1

I have come across 2 versions of otp while reading it and want to confirm it.

  1. they have taken a plain text consisting of alphabets where they are shifted and replaced by alphabets itself.

  2. XORing of binary I/P streams with binary key.

Are they both valid forms? When I/P is in alphabets, shouldn't we convert it into binary form and then perform XORing with key?

SEJPM
  • 45,967
  • 7
  • 99
  • 205
CuriousCurie
  • 103
  • 5
  • 1
    What is an I/P and/or I/P streams? Also I am not sure what a plaintext "consisting of alphabets" means? – Guut Boy Aug 27 '15 at 18:02
  • I/p means input. by 'plain text Consisting of alphabets' I mean that the what we have to encode is not in binary form, rather it is a simple english sentence. I.e matter to be encoded in case1- 'earthplanet'. Case2- '1110001010'. so in case 1 we may use any random key eg. astiopuynmb. In case 2 key may be choosen as 0100111001 – CuriousCurie Aug 27 '15 at 18:27
  • 1
    Well, perhaps what you need to realize is that the cases are not so different. The only difference is the alphabet used. In case 1 it is the english alphabet consisting of letters "A" to "Z", in case 2 the alphabet of bits consisting two letters "0" and "1". In case 2 picking a random bitstring and doing XOR is just a convenient way to define the random substitution of each bit. – Guut Boy Aug 27 '15 at 18:33

2 Answers2

2

According to the definition on Wikipedia, both are valid uses of the term "one time pad" - "each bit or character of the plaintext is encrypted by combining it with the corresponding bit or character from the pad using modular addition." - that is: e=(d+p)%m, where e=encrypted data, d=decrypted data (input), p=pad, m is the number of possible values in e, d, and p (which must be the same). % is modulus - divide (d+p) by m, but take the remainder.

The most common implementation is the XOR method, which is the above calculation using m=2 (since 1 bit has two different possible values). A byte-by-byte solution would be equally valid, with m=256. letter by letter (m=26) is fine PROVIDED only encrypted data is sent - if you use this but send punctuation, capitals, newlines, and spaces unencrypted (or encrypted as a separate character set, then this is no longer secure (it will leak data - e.g. word lengths, and position and likely candidates for proper nouns, etc.).

Remember also, the pad needs to be really, really random, and of the same length (at least) as the message. It can never be reused. If the pad is English text, it is very insecure.

AMADANON Inc.
  • 182
  • 3
  • 3
    If the pad is English text, it is very insecure. – While that is correct from a security point of view, it should be noted that if the pad isn’t a cryptographically secure, random pad – we’re not talking about OTP in the first place. ;) – e-sushi Aug 27 '15 at 22:21
  • True. I always put these warnings in; for exactly the reason specified in your link. OTP seems really easy - people can understand how it works in one minute, but how it fails is more important (if you don't want it to fail!). OTP is usually the first port of call of amature cryptographers (not that that's a bad thing). It is important that these people understand the shortfalls/implementation issues of the system they are using. – AMADANON Inc. Aug 27 '15 at 23:36
  • Well, you sure got my upvote. – e-sushi Aug 28 '15 at 00:07
  • #amadanon Sorry, but I couldn't get your point of how pad will be insecure if it is in english? And by the way a lot of thanks for your answer :) – CuriousCurie Aug 28 '15 at 02:59
  • English has an awful lot of redundancy. Additionally, English text padded with English text will show through very obviously. If you can guess a word om the message, then you can apply it as a pad; if you are right, then a part of the (English) pad will show, clear as day. I you can guess the rest of that word, then you have some more of the pad; apply that, and get a bit more. A similar technique was used against the German "Enigma" machine - it was known when encrypted weather reports came out, so they guessed that "wetteruebersicht" (weatherforecast in German) would be in the plaintext. – AMADANON Inc. Aug 28 '15 at 03:31
0

Here is how to make a Caesar Shift Cipher work with a One-Time Pad.

First you write your message down:

"ABCD"

Then instead of shifting the alphabet for the whole message. You shift the alphabet for each letter based on a number in your pad.

"13, 3, 11, 0"

So in this case:

For A you shift the alphabet 13 times to get N.

B you shift the alphabet 3 times in the same direction to get E.

C is shifted 13 times to get P.

And finally D is shifted 0 times to remain at D.

So our coded message is NEPD

Note: The alphabet is reset back to its normal position for each shift.

You can also include the other characters and numbers in this scheme to. Also you can chose the starting position for the alphabet too.

WAR10CK
  • 189
  • 5