### The one-time pad cypher

The one-time pad is an example of a symmetric cypher. The idea of the one-time pad is to use a key that has as much entropy as the message, and to use that key only once. If the message is N bits long, then a totally random key of also N bits is needed, a key that is shared between sender and recipient.

The encryption and decryption operation is extremely simple and identical: a bit-wise XOR of the clear text with the key will produce the cypher text, and a bit-wise XOR of the cypher text with the same key will produce the clear text again. This operation is so simple that, for relatively short texts it can be executed by hand. The one-time pad has been used in the past in this way by foreign intelligence agents.

The biggest problem with the one-time pad - in fact the only problem - is that the key is very big and must be totally entropic if one wants to enjoy the exceptional security of the system. The key must be as big as the total amount of information that one ever will want to send (until one can exchange a new key). For instance, if a secret agent goes on a year-long mission, he will need to take with him a key shared with his home base that will be at least as long as all the information that he will potentially send during his year-long mission.

Example:

Message: 1 1 0 1 . 1 1 0 1 . 0 0 0 1 . 1 0 0 0 . 1 0 1 0 . 1 0 1 1 . 0 1 1 1 . 0 0 0 0

Key: 0 1 1 1 . 0 1 0 0 . 0 1 1 0 . 0 0 1 0 . 0 1 0 1 . 1 0 0 1 . 1 1 0 0 . 0 1 0 1

Cypher : 1 0 1 0 . 1 0 0 1 . 0 1 1 1 . 1 0 1 0 . 1 1 1 1 . 0 0 1 0 . 1 0 1 1 . 0 1 0 1

Cypher : 1 0 1 0 . 1 0 0 1 . 0 1 1 1 . 1 0 1 0 . 1 1 1 1 . 0 0 1 0 . 1 0 1 1 . 0 1 0 1

Key: 0 1 1 1 . 0 1 0 0 . 0 1 1 0 . 0 0 1 0 . 0 1 0 1 . 1 0 0 1 . 1 1 0 0 . 0 1 0 1Clear : 1 1 0 1 . 1 1 0 1 . 0 0 0 1 . 1 0 0 0 . 1 0 1 0 . 1 0 1 1 . 0 1 1 1 . 0 0 0 0

### Ideal properties of the one time pad cypher

It has been shown that the one time pad, if the entropy of the key is total, is **absolutely secure**. In fact, the one time pad is the only cypher for which this has been mathematically demonstrated. There are two reasons for this. The first reason is that the entropy of the key is as large as the entropy of the message. As such, it is impossible to extract the information of the key and of the message from the cypher message alone. If the key already has an entropy of N bits, and the message has also an entropy of N bits, then the cypher text, consisting of only N bits, can never provide more than N bits of information - while for a complete decryption, one would learn the message and the key. So this is never going to be possible. Because if it were, the technique that allows us to recover N bits of information from the key, and N bits of information from the message, would also allow us to send 2 N bits of information by only sending N bits.

Moreover, there is no way for an enemy who is guessing a key, to learn from the system whether he has guessed right or not. Indeed, from a cypher text of N bits, any clear text of N bits can be obtained given a suitable N-bit key. As such, when trying all keys, the enemy will obtain all thinkable intelligible as well as unintelligible messages of length N bit. There is no way to know which clear text is the right one. Of course, many "clear texts" will be obvious rubble. But all possible meaningful clear texts will also appear and there is no way for the enemy to find out which clear text is the right one.

Finally, the method even turns any message in "perfectly white noise". The cypher text is always perfectly random, full-entropy noise, no matter how much redundancy there is in the clear text. The cypher text is indistinguishable by any statistical analysis of noise, of the same statistical quality as the key. If the key is a perfectly white bit stream, then so is the cypher text. As such, no statistical analysis on the cypher text can even determine whether it is a cypher text or just noise.

### Conclusion

If one can use a symmetric cypher (that is, the communication is between a very limited number of friends who can agree upfront to communicate) and sharing a large key is no problem, then the one time pad is the perfect solution if utmost security is required.

The only danger with a one-time pad is that the key gets copied by an enemy. Given the large data volume of the key, it is of course harder to hide it than a shorter password or so, which can be learned by heart. This is why hardware that is "read-once" can be useful.