One Time Pad Encryption
The unbreakable
One Time Pad
The unbreakable encryption method
One Time Pad encryption is a very simple, yet completely unbreakable cipher method. It has been used for decades in mils electronic cipher systems for encrypting our customers’ sensitive data.Over the years, we have perfected the implementation of One Time Pad en-cryption into our products. Today, high levels of automation, high capacity stor-age media, continuous key protection, and huge One Time Pads provide our customers with outstanding communication security without sacrificing con-venience.
This document will help you understand how One Time Pad can ensure com-plete privacy for your sensitive information.
Characteristics of the
One Time Pad encryption method
The One Time Pad encryption method is a binary additive stream cipher, where a stream of truly random keys is generated and then combined with the plain text for encryption or with the cipher text for decryption by an ‘exclusive OR’ (XOR) addition.
It is possible to prove that a stream cipher encryption scheme is unbreakable if the following preconditions are met:
A
The key must be as long as the plain text.
BThe key must be truly random.
C
The key must only be used once.
The One Time Pad implementation in mils electronic’s products fulfills all these requirements and therefore provides absolute protection for our customers’ sensitive information.
Components
of the OTP encryption
Truly random key
generation
For One Time Pad encryption, a truly random key stream must be em-ployed. The word ‘random’ is used in its most literal sense here.
In mils electronic products, all keys are exclusively generated by a ‘True Random Noise Source’. This Noise Source is incorporated into the hardware security token of each mils electronic application. As it is part of the security token, it is protected against all manipulation and tampering attempts and provides a very high key generation speed.
0
1 0 1 0
Random
bits
Combination
stage
Oscillator ring 1
Oscillator ring 2
Oscillator ring n
The random noise source derives its randomness by sampling a set of parallel ring oscillators, a reliable technology for obtaining genuine ran-domness. This technique uses tim-ing jitter and oscillator drift found in free-running CMOS ring oscillators as a source of randomness. Timing jitter is a random phenomenon caused by the thermal noise and local voltage variations present at each transistor of a ring oscillator.
Local variations in voltage and tem-perature will cause each ring to oscil-late faster (or slower) over time - re-sulting in a random drift relative to the other rings. As the frequency of each oscillator randomly drifts with each cycle, the output stream becomes random relative to the lower frequen-cy sampling rate.
The One Time Pad
encryption process
One Time Pad keys are used in pairs. The keys are distributed securely prior to encryption. One copy of the key is kept by the sender and one by the recipient. The confidentiality and authenticity of the One Time Pad keys can be
guaran-teed thanks to the continuous protection during their distribution and storage. Therefore, outsiders will not be able to misuse the key (e.g. by copying or
alter-ing the key duralter-ing distribution).
0 1
0 1 1 0 0
1
0 1 1 0 1 1
0
1 1 0
1
1 1
1 0
1
0
0
1
1
1 1 000 1 1
0
Plain text
0
0
One Time PadExclusive OR function Cipher text
Generated by the True Random Noise Source
A To encrypt plain text data, the sender uses a key string equally long as the
plain text. The key is used by mixing (XOR-ing) bit by bit, always adding one bit of the key with one bit of the plain text to create one bit of cipher text.
B This cipher text is then sent to the recipient.
C At the recipient’s end, the encoded message is mixed (XOR-ed) with the
duplicate copy of the One Time Key and the plain text is restored.
D Both sender’s and recipient’s keys are automatically destroyed after use, so
Why is One Time Pad
encryption unbreakable?
The popular scientific explanation
AV
HSUX R
Z
F
L ZRX I B
E T DYHCN
Key 2
Key 4
Exclusive OR function Key 3
X
H
TA
ZCVP I
Q
Key 1
RV
KNQX Z
L
I F
CPQX T
A
T
S AY OF
HZAUHPSE
F
ME
YES
C
O
Cipher text,
Plain text 1 (meaningful) Plain text 2 (meaningless) Plain text 3 (meaningless) Plain text 4 (meaningful)The ‘brute force’ attack
With One Time Pad encryption, the key used for encod-ing the message is completely random and is as long as the message itself. That is why the only possible attack to such a cipher is a brute force attack. Brute force attacks use exhaustive trial and error methods in order to find the key that has been used for encrypting the plain text. This means that every possible combination of key bits must be used to decrypt the cipher text. The correct key would be the one that produces a meaningful plain text.
Unlimited computing power is useless
Let’s assume an eavesdropper has intercepted a One Time Pad encrypted message and that he has unlimited comput-ing power and time. For example, typical e-mail messages are at least 200 bytes long, requiring the testing of 1.600 bits. Even if the eavesdropper is both willing and able to do this, the following paragraph will describe why unlimited computational power will not compromise the system.
Attackers must try every possible key
Since all One Time Keys are equally likely and come from a completely unpredictable noise source that is proven to be random, the attacker has to test all possible key strings.
Impossible to guess the right plain text
If he used every possible key string to decrypt the cipher text, all potential plain text strings with the same length as the original plain text would appear. As illustrated above, most of these potential plain text strings would make no sense; however, every meaningful string the same length as the original plain text would also appear as a potential plain text string.
Without knowing the applied OTP, the eavesdropper has no way of finding out which meaningful string is the orig-inal plain text. Thus, trying all possible keys doesn’t help the attacker at all, because all possible plain texts are equally likely decryptions of the cipher text.
Why is One Time Pad
encryption unbreakable?
The mathematical proof
DEFINITION
A noise source is called a True Random Noise Source or fulfills the true random property if for all any generated key sequence for all satisfies
THEOREM: Unconditional security of One Time Pad
For a cipher system with a true random noise source, the One Time Pad cipher is perfectly secret.
PROOF
First, we determine the length of the plain text by . Let denote the plain text and the One Time Pad generated by the true random noise source. The resulting cipher text is calculated by , i.e.
for all . A system is called perfectly secret or unconditionally secure if for all
for all is satisfied. For we conclude from equation (2)
and .
(2) (1)
We get for all and by using the law of total probability and the true random property of the noise source
By again applying the true random property of the noise source and equation (2) for we obtain
and
From the definition of conditional probability follows for all and all
and
and thus we get
From equation (5) and equation (4) we deduce and thus equation (8) simplifies to
for all . Hence, the mathematical proof is complete.
(4)
(5)
(6)
(7)
Further
reading
Schneier, Bruce:
Applied Cryptography: Protocols, Algorithms, and Source Code in C.
1996, John Wiley and Sons, Inc.
Menezes, Alfred J., Paul C. van Oorschot, and Scott A. Vanstone: Handbook of Applied Cryptography
1997, CRC Press
The history of
One Time Pad encryption
The One Time Pad encryption method is nothing new. In1882, Frank Miller was the first to describe the One Time Pad system for securing telegraphy.
In 1917, Gilbert Vernam invented a cipher solution for a teletype machine. U.S. Army Captain Joseph Mauborgne realized that the character on the key tape could be com-pletely random. Together, they introduced the first One Time Pad encryption system.
Since then, One Time Pad systems have been widely used by governments around the world. Outstanding examples of a One Time Pad system include the ‘hot line’ between the White House and the Kremlin and the famous Sigsaly speech encryption system.
Another development was the paper pad system. Diplo-mats had long used codes and ciphers for confidentiali-ty. For encryption, words and phrases were converted to groups of numbers and then encrypted using a One Time Pad.
The famous patent for the ‘Secret Signaling System’ from 1919. Each character of a message was combined with a character on a paper tape key.
Gilbert Vernam Joseph Mauborgne Frank Miller
M730 Cipher Machine with MilsCard MilsOne Client with OneQube M640 Tape Mixer M830 Cipher Machine TT-360 Tape Mixer OTP Cipher Disk
OTP encryption has always played an essential role in mils electronic’s product philosophy. When the com-pany was founded in the late 1940s, OTP was the only applied encryption method. The TT-360 Tape Mixer was one of the first electro-mechanical cipher machines which the company developed and sold.
Although unbreakable, OTP encryp-tion is so simple that you can even employ it manually. We therefore often give a OTP Cipher Disk to our customers as a gift. When used cor-rectly, it’s a powerful tool to create short unbreakable messages.
With the invention of microproces-sor technology, OTP encryption was complemented by algorithm based encryption in the M640 Tape Mixer or the M830 Cipher Machine. The usability of OTP was drastically in-creased by software based develop-ment.
With the invention of the personal computer it was necessary to remove the sensitive parts of OTP encryption from the PC into dedicated security hardware, like the MilsCard of the M730 Cipher Machine.
Today, the entire OTP storage and encryption process is handled by the OneQube, the hardware token of MilsOne. With its fully automated OTP usage and 29 GB of OTP storage it represents the state-of-the-art OTP implementation.
mils electronic gesmbh & cokg · leopold-wedl-strasse 16 · 6068 mils · austria t +43 52 23 577 10-0 · f +43 52 23 577 10-110 · [email protected] · www.mils.com
