Index ¦ Archives ¦ Atom

The one-time pad is not a perfect cipher

A little bit of knowledge is a dangerous thing.

This will come as no surprise to professional cryptographers but it's a mistake that I see armature cryptographers make over and over again.

When you do crypto 101 you learn that one-time pad provides "Perfect Secrecy" and that it's provably secure, it's mathematically impossible to break it.

But while the one time pad provides perfect secrecy it does not provide integrity. It is therefore vulnerable to a known plaintext attack.

If you know what the message is, you can change it without the change being detected. Consider the following scenario;

In the army Alice has a messenger boy called Malroy who she suspects of being a spy, she wants to send the message to Bob, the General of the army, but she can't trust her messenger. So she writes the message "Execute Malroy Immediately" encrypts it with the one time pad she has shared with Bob and hands Malroy his own (encrypted) death warrant.

As it happens Alice was right, Malroy was a spy and as it happens he knows what the message says and decides he wants to change it to "Promote Malroy Immediately"

Malroy can simply xor "Execute Malroy Immediately" with "Promote Malroy Immediately" and then xor that with the encrypted message to change its continence.

That might seem like a contrived example, and to a degree it is. But known plaintext attacks are a real problem and crop up more often than you might expect. There was a recent attack on LTE which was using AES-CTR which also doesn't provide authenticated encryption. The cryptographers figured out where in the packet the IP address of the DNS server was and they could inject the IP address of their own DNS server without breaking the encryption, and then use their own DNS server to get man-in-the-middle access to phones.

Creative Commons License
Content on this site is licensed under a Creative Commons Attribution 4.0 International License.
Built using Pelican. Based on a theme by Giulio Fidente on github.