Can you use repeating numbers like $\pi$, and $e$, as the Key to OTP ciphers?

Question

Since $\pi$ and other numbers repeat could you use them as a OPT key. Ex: a 5 character message is sent and the first 5 digits of $\pi$ are used. after that the next $X$ number of digits are used and so on. from what I understand of Cryptography (its my hyper fixation for the week) and potential 3rd party readers would have to know the number of messages sent and their length to try and decode the messages. if i understand it, it would be near impossible to brute force and would require digital forensics (data remanence can be an issue). Obviously the community knows more than me, any insight would be much appreciated.

$\pi$ does NOT repeat If its expansion repeated it would be rational. And others in answers explained why this is a terrible idea. — kodlu, Sep 08 '20 at 06:49
If you work in hexadecimal, you can calculate any digit independently of the others. — richard1941, Sep 25 '20 at 16:45
also see a relevant question https://mathoverflow.net/questions/26942/is-pi-a-good-random-number-generator — 111, Sep 27 '20 at 12:20

score 15 · Accepted Answer · edited Sep 08 '20 at 08:16

15

An OTP is completely broken if you use a key that can be predicted. As such, $\pi$ would be a terrible choice. The key needs to be unpredictable, nonrepeating, and completely random. $\pi$ satisfies the nonrepeating aspect, and (looks like it) satisfies the randomness attribute, but is predictable since I can simply search online for 1 million digits of $\pi$.

To clarify, any number people have actually heard of is a bad choice. $\pi$, $e$, the coefficient of rolling friction across a carpet, are all bad choices. You need to use a number that has never occurred before, and never will; aka randomly generated by you, not taken from a mathematical constant.

edited Sep 08 '20 at 08:16

Gilles 'SO- stop being evil'

19,134
4
50
92

answered Sep 08 '20 at 00:34

Serpent27

1,461
5
11

I agree with your point that it's a lousy choice, but would suggest that for correctness it becomes a lousy choice only as soon as the first message is cracked, the position in the sequence extracted, and the sender demonstrates that the next message will simply continue using the key where the first one left off. – Mark Morgan Lloyd Sep 08 '20 at 10:13
1

I wonder which is stronger: the statement that Pi is an irrational number hence has an infinite number of digits, or the statement that Pi has no repeating sequences? It appears to me that they are contradictory, since if Pi has an infinite number of digits it must contain repeating sequences of any specified length: including at least one repeating sequence of infinite length (nod to Kantor: for some particular type of infinity). – Mark Morgan Lloyd Sep 08 '20 at 10:21
2

"coefficient of rolling friction across a carpet" has likely too short a length to be usable. "number that has never occurred before" is not a sufficient condition, and is impossible to verify. @MarkMorganLloyd : "if Pi has an infinite number of digits it must contain repeating sequences of any specified length" is incorrect. Counterexample: the real with the same decimal expression as $\pi$, except we removed any occurrence of the digit 7. It still has an infinite number of digits, yet does not contain many finite length sequences. – fgrieu Sep 08 '20 at 10:54
@MarkMorganLloyd Not necessarily - Counterexample: an attacker could simply think, "I wonder if they're using a one-time pad using a mathematical constant key... $\pi$ seems to come to mind; I think I'll guess that as the key" – Serpent27 Sep 08 '20 at 14:21
@MarkMorganLloyd: The only way to get to that position in the sequence is to compute the digits out that far, which anybody can do. Therefore the attacker has the same amount of work to break the cipher as the communicants have to create the key. I would say that makes it a lousy choice always. – President James K. Polk Sep 23 '20 at 15:11

kelalaka · Answer 2 · 2020-10-08T09:25:57.030

In modern cryptography, we work with the Kerckhoffs's Principles, in which we consider everything public but the key.

In your encryption scheme you consider the secret as the number of messages and the message length. Those are not secret for a constant observer of your system and hiding the length of a message is not an easy and most of the time we consider that the an observer has this knowledge.

The digits/bits of $\pi$ are not secret. Everybody can calculate any base16 digits of $\pi$ without calculating the previous ones by Bailey–Borwein–Plouffe formula, $$ \pi = \sum_{i=0}^{\infty} \frac1{16^i}\left( \frac{4}{8i+1}-\frac{2}{8i+4}-\frac{1}{8i+5}-\frac{1}{8i+6}\right),$$ this produces the digit in base16. So you and your attacker in a race to calculate the digits. It is like there is no secret at all.

In an actual protocol you need to send the position, too. This is where such a system will easily collapse.

In modern cryptography, we achieve similar to this with stream ciphers. The key and the nonce points a position on the stream of the cipher. The key is secret and the nonce must be used only once with the same key.

The attacker either can try to bruteforce the cryptosystem or try to cryptanalyze it. We prevent the bruteforce by increasing the key size over 128-bit. To countermeasure against the cryptanalyze is requires knowledge and experience.

And a side not, the $\pi$ sequence is not even good a random stream it is predictable. A nice property of the sequence of $\pi$ is that contains full of pattern if you run enough (this is called normal ^*). This doesn't mean that it is periodic like LFSR, otherwise it won't be a transcendental number.

An OTP key must be truly random and, ofcource, unpredictable.

$\pi$, $e$, and other constants (transcendental) can have similar issues with $\pi$

_{^* Normal: A number is called "normal" with respect to a given base if, when the number is expressed in that base, the asymptotic frequencies of occurrence of each distinct string of $k$ digits are equal, and this applies to every positive integer $k$. $\pi$ and $e$ are believed to be normal}

This Math.SE answers to Does $\pi$ contain all possible number combinations? have good answers about the possibility of the strings.

Note: yes, it's believable that in any base, any finite pattern of digits appears in $\pi$. That's expected, for that's the case for a random real. — fgrieu, Sep 08 '20 at 07:24
The digits of $\pi$ don't have any known pattern. “Pattern” in the title of this article really means “there's no pattern but that doesn't mean it can't look pretty” and “if you search long enough for a pattern, you'll probably find it” which is more like the absence of a pattern. The reason it isn't a good random stream is that it's completely predictable. Any real number would have the same defect, pattern or not. — Gilles 'SO- stop being evil', Sep 08 '20 at 08:15
For searching a number in $\pi$ sequence see https://www.angio.net/pi/ — kelalaka, Sep 08 '20 at 08:21
It can be done in base 10 too! Computation of the n-th decimal digit of $\pi$ with low memory, Xavier Gourdon, February 11, 2003 — Ross Presser, Sep 08 '20 at 18:36
@RossPresser thanks for the link. Actually, one can find the location relation of the two representations and use BBF. That may require two positions from BBF. I don't see a huge problem here. — kelalaka, Sep 08 '20 at 18:49
Suppose you use a truly random process like thermal noise or radioactive decay to generate a OTP. There is ly no reason why a long secquence of zeroes could not occur, so that the corresponding plaintext is sent unencrypted. There is probably a need to constrain truely random keys to those that provide strong security. — richard1941, Sep 25 '20 at 16:50
@richard1941 TRNG need pretests and post process to prevent those kind of event. This is also true for the $\pi$ sequence too. Also, remember that you need to send the OTP key securely. The best generation is the toss a coin to... — kelalaka, Sep 25 '20 at 17:13

Can you use repeating numbers like $\pi$, and $e$, as the Key to OTP ciphers?

2 Answers2