One secret at a time


One time one secret (OTP)

A sequence cipher is called one key at a time, which must meet the following conditions:

1. Get the key sequence through the true random number generators_0, s_1, s_2,…;

2. Only legitimate communicators know the key sequence;

3. Each key sequences_iUse only once.

One secret at a time is unconditionally safe

It is proved that OTP is unconditionally safe

For each ciphertext bit, the following equation can be obtained:

y_0 = x_0 + s_0\ mod\ 2\\
y_1 = x_1 + s_1\ mod\ 2\\

Each individual relation is a linear equality module 2 of two unknowns, which cannot be solved. Even if the attacker knowsy_0And he can’t be surex_0The value of. In fact, ifs_0If the probability from a true random source is 50%, then the solutionx_0 = 0andx_0 = 1And the probability of that is exactly the same. The second equation and all the following equations are the same. Please note that ifs_iIf the value of is not a true random number, the situation will be completely different. In that case,x_0, y_0The above equations are not completely independent. Even though it is still very difficult to solve the equation system, it is not provably safe.

The meaning of three conditions:

The first condition means the need for a TRNG, and also means the need for a device that can generate true random bits, such as a device based on semiconductor white noise. As the standard PC does not have TRNG, this requirement may not be so easy to meet, but it can certainly be met.

The second condition means that Alice must pass this random bit to Bob safely.

The third condition is probably the most impractical: the key sequence cannot be reused. This means that each plaintext bit needs a key bit! Therefore, the key length of one key at a time must be the same as the plaintext length, which may be the biggest disadvantage of OTP.

For these reasons, OTP is rarely used in practice. However, it provides a good design idea for secure cipher: if XOR operation is carried out between true random bits and plaintext, the attacker will certainly not be able to crack the ciphertext.

This work adoptsCC agreementReprint must indicate the author and the link of this article