1882: Described by Frank Miller
1917: Re-invented by Gilbert S. Vernam
If used correctly, perfect secrecy can be achieved through it.
This is mathematically proven.
To insure, and successfully prove that One-time Pad is unbreakable, the following requirements must be met:
- The key must be as long as the plain text
- The key must be truly random
- The key must only be used once, and then discarded
OTP keys are used in pairs that are truly random. There are only two copies of the key. One for the sender and one for the receiver.
A stream of truly random keys is generated and then combined with the plain text by an ‘exclusive OR’ (XOR) operation. The binary operation XOR is performed on each bit with the corresponding bit in the secret key.
The copy of the key kept by the receiver is combined with the ciphertext, also using an ‘exclusive OR’ (XOR) operation. One copy of the key is kept by each user and the keys are distributed securely prior to encryption.
Since the shifts never fall into a repetitive pattern, each encryption is unique and bears no relation to the next encryption. Therefore, no pattern can be detected. Because the keys are equally likely and are all generated randomly, there is no frequency deferential; the encryption is unbreakable.
No Force to Brute-Force
Brute-force attacks against OTP are not feasible because even if a different key may yield a meaningful message, it is not guaranteed to be the original message.
It will never be possible to decrypt One-time Pad encrypted data without having the proper key, regardless of any existing or future cryptanalytic attack or technology. In Addition, OTP is immune to any super or quantum computer regardless of the amount of time that could be spent trying to decrypt any data.
1. Key Length
Using a key that is shorter than the message to be encrypted, inevitably means it will be used more than once. Using the same key more than once could result in the loss of frequency distribution and thus, leave room to successful dictionary or brute-force attacks.
Generated pads (dictionaries) must be truly random, non-repeated, and used only once. This process is time consuming and requires highly optimized software with advanced hardware for high quality One-time Pads generation.
3. Key distribution
For each peer, a secure transportation media ̶ such as transporting the keys physically ̶ and a large safe storage are needed. Spreading OTP through all networks and on the internet is not feasible because keys must be generated and distributed prior to any communication.
4. True randomness
One-time Pad keys used for encryption need to be completely random to avoid brute-force or dictionary attacks. Generating true random keys is a complicated process and nearly unachievable using software only algorithms and the output will always be pseudo-randomness. To guarantee unbreakable security, hardware random generators should be included as SEEDs for any generation process.