Fundamentals of Information Security – OTP Encryption and cryptography

In the previous article, we started with cryptography. After getting acquainted with the basic definitions of cryptography, now in this article we are going to describe the One Time Pad cryptography method.

Cryptography, This is one of the few cryptographic methods that can be proven to be secure.

In a previous article from the Introduction to Information Security Fundamentals series , we learned the basic definitions of cryptography.

Do you remember that Morteza wanted to send a message to Jafar Bank, but because Javad might have overheard Pabamha, he had to use an encryption method to send his message in encrypted form.

To do this , we reviewed the surrogate encryption method and saw how this encryption could be broken using encryption analysis methods.

 In this article, we describe One Time Pad encryption. A cryptographic method that has been proven to be secure.

Morteza, who recently worked as a spy in Nazi Germany, wants to send an encrypted message to Jafar, who is in charge of his superior. He wants to use One Time Pad encryption to encrypt his message. Javad, a spy for the Soviet Union, also intends to eavesdrop on the message and crack the code.

Morteza, Jafar and JavadTo make our job easier, we consider only the first part of Morteza’s message. This message starts with the phrase heilhitler. To use One Time Pad encryption, we assign a binary code to each letter of the code.

Because in this example we are dealing with only 8 letters of the alphabet, we can assign a 3-bit code to each letter as follows.

Base code attributed to lettersThese codes provide only a mapping of the alphabet to three-bit strings and should not be kept confidential. Using them here is something like using ASCII encoding.

In the previous article, we said that in a cryptographic method, there should be nothing secret other than the cryptographic key. We introduced this issue as the Karkhoff principle .

In this way, Morteza’s message (heilhitler phrase) becomes the following bit string:

001 000 010 100 001 010 111 100 000 101

How does One Time Pad encryption work?

Now Morteza has to encrypt his message using One Time Pad encryption. To do this, we need a key that is exactly the same length as the message. This key must be selected randomly. Morteza uses the following bit string as a key:

111 101 110 101 111 100 000 101 110 000

In the One Time Pad encryption method, to generate encrypted text or Cipher Text, we plain text with the XOR encryption key. One of the features of XOR operation is that:

a XOR b XOR b = a

For this reason, if the encrypted text (Cipher Text) is entered with the XOR encryption key, it will be the result of plain text operations. In this way, the encryption and decryption methods are exactly the same.

So Morteza’s message will be encrypted as follows:

Encryption with One Time PadEncrypted message means that the phrase srlhssthsr can be transmitted quite safely, without the listener of the message knowing anything about the content of the message.

The listener can only understand the length of the main message, but this problem can also be solved by using creative methods.

Jafar, who has the cryptographic key, repeats the same operation after receiving the message and obtains the main message.

Decryption with One Time PadIf we decrypt the same encrypted text with another key, the simple message we get is completely different. Imagine using the following bit string as an encryption key to decrypt the srlhssthst message:

101 111 000 101 111 100 000 101 110 000

Decryption with wrong key in One Time Pad.pngAs you can see, the result is killhitler instead of heilhitler. Without knowing the key, any phrase with the same length can probably be exactly the same as the main message.

As a result, without knowing the key and holding the encrypted message, no guess can be made about the main message. This means that this encryption method is completely secure. But provided that each key is used only once.

Why is the One Time Pad encryption key disposable?

Suppose the two messages P1 and P2 are both encrypted with the K key.

C1 = P1 XOR K

C2 = P2 XOR K

C1 XOR C2 = P1 XOR K XOR P2 XOR K = P1 XOR P2

The above statement indicates that if the same cryptographic key is used twice, information about the original message can be found. In this case, it is enough to reveal only a part of one of the messages or guess correctly, so that the encryption is broken and more information about the main messages without a key is obtained.

For example, if both kite and like are both encrypted with a key:

like.pngkite.pngThe person listening to the messages can guess that the second and fourth letters of both messages are the same. Breaking the encryption by revealing the details of the messages can be as simple as solving the table.

Why can’t One Time Pad encryption be used for today’s applications?

We saw that the encryption key in the One Time Pad encryption method needs to be changed each time, and the length of this key should be the same size as the original message.

Choosing a key of this length is practically very challenging in today’s applications dealing with very large data, and transmitting a key of this size to any message is not safe to do.

Therefore, this method of cryptography, although it offers very good security, but can not be used in most applications today. But knowing this helps to understand the cryptographic methods used today.

Challenge your findings

At the end of the third article in the collection of information security basics,

it is not bad to review a little of what we have learned in these three articles.

If you are familiar with programming languages, you can implement successor cryptography or One Time Pad cryptography.

You can also think of creative ways to prevent message length from being revealed

in One Time Pad encryption and implement the way you think.

In the next article, we will look at the cryptographic methods used in the computer world today and learn how they work.

Leave a Reply

Your email address will not be published. Required fields are marked *