• DigitalBank Vault

The One Time Pad Encryption Technology of DigitalBank Vault

One-time pad (OTP), also called Vernam-cipher or the perfect cipher, is a crypto algorithm where plaintext is combined with a random key. It is the only existing mathematically unbreakable encryption.

Used by Special Operations teams and resistance groups during WW2, popular with intelligence agencies and their spies during the Cold War and beyond, protecting diplomatic and military message traffic around the world for many decades, the one-time pad gained a reputation as a simple yet solid encryption system with absolute security which is unmatched by today's modern crypto algorithms. Whatever technological progress may come in the future, one-time pad encryption is and will remain, the only truly unbreakable system that provides real long-term message secrecy.

We can only talk about a one-time pad if some important rules are followed. If these rules are applied correctly, the one-time pad can be proven unbreakable (see Claude Shannon's "Communication Theory of Secrecy Systems"). Even infinite computational power and infinite time cannot break one-time pad encryption, simply because it is mathematically impossible. However, if only one of these rules is disregarded, the cipher is no longer unbreakable.

The key is at least as long as the message or data that must be encrypted.

The key is truly random (not generated by a simple computer function or such)

Key and plaintext are calculated modulo 10 (digits), modulo 26 (letters) or modulo 2 (binary)

Each key is used only once, and both sender and receiver must destroy their key after use.

There should only be two copies of the key: one for the sender and one for the receiver (some exceptions exist for multiple receivers)

Try the One Time Pad DigitalBank Vault Encryption System for free, contact us today on

Important note: one-time pads or one-time encryption is not to be confused with one-time keys (OTK) or one-time passwords (sometimes also denoted as OTP). Such one-time keys, limited in size, are only valid for a single encryption session by some crypto-algorithm under control of that key. Small one-time keys are by no means unbreakable because the security of the encryption depends on the crypto algorithm they are used for.

One-time pad encryption is only possible if both sender and receiver are in possession of the same key. Therefore, we need a secure exchange beforehand, physically through a trusted courier, or electronically by a perfect secure system like quantum key distribution. The secure communications are therefore expected and planned within a specific time frame. Enough key material must be available for all required communications until a new exchange of keys is possible. Depending upon the situation, a large volume of keys could be required for a short time period, or little key material could be sufficient for a very long time period, up to years or even decades. One-time pads are especially interesting in circumstances where long-term security is essential. Once encrypted, no single future cryptanalytic attack or technology will ever be able to decrypt the data. In contrast, information that is encrypted with current traditional computer algorithms will not withstand future codebreaking technology and can compromise people or organizations years after.

Although a one-time pad is the only perfect cipher, it has two disadvantages that complicate its use for some specific applications. The first problem is the generation of large quantities of random keys. We cannot produce true randomness with simple mechanical devices or computer algorithms like a computer RND function or stream ciphers. Hardware true random generators, usually based on noise, are the only secure option. The second problem is key distribution. The amount of key needed is equal to the amount of data that is encrypted and each key is for one-time use only. Therefore, we need to distribute large amounts of keys to both sender and receivers in a highly secure way. Of course, it would be useless to send the one-time pads to the receiver by encrypting them with AES, IDEA, or another strong algorithm. This would lower the unbreakable security of the pads to the security level of the algorithm that was used. These are practical problems, but solutions exist to solve these problems for certain applications.

Another disadvantage is that one-time encryption doesn't provide message authentication and integrity. Of course, you know that the sender is authentic because he has the appropriate key and only he can produce a decipherable ciphertext, but you cannot verify if the message is corrupted, either by transmission errors or by an adversary. A solution is to use a hash algorithm on the plaintext and send the hash output value, encrypted along with the message, to the recipient (a hash value is a unique fixed-length value, derived from a message). Only the person who has the proper one-time pad is able to correctly encrypt the message and corresponding hash. An adversary cannot predict the effect of his manipulations on the plaintext, nor on the hash value. Upon reception, the message is deciphered and its content checked by comparing the received hash value with a hash that is created from the received message. Unfortunately, a computer is required to calculate the hash value, making this method of authentication impossible for a purely manual encryption.

One-time pad encryption nevertheless has an important future. Eventually, computational power and advances in technology will surpass the mathematical capabilities to provide strong encryption and only information-theoretical secure encryption will survive the evolution of cryptology. Just as classical pencil-and-paper ciphers were rendered useless with the advent of the computer, so will current computer algorithms, based on mathematical complexity, become victim to the evolution of technology, and that moment might creep on us much faster than we expect. One-time pad, still the only information-theoretical secure encryption, will survive any evolution in codebreaking.

Technology and science must then provide more practical solutions for mass key distribution. This can be a modern mass storage version of the briefcase with handcuffs that can easily exchange many Terrabytes of key bytes or the quantum key distribution (QKD) which is already in use today. QKD and one-time pad are a perfect combination. ECOQC in Vienna, Austria, was in 2008 the first-ever QKD protected network. The current DARPA Quantum network has ten nodes. ID Quantique, QuintessenceLabs, and SeQureNet are some of the commercial firms that currently offer QKD networks. One-time pad encryption will continue to provide secure encryption in the future, as it does today, and has done in the past.

The current precarious state of Internet security is where the limited use of one-time pad encryption for specific purposes comes into play. One might have found it ridiculous in our high-tech world if it wasn’t for the current disastrous state our privacy is in today. Indeed, even the pencil and paper one-time pad still provides a practical encryption system for small volumes of critical private communications. The correspondents can perform all simple calculations by hand, safely send their encrypted message over an insecure channel and nobody will ever be able to decipher it. Not even three-letter organizations. It's also the only crypto algorithm that we can really trust today because it doesn't require today's inherently insecure computers, connected to untrustworthy networks.

1 view0 comments