Newsgroups: sci.crypt
Path: utzoo!henry
From: henry@utzoo.uucp (Henry Spencer)
Subject: Re: One time pads?
Message-ID: <1988Feb15.151522.5094@utzoo.uucp>
Organization: U of Toronto Zoology
References: <4209@june.cs.washington.edu>
Date: Mon, 15-Feb-88 15:15:13 EST

"One-time pad" is the generic term for cryptosystems in which the encryption
key is the same length as the message, consists of random bits, and is not
generated in any systematic way or re-used later.  The pencil-and-paper
version uses a pad of paper preprinted with random numbers; when you have
used all of the numbers on the top sheet, you tear it off and destroy it.
Hence the name.

The advantage is that it is inherently unbreakable:  there is (provably) not
enough information in the transmitted message to permit cryptanalysis.  The
disadvantage is that you need a volume of key text equal in size to the
volume of message text -- any attempt at re-use, systematic generation of
key text from smaller keys, derivation of keys from non-random sources (e.g.
the text of a book), etc., destroys the inherent unbreakability.

(One can view cryptosystem design as the art of devising algorithms that
generate masses of very-random-looking key text from small input keys, and
cryptanalysis as the art of finding and exploiting the subtle non-random
patterns that the algorithms leave.)

One-time systems are routinely used for diplomatic communications, where
diplomatic pouches can be used to ship key-text tapes around.  Use for
other purposes usually runs into practical difficulties.  As I recall, the
Soviets are fond of using one-time pads for spy communications, although
this is a double-edged sword:  the messages cannot be decrypted but the
substantial pads of random numbers pose concealment problems.
-- 
Those who do not understand Unix are |  Henry Spencer @ U of Toronto Zoology
condemned to reinvent it, poorly.    | {allegra,ihnp4,decvax,utai}!utzoo!henry