# Understand the Security of One Time Pad and how to Implement it in Python

## What is a One Time Pad?

A One Time Pad is a information-theoretical secure encryption function. But what does that mean?

On a high level the One Time Pad is a simple XOR function that takes the input and xor’s that with a key-stream.

Encryption and decryption are identical.

• Encryption: Takes the plaintext and the key-stream and xor’s it to get the cipher text.
• Decryption: Takes the cipher text and the (same) key-stream and xor’s it to get the plaintext.

Some requirements of the One Time Pad are.

• Key-stream should only be used once.
• Key-stream should only be known by the sender and the receiver.
• Key-stream should be generated by true randomness

Hence, the requirement are only on the key-stream, which obviously is the only input to the algorithm.

The beauty of the algorithm is the simplicity.

## Understand the Security of the One Time Pad

The One Time Pad is information-theoretical secure.

That means, that even if the evil adversary had infinite computing power, it could not break it.

The simples way to understand why that is the case is the following. If an adversary catches an encrypted message, which has length, say 10 characters. It can decrypt to any message of length 10.

The reason is, that the key-stream can be anything and is a long as the message itself. That implies, that the plaintext can be possible message of 10 characters. If the key-stream is unknown, then the cipher text can decrypt to any message.

## Implementation in Python

Obviously, we have a dilemma. We cannot generate a key like that in Python.

The actual implementation of the One Time Pad is done by a simple xor.

```def xor_bytes(key_stream, message):
return bytes([key_stream[i] ^ message[i] for i in range(length)])
```

Of course, this requires that the key_stream and message have the same length.

It also leaves out the problem of where the key_stream comes from. The problem is, that you cannot create a key_stream with the required properties in Python.

## Demonstrate the security in Python

If you were to receive a message encrypted by a One Time Pad, then for any guess of the plaintext, there is a matching key-stream to get it.

See the code for better understanding it.

```def xor_bytes(key_stream, message):
length = min(len(key_stream), len(message))
return bytes([key_stream[i] ^ message[i] for i in range(length)])

cipher
# cipher is the cipher text
# len(cipher) = 10
# If we guess that the plaintext is "DO ATTACK"
# Then the corresponding key_stream can be computes as follows
message = "DO ATTACK"
message = message.encode()
key_stream = xor_bytes(message, cipher)

# Similar, if we guess the plaintext is "NO ATTACK"
# Then the corresponding key_stream can be computes as follows
message = "NO ATTACK"
message = message.encode()
guess_key = xor_bytes(message, cipher)
```

## Conclusion

While One Time Pads are ideal encryption system, they are not practical. The reason is, that there is no efficient way to generate and distribute a true random key-stream, which is only used once and not known by others than sender and receiver.

The Stream Cipher is often used, as a compromise for that. Examples of stream ciphers are A5/1.

## Learn Python

Learn Python A BEGINNERS GUIDE TO PYTHON

• 70 pages to get you started on your journey to master Python.
• How to install your setup with Anaconda.
• Written description and introduction to all concepts.
• Jupyter Notebooks prepared for 17 projects.

Python 101: A CRASH COURSE

1. How to get started with this 8 hours Python 101: A CRASH COURSE.
2. Best practices for learning Python.
4. A chapter for each lesson with a descriptioncode snippets for easy reference, and links to a lesson video.

## Expert Data Science Blueprint

Expert Data Science Blueprint

• Master the Data Science Workflow for actionable data insights.
• A chapter to each lesson with a Description, Learning Objective, and link to the lesson video.

## Machine Learning

Machine Learning – The Simple Path to Mastery

• How to get started with Machine Learning.
• One chapter for each lesson with a Description, Learning Objectives, and link to the lesson video.

### 2 thoughts on “Understand the Security of One Time Pad and how to Implement it in Python”

1. Length is not defined

2. 