line over top of it. Next, write the same sequence of random numbers above the line (the recipient needs to have the pad of random numbers you used), aligned with the cipher text digits. Then ask yourself the simple question “What number plus this random digit would equal this cipher text digit (using modular addition, of course)? Write that digit above the random digit. Finally, just look at all the paired two-digit numbers and write the corresponding letter or other character above them to get the plaintext message!

#### Why is it unbreakable?

OTPs are theoretically unbreakable because each piece of cipher text has an equal possibility of being decrypted to an infinite number of plaintext messages. Put another way, a message enciphered with an OTP could be anything! It depends entirely on what the random numbers are. Other cipher systems use an algorithm to encipher plaintext, and algorithms can be broken. In other words, every other cipher system in the world uses some kind of rules or formulas to encipher text, and these can be “cracked.” With OTP, there’s simply nothing to crack; everyone knows how it’s done, but without the random numbers they’re out of luck!

#### Why is it called “theoretically” unbreakable?

OTP is still vulnerable to any number of practical attacks that have nothing whatsoever to do with cracking a cipher system, including:

• Reproducing the random numbers: This is a huge, complex area of mathematics. Numbers are only truly random when they are incapable of being reproduced, and so far the world’s biggest computers can reproduce sequences of random numbers from just about any source (other computers, decaying atoms, etc.). My advice is to go low-tech and buy a handful of 10-sided game die from a local hobby/game store and keep rolling them, then writing down the numbers. Many people get lazy and simply arrange with the recipient to use the last four digits of phone numbers from the phone book, or a statistical table on the web somewhere. If it’s the government from whom you’re hiding your message, it’s safe to assume they can crack such a system. You’ll have to determine your own threat matrix and make the call.
• Physical attacks: If someone knows this is how you send messages, they just need to steal your One Time Pads and copy them. Or they can hide a camera in your room and watch you encipher or decipher a message. Or they can steal the pad you were writing on and read the impressions left on the paper or blotter. Or they can install a key logger on your PC if you’re typing out the plaintext. Or…well, you get the idea.
• Practicality: Because OTPs do not rely on a system or formula, you need as many random digits as you have plaintext digits. Needless to say, very long messages can become very time consuming to encipher. In addition, the longer the message the greater the chance for human error in either enciphering or deciphering a message (called “entropy”). In other words, using OTPs for long messages is a real pain.

#### How should I send the cipher text?

Do all your rough work on paper, then burn everything, even the pages or blotter underneath. Send the cipher text to a disposable e-mail like this:

• Go to an internet café, and pay cash.
• Create a disposable webmail account (Hotmail, Yahoo! – whatever).
• Send the message to another disposable e-mail account. Go to MyTrashMail.com and read how that works. Pre-arrange the account name and send it off to (prearrangedname)@trashymail.com.
• Delete the sent message from the sending account, and log out of the webmail service.
• Dump the history, temp files and cookies and empty the recycle bin.
• Leave. Never use either webmail account again. Ever.
• Have the recipient check MyTrashMail under that prearranged account from another internet café and retrieve the message. Delete it and never use that Trashymail address again. Ever.

OTPs work well when you need to send short message that are 100% secure, and where potential interceptors have no prior knowledge that this is how you will be communicating. There are many varieties of OTP systems, and lots of variations on this one. Feel free to add suggestions in the comments.

Tags: , ,