Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP
Posting-Version: version B 2.10.1 6/24/83; site gatech.UUCP
Path: utzoo!watmath!clyde!akgua!gatech!spaf
From: spaf@gatech.UUCP (Gene Spafford)
Newsgroups: net.crypt
Subject: One-time pads
Message-ID: <3957@gatech.UUCP>
Date: Wed, 15-Feb-84 03:11:59 EST
Article-I.D.: gatech.3957
Posted: Wed Feb 15 03:11:59 1984
Date-Received: Fri, 17-Feb-84 05:00:13 EST
Organization: Georgia Tech School of ICS, Atlanta
Lines: 43

The following comments are derived from notes I took during a class by
George Davida when he was at Georgia Tech.  It is in response to
someone's query about difficulties with one-time pads.

The only "unbreakable" kind of encryption is a one-time pad.  That is,
there is no way to find the true key based on the encrypted text alone
-- in theory.  Any encryption done using a function can eventually be
broken, although the time involved may be so extreme as to imply that
the system is unbreakable.

One way of implementing a one-way pad is to generate a random bit
string and perform an xor with the text to be encrypted.  To decrypt
the message requires that the receiver simply xor the encrypted bit
string with the key.  Theoretically speaking, someone attempting to
break the encryption can come up with all messages of length N (the
length of the message) by generating all possible keys.  Without
information to confirm the key, it is not possible to tell which
message is the correct one (and some of the candidates may well be
direct opposites of the correct message).

A difficulty is that in any truly random bit string, there is very
possibly a run of M zeros, with M up to the size of the message.  That
is, it is expected that at some time there will be a long enough run of
zeros so as to not encrypt a major portion of the text.  In fact, it is
entirely possible that a random key could be all zeros, thus producing
an encrypted text equal to the plain text!

Therefore, one-time systems may not use a truly random generator, but
may add constraints such as "out of every 100 bits, at least 60 are
ones."  This greatly reduces the number of potential keys that someone
needs to examine when attempting to decrypt the message.  In fact, if
taken to extremes, it enables certain probabilistic attacks on the
encrypted text which may result in the text being read without access
to the real key.

The mechanism described is, of course, generalizable to other systems
which don't use the "xor" method, but apply the random bit string for
encryption in some other way.
-- 
Off the Wall of Gene Spafford
The Clouds Project, School of ICS, Georgia Tech, Atlanta GA 30332
CSNet:	Spaf @ GATech		ARPA:	Spaf.GATech @ CSNet-Relay
uucp:	...!{akgua,allegra,rlgvax,sb1,unmvax,ulysses,ut-sally}!gatech!spaf