Learn how you can become a Python programmer in just 12 weeks.

    We respect your privacy. Unsubscribe at anytime.

    Built with ConvertKit

    Understand the Security of One Time Pad and how to Implement it in Python

    by

    What is a One Time Pad?

    A One Time Pad is a information-theoretical secure encryption function. But what does that mean?

    On a high level the One Time Pad is a simple XOR function that takes the input and xor’s that with a key-stream.

    One Time Pad illustrated.
    One Time Pad illustrated.

    Encryption and decryption are identical.

    • Encryption: Takes the plaintext and the key-stream and xor’s it to get the cipher text.
    • Decryption: Takes the cipher text and the (same) key-stream and xor’s it to get the plaintext.

    Some requirements of the One Time Pad are.

    • Key-stream should only be used once.
    • Key-stream should only be known by the sender and the receiver.
    • Key-stream should be generated by true randomness

    Hence, the requirement are only on the key-stream, which obviously is the only input to the algorithm.

    The beauty of the algorithm is the simplicity.

    Understand the Security of the One Time Pad

    The One Time Pad is information-theoretical secure.

    That means, that even if the evil adversary had infinite computing power, it could not break it.

    One Time Pad is unbreakable - it is information-theoretical secure.
    One Time Pad is unbreakable – it is information-theoretical secure.

    The simples way to understand why that is the case is the following. If an adversary catches an encrypted message, which has length, say 10 characters. It can decrypt to any message of length 10.

    The reason is, that the key-stream can be anything and is a long as the message itself. That implies, that the plaintext can be possible message of 10 characters.

    If the key-stream is unknown, then the cipher text can decrypt to any message.
    If the key-stream is unknown, then the cipher text can decrypt to any message.

    Implementation in Python

    Obviously, we have a dilemma. We cannot generate a key like that in Python.

    The actual implementation of the One Time Pad is done by a simple xor.

    def xor_bytes(key_stream, message):
    return bytes([key_stream[i] ^ message[i] for i in range(length)])

    Of course, this requires that the key_stream and message have the same length.

    It also leaves out the problem of where the key_stream comes from. The problem is, that you cannot create a key_stream with the required properties in Python.

    Demonstrate the security in Python

    If you were to receive a message encrypted by a One Time Pad, then for any guess of the plaintext, there is a matching key-stream to get it.

    See the code for better understanding it.

    def xor_bytes(key_stream, message):
    length = min(len(key_stream), len(message))
    return bytes([key_stream[i] ^ message[i] for i in range(length)])

cipher
# cipher is the cipher text
# len(cipher) = 10
# If we guess that the plaintext is "DO ATTACK"
# Then the corresponding key_stream can be computes as follows
message = "DO ATTACK"
message = message.encode()
key_stream = xor_bytes(message, cipher)

# Similar, if we guess the plaintext is "NO ATTACK"
# Then the corresponding key_stream can be computes as follows
message = "NO ATTACK"
message = message.encode()
guess_key = xor_bytes(message, cipher)

    Conclusion

    While One Time Pads are ideal encryption system, they are not practical. The reason is, that there is no efficient way to generate and distribute a true random key-stream, which is only used once and not known by others than sender and receiver.

    The Stream Cipher is often used, as a compromise for that. Examples of stream ciphers are A5/1.

    Python Circle

    Do you know what the 5 key success factors every programmer must have?

    How is it possible that some people become programmer so fast?

    While others struggle for years and still fail.

    Not only do they learn python 10 times faster they solve complex problems with ease.

    What separates them from the rest?

    I identified these 5 success factors that every programmer must have to succeed:

    1. Collaboration: sharing your work with others and receiving help with any questions or challenges you may have.
    2. Networking: the ability to connect with the right people and leverage their knowledge, experience, and resources.
    3. Support: receive feedback on your work and ask questions without feeling intimidated or judged.
    4. Accountability: stay motivated and accountable to your learning goals by surrounding yourself with others who are also committed to learning Python.
    5. Feedback from the instructor: receiving feedback and support from an instructor with years of experience in the field.

    I know how important these success factors are for growth and progress in mastering Python.

    That is why I want to make them available to anyone struggling to learn or who just wants to improve faster.

    With the Python Circle community, you can take advantage of 5 key success factors every programmer must have.

    Learn more about the Python Circle
    Python Circle
    Python Circle

    Be part of something bigger and join the Python Circle community.

    2 thoughts on “Understand the Security of One Time Pad and how to Implement it in Python”

    Leave a Comment