In cryptography, the one-time pad (OTP) is an encryption algorithm in which the plaintext is combined with a secret random key or pad , which is used only once. A modular addition is typically used to combine plaintext elements with pad elements. (For binary data, the operation XOR amounts to the same thing.) It was invented in 1917 and patented a couple of years later. If the key is truly random, as large as the plaintext, never reused in whole or part, and kept secret, the one-time pad provides perfect secrecy. It has also been proven that any cipher with the perfect secrecy property must use keys with effectively the same requirements as OTP keys. The key normally consists of a random stream of numbers, each of which indicates the number of places in the alphabet (or number stream, if the plaintext message is in numerical form) which the corresponding letter or number in the plaintext message should be shifted. For messages in the Latin alphabet, for example, the key will consist of a random string of numbers between 0 and 25; for binary messages the key will consist of a random string of 0s and 1s; and so on.
The "pad" part of the name comes from early implementations where the key material was distributed as a pad of paper, so the top sheet could be easily torn off and destroyed after use. For easy concealment, the pad was sometimes reduced to such a small size that a powerful magnifying glass was required to use it. Photos accessible on the Internet show captured KGB pads that fit in the palm of one's hand, or in a walnut shell. To increase security, one-time-pads were sometimes printed onto sheets of highly flammable nitrocellulose.
The one-time pad is derived from the Vernam cipher, named after Gilbert Vernam, one of its inventors. Vernam's system was a cipher that combined a message with a key read from a paper tape loop. In its original form, Vernam's system was not unbreakable because the key could be reused. One-time use came a little later when Joseph Mauborgne recognized that if the key tape were totally random, cryptanalytic difficulty would be increased.
There is some ambiguity to the term due to the fact that some authors use the term "Vernam cipher" synonymously for the "one-time-pad", while others refer to any additive stream cipher as a "Vernam cipher", including those based on a cryptographically secure pseudorandom number generator (CSPRNG).
Perfect secrecy
The Vernam-Mauborgne one-time pad was recognized early on as difficult to break, but its special status was only established by Claude Shannon some 25 years later. He proved, using information theory considerations, that the one-time pad has a property he termed perfect secrecy ; that is, the ciphertext C gives absolutely no additional information about the plaintext. Thus, the a priori probability of a plaintext message M is the same as the a posteriori probability of a plaintext message M given the corresponding ciphertext. Mathematically, this is expressed as H ( M ) = H ( M | C ) , where H ( M ) is the entropy of the plaintext and H ( M | C ) is the conditional entropy of the plaintext given the ciphertext C . Perfect secrecy is a strong notion of cryptanalytic difficulty.
Despite Shannon's proof of its security, the one-time pad has serious drawbacks in practice:
- it requires perfectly random one-time pads
- secure generation and exchange of the one-time pad material, which must be at least as long as the message. (The security of the one-time pad is only as secure as the security of the one-time pad key-exchange).
- careful treatment to make sure that it continues to remain secret from any adversary, and is disposed of correctly preventing any reuse in whole or part — hence "one time". See data remanence for a discussion of difficulties in completely erasing computer media.
Because the pad must be passed and kept secure, and the pad has to be at least as long as the message, there is often no point in using one-time padding, as you can simply send the plain text instead of the pad (as both are the same size and have to be sent securely). However, once a very long pad has been securely sent (e.g., a computer disk full of random data), it can be used for numerous future messages, until the sum of their sizes equals the size of the pad.
Implementation difficulties have led to one-time pad systems being broken, and are so serious that they have prevented the one-time pad from being adopted as a widespread tool in information security.
In particular, one-time use is absolutely necessary. If a one-time pad is used just twice, simple mathematical operations can reduce it to a running key cipher. If both plaintexts are in a natural language (e.g. English or Russian or Gaelic) then, even though both are secret, each stands a very high chance of being recovered by heuristic cryptanalysis, with possibly a few ambiguities. Of course the longer message can only be broken for the portion that overlaps the shorter message, plus perhaps a little more by completing a word or phrase. The most famous exploit of this vulnerability is the VENONA project.
The one time pad does not provide a mechanism to ensure message integrity and, in theory, a man-in-the-middle attacker who knows the exact message being sent can straightforwardly replace all or part of that message with text of their choosing which is the same length. Standard techniques to prevent this, such as the use of a message authentication code, can be used along with a one-time pad system, but they lack the perfect security the OTP itself has.
History
The history of the one-time pad is marked by four separate but closely related discoveries.
The first one-time pad system was electrical. In 1917, Gilbert Vernam (of AT&T) invented and later patented in 1919 ( U.S. Patent 1,310,719 ) a cipher based on teletype machine technology. Each character in a message was electrically combined with a character on a paper tape key. Joseph Mauborgne (then Captain (U.S. Army) and later chief of the Signal Corps) recognized that the character sequence on the key tape could be completely random and that, if so, cryptanalysis would be more difficult. Together they invented the first one-time tape system.
The second development was the paper pad system. Diplomats had long used codes and ciphers for confidentiality and to minimize telegraph costs. For the codes, words and phrases were converted to groups of numbers (typically 4 or 5 digits) using a dictionary-like codebook. For added security, secret numbers could be combined with (usually modular addition) each code group before transmission, with the secret numbers being changed periodically (this was called superencryption). In the early 1920s, three German cryptographers (Werner Kunze, Rudolf Schauffler and Erich Langlotz), who were involved in breaking such systems, realized that they could never be broken if a separate randomly chosen additive number was used for every code group. They had duplicate paper pads printed up with lines of random number groups. Each page had a serial number and eight lines. Each line had six 5-digit numbers. A page would be used as a work sheet to encode a message and then destroyed. The serial number of the page would be sent with the encoded message. The recipient would reverse the procedure and then destroy his copy of the page. The German foreign office put this system into operation by 1923.
A separate notion was the use of a one-time pad of letters to encode plaintext directly as in the example below. Leo Marks describes inventing such a system for the British Special Operations Executive during World War II, though he suspected at the time that it was already known in the highly compartmentalized world of cryptography, as for instance at Bletchley Park.
The final discovery was by Claude Shannon in the 1940s who recognized and proved the theoretical significance of the one-time pad system. Shannon delivered his results in a classified report in 1945, and published them openly in 1949. At the same time, Vladimir Kotelnikov had independently proven absolute security of the one-time pad; his results were delivered in 1941 in a report that apparently remains classified.
Example
Suppose Alice wishes to send the message 'HELLO' to Bob. Assume two pads of paper containing identical random sequences of letters were somehow previously produced and securely issued to both. Alice chooses the appropriate unused page from the pad. The way to do this is normally arranged for in advance, as for instance 'use the 12th sheet on Labor Day', or 'use the next available sheet for the next message'. The material on the selected sheet is the key for this message. Each letter from the pad will be combined in a predetermined way with one letter of the message. It is common, but not required, to assign each letter a numerical value: e.g. "A" is 0, "B" is 1, and so on. In this example, the technique is to combine the key and the message using modular addition. The numerical values of corresponding message and key letters are added together, modulo 26. If key material begins with "XMCKL" and the message is "HELLO", then the coding would be done as follows:
H E L L O message 7 (H) 4 (E) 11 (L) 11 (L) 14 (O) message+ 23 (X) 12 (M) 2 (C) 10 (K) 11 (L) key= 30 16 13 21 25 message + key= 4 (E) 16 (Q) 13 (N) 21 (V) 25 (Z) message + key (mo
YouTube - Leapfrog Quantum Pad
Leapfrog Quantum Pad with 4 games complete and carrying case. It has been used by our children so does show signs of wear. Uses 4 AA batteries.
Amazon.com: LeapFrog Quantum Pad Learning System: Toys & Games
Find toys and games for everyone on your list when you explore the Amazon.com Holiday Toy List. Shop now and finish all of your holiday shopping with just a few clicks.
LeapFrog SchoolHouse - Quantum Pad® Learning Systems
Designed for classroom use, our award-winning, multisensory learning system brings books to life. Grade 3 and up. The Quantum Pad multisensory learning platform engages ...
LeapFrog SchoolHouse - Press Release
LEAPFROG SCHOOLHOUSE INTRODUCES ‘QUANTUM PAD™ LEARNING SYSTEM’ TO SCHOOLS: Sleek New Model Designed for Grades 3 and up
LeapFrog Quantum Pad Learning System User Review 157001 on Yahoo ...
Quantum pad learning system 30025, Other, Electronics Videopinions are product reviews and demonstrations by the people who use them - in full motion video. Go to ExpoTVat www ...
LeapFrog Quantum Pad Learning System User Review 151931 on Yahoo ...
Quantum Pad Learning System mdl 30025, Other, ElectronicsTeaches math, reading/language arts, science, geography and history Improves reading fluency, spelling, computation ...
Amazon.com: Customer Reviews: Quantum Pad Library: Smart Guide To ...
Wonderful Book I didnt know that leap pad had a quauntum series. We just happened to see this title in the store and I couldnt believe it. The fact it works with the old leap pad ...
Quantum Pad Review | LeapFrog Learning Tools | Homework Help | Science ...
If you need help studying school subjects like science, math, english, geography, history or any other study problem, you should check out the new interactive learning tool from ...
Quantum Pad Learning System Book: 3rd Grade Science - Review Corner ...
Custom Classroom Resources will not be available after August 1st, 2008. If you would like to access resources you have created for future use, you will need to save ...
LeapFrog Quantum Pad Grade 4 Math w/Cartridge - For LeapPad Learning ...
Can't find that item you're looking for? Please let us know what we should bring in stock.