Relay-Version: version B 2.10 5/3/83; site utzoo.UUCP Posting-Version: version B 2.10.1 6/24/83; site gatech.UUCP Path: utzoo!watmath!clyde!akgua!gatech!spaf From: spaf@gatech.UUCP (Gene Spafford) Newsgroups: net.crypt Subject: One-time pads Message-ID: <3957@gatech.UUCP> Date: Wed, 15-Feb-84 03:11:59 EST Article-I.D.: gatech.3957 Posted: Wed Feb 15 03:11:59 1984 Date-Received: Fri, 17-Feb-84 05:00:13 EST Organization: Georgia Tech School of ICS, Atlanta Lines: 43 The following comments are derived from notes I took during a class by George Davida when he was at Georgia Tech. It is in response to someone's query about difficulties with one-time pads. The only "unbreakable" kind of encryption is a one-time pad. That is, there is no way to find the true key based on the encrypted text alone -- in theory. Any encryption done using a function can eventually be broken, although the time involved may be so extreme as to imply that the system is unbreakable. One way of implementing a one-way pad is to generate a random bit string and perform an xor with the text to be encrypted. To decrypt the message requires that the receiver simply xor the encrypted bit string with the key. Theoretically speaking, someone attempting to break the encryption can come up with all messages of length N (the length of the message) by generating all possible keys. Without information to confirm the key, it is not possible to tell which message is the correct one (and some of the candidates may well be direct opposites of the correct message). A difficulty is that in any truly random bit string, there is very possibly a run of M zeros, with M up to the size of the message. That is, it is expected that at some time there will be a long enough run of zeros so as to not encrypt a major portion of the text. In fact, it is entirely possible that a random key could be all zeros, thus producing an encrypted text equal to the plain text! Therefore, one-time systems may not use a truly random generator, but may add constraints such as "out of every 100 bits, at least 60 are ones." This greatly reduces the number of potential keys that someone needs to examine when attempting to decrypt the message. In fact, if taken to extremes, it enables certain probabilistic attacks on the encrypted text which may result in the text being read without access to the real key. The mechanism described is, of course, generalizable to other systems which don't use the "xor" method, but apply the random bit string for encryption in some other way. -- Off the Wall of Gene Spafford The Clouds Project, School of ICS, Georgia Tech, Atlanta GA 30332 CSNet: Spaf @ GATech ARPA: Spaf.GATech @ CSNet-Relay uucp: ...!{akgua,allegra,rlgvax,sb1,unmvax,ulysses,ut-sally}!gatech!spaf