Example 1: The One Time Pad

A particularly important cipher to understand is the One Time Pad (OTP), which was quite popular around WWII.

The OTP mutates a message using another predetermined message of the same length.

For example, Alice and Bob would predetermine a message, also known as a key, ahead of time. An example of a very insecure key would be: “This is very insecure key”

Later, when Alice wants to send the following secret message to Bob: e.g. “Meet me at the park bench” , she can simply perform a bitwise XOR operation on her message using the key.

In the hexadecimal format, this yields the ciphertext 190d0c... , which she then sends to Bob.

Finally, Bob can easily decrypt Alice’s ciphertext by XORing the key and the ciphertext. This allows Bob to reverse derive the original message.

XOR : The bitwise operation in OTPs. For example, 0 xor 0 , 1 xor 1 yields the 0 bit and 0 xor 1 , 1 xor 0 yields the 1 bit. It’s important to call out that OTPs have an important vulnerability by nature of XOR’s properties: if you generate many ciphertexts with the same key, and assuming an attacker gets at least 2 of your ciphertexts, the attacker can actually reverse engineer the original key! Attack explained.

The main takeaway here is that the One Time Pad is only secure if you only use your key once, and only if your key is the same length as your message.

Relating OTP to Terminology

OTP is a type of “symmetric encryption”

When used correctly, the One Time Pad is a very good example of symmetric encryption. This is also known as private key encryption, secure key encryption, or secret key sharing, etc.

Alice encrypts a file with the same key that Bob uses to decrypt the file

In simpler terms, symmetric encryption is when the same key is shared among participants to both encrypt and decrypt the data.

OTP demonstrates “perfect secrecy”

The One Time Pad also demonstrates an important cryptography principle called perfect secrecy. Where, given a ciphertext, every message in the message space is exactly as likely to be the underlying plaintext.

In simpler terms, perfect secrecy means that to an attacker, the ciphertext looks completely random. There are no patterns, no hints about the underlying message by just looking at the ciphertext.

It also means that, if an attacker somehow gets a part of the key/message, like the first half, he can never derive the remaining parts of the key/message:

Illustration of a Perfect Secrecy cipher, even if some parts of its keys are compromised