One Time Pad Encryption The unbreakable

One Time Pad Encryption
The unbreakable
encryption method
One Time Pad
The unbreakable encryption method
One Time Pad encryption is a very simple, yet completely unbreakable cipher
method. It has been used for decades in mils electronic cipher systems for
encrypting our customers’ sensitive data.
Over the years, we have perfected the implementation of One Time Pad encryption into our products. Today, high levels of automation, high capacity storage media, continuous key protection, and huge One Time Pads provide our
customers with outstanding communication security without sacrificing convenience.
This document will help you understand how One Time Pad can ensure complete privacy for your sensitive information.
Characteristics of the
One Time Pad encryption method
The One Time Pad encryption method is a binary additive stream cipher, where
a stream of truly random keys is generated and then combined with the plain
text for encryption or with the cipher text for decryption by an ‘exclusive OR’
(XOR) addition.
It is possible to prove that a stream cipher encryption scheme is unbreakable if
the following preconditions are met:
A
The key must be as long as the plain text.
B
The key must be truly random.
C
The key must only be used once.
The One Time Pad implementation in mils electronic’s products fulfills all these
requirements and therefore provides absolute protection for our customers’
sensitive information.
Components
of the OTP encryption
Truly random key
generation
For One Time Pad encryption, a truly random key stream must be employed. The word ‘random’ is used in its most literal sense here.
In mils electronic products, all keys are exclusively generated by a ‘True
Random Noise Source’. This Noise Source is incorporated into the hardware
security token of each mils electronic application. As it is part of the security
token, it is protected against all manipulation and tampering attempts and
provides a very high key generation speed.
Oscillator ring 1
Combination
stage
Oscillator ring 2
1 001 0
Random
bits
Oscillator ring n
The random noise source derives
its randomness by sampling a set
of parallel ring oscillators, a reliable
technology for obtaining genuine randomness. This technique uses timing jitter and oscillator drift found in
free-running CMOS ring oscillators as
a source of randomness. Timing jitter
is a random phenomenon caused by
the thermal noise and local voltage
variations present at each transistor
of a ring oscillator.
Local variations in voltage and temperature will cause each ring to oscillate faster (or slower) over time - resulting in a random drift relative to the
other rings. As the frequency of each
oscillator randomly drifts with each
cycle, the output stream becomes
random relative to the lower frequency sampling rate.
The One Time Pad
encryption process
One Time Pad keys are used in pairs. The keys are distributed securely prior to
encryption. One copy of the key is kept by the sender and one by the recipient.
The confidentiality and authenticity of the One Time Pad keys can be guaranteed thanks to the continuous protection during their distribution and storage.
Therefore, outsiders will not be able to misuse the key (e.g. by copying or altering the key during distribution).
Plain text
Cipher text
One Time Pad
0 1 1 0 1 000 1 0 1 1 0 1 1
1 1 000 1 1 0
Exclusive OR function
1 0 1 0 1 1 1 0 1 0 1 00 1 1
Generated by the True Random Noise Source
A
To encrypt plain text data, the sender uses a key string equally long as the
plain text. The key is used by mixing (XOR-ing) bit by bit, always adding one
bit of the key with one bit of the plain text to create one bit of cipher text.
B
This cipher text is then sent to the recipient.
C
At the recipient’s end, the encoded message is mixed (XOR-ed) with the
duplicate copy of the One Time Key and the plain text is restored.
D
Both sender’s and recipient’s keys are automatically destroyed after use, so
that erroneous re-application of the same key is impossible.
Why is One Time Pad
encryption unbreakable?
The popular scientific explanation
Cipher text
KNQX L Z RV
Key 1
Z CVP Q I T A
Y E S , C OM E
Plain text 1 (meaningful)
Key 2
HSUX Z R AV
CPQX A T I F
Plain text 2 (meaningless)
Key 3
E T DYHCN X
HZAUHP S E
Plain text 3 (meaningless)
Key 4
L F ZRX I B H
S T AY O F F
Plain text 4 (meaningful)
Exclusive OR
function
The ‘brute force’ attack
Attackers must try every possible key
With One Time Pad encryption, the key used for encoding the message is completely random and is as long as
the message itself. That is why the only possible attack to
such a cipher is a brute force attack. Brute force attacks
use exhaustive trial and error methods in order to find the
key that has been used for encrypting the plain text. This
means that every possible combination of key bits must be
used to decrypt the cipher text. The correct key would be
the one that produces a meaningful plain text.
Since all One Time Keys are equally likely and come from
a completely unpredictable noise source that is proven to
be random, the attacker has to test all possible key strings.
Unlimited computing power is useless
Let’s assume an eavesdropper has intercepted a One Time
Pad encrypted message and that he has unlimited computing power and time. For example, typical e-mail messages
are at least 200 bytes long, requiring the testing of 1.600
bits. Even if the eavesdropper is both willing and able to do
this, the following paragraph will describe why unlimited
computational power will not compromise the system.
Impossible to guess the right plain text
If he used every possible key string to decrypt the cipher
text, all potential plain text strings with the same length as
the original plain text would appear. As illustrated above,
most of these potential plain text strings would make no
sense; however, every meaningful string the same length
as the original plain text would also appear as a potential
plain text string.
Without knowing the applied OTP, the eavesdropper has
no way of finding out which meaningful string is the original plain text. Thus, trying all possible keys doesn’t help
the attacker at all, because all possible plain texts are
equally likely decryptions of the cipher text.
Why is One Time Pad
encryption unbreakable?
The mathematical proof
DEFINITION
A noise source is called a True Random Noise Source or fulfills the true random property if for
all
any generated key sequence
for all
satisfies
(1)
THEOREM: Unconditional security of One Time Pad
For a cipher system with a true random noise source, the One Time Pad cipher is
perfectly secret.
PROOF
First, we determine the length of the plain text by
. Let
denote the plain
text and
the One Time Pad generated by the true random noise source. The
resulting cipher text
is calculated by
, i.e.
for all
.
A system is called perfectly secret or unconditionally secure if for all
(2)
for all
is satisfied. For
we conclude from equation (2)
and
.
(3)
We get for all
and
true random property of the noise source
by using the law of total probability and the
(4)
By again applying the true random property of the noise source and equation (2)
for
we obtain
(5)
and
From the definition of conditional probability follows for all
and all
(6)
and
(7)
and thus we get
(8)
From equation (5) and equation (4) we deduce
equation (8) simplifies to
and thus
for all
Hence, the mathematical proof is complete.
.
Further reading
Schneier, Bruce:
Applied Cryptography: Protocols, Algorithms, and Source Code in C.
1996, John Wiley and Sons, Inc.
New York, Chichester, Brisbane, Toronto, Singapore
Menezes, Alfred J., Paul C. van Oorschot, and Scott A. Vanstone:
Handbook of Applied Cryptography
1997, CRC Press
Boca Raton, New York, London, Tokyo
The history of
One Time Pad encryption
The One Time Pad encryption method is nothing new. In
1882, Frank Miller was the first to describe the One Time
Pad system for securing telegraphy.
In 1917, Gilbert Vernam invented a cipher solution for a
teletype machine. U.S. Army Captain Joseph Mauborgne
realized that the character on the key tape could be completely random. Together, they introduced the first One
Time Pad encryption system.
Since then, One Time Pad systems have been widely used
by governments around the world. Outstanding examples
of a One Time Pad system include the ‘hot line’ between
the White House and the Kremlin and the famous Sigsaly
speech encryption system.
Another development was the paper pad system. Diplomats had long used codes and ciphers for confidentiality. For encryption, words and phrases were converted to
groups of numbers and then encrypted using a One Time
Pad.
The famous patent for the ‘Secret Signaling System’ from 1919.
Each character of a message was combined with a character
on a paper tape key.
Frank Miller
Gilbert Vernam
Joseph Mauborgne
mils electronic’s OTP history
OTP encryption has always played
an essential role in mils electronic’s
product philosophy. When the company was founded in the late 1940s,
OTP was the only applied encryption
method. The TT-360 Tape Mixer was
one of the first electro-mechanical
cipher machines which the company
developed and sold.
TT-360 Tape Mixer
M640 Tape Mixer
M730 Cipher Machine with MilsCard
OTP Cipher Disk
M830 Cipher Machine
MilsOne Client with OneQube
Although unbreakable, OTP encryption is so simple that you can even
employ it manually. We therefore
often give a OTP Cipher Disk to our
customers as a gift. When used correctly, it’s a powerful tool to create
short unbreakable messages.
With the invention of microprocessor technology, OTP encryption was
complemented by algorithm based
encryption in the M640 Tape Mixer
or the M830 Cipher Machine. The
usability of OTP was drastically increased by software based development.
With the invention of the personal
computer it was necessary to remove
the sensitive parts of OTP encryption
from the PC into dedicated security
hardware, like the MilsCard of the
M730 Cipher Machine.
Today, the entire OTP storage and
encryption process is handled by
the OneQube, the hardware token
of MilsOne. With its fully automated
OTP usage and 29 GB of OTP storage
it represents the state-of-the-art OTP
implementation.
mils electronic gesmbh & cokg · leopold-wedl-strasse 16 · 6068 mils · austria
t +43 52 23 577 10-0 · f +43 52 23 577 10-110 · [email protected] · www.mils.com
TEC-OTP-04e