0 Up votes0 Down votes

32 views7 pagesthe only unbreakable cypher system - the Vernam cipher or one-time-pad. If properly implemented, this cryptographic system is completely reliable. The usual way this system can be cracked is when the encryption rules are not followed or when social engineering threats occur.

Oct 01, 2014

© © All Rights Reserved

PDF, TXT or read online from Scribd

the only unbreakable cypher system - the Vernam cipher or one-time-pad. If properly implemented, this cryptographic system is completely reliable. The usual way this system can be cracked is when the encryption rules are not followed or when social engineering threats occur.

© All Rights Reserved

32 views

the only unbreakable cypher system - the Vernam cipher or one-time-pad. If properly implemented, this cryptographic system is completely reliable. The usual way this system can be cracked is when the encryption rules are not followed or when social engineering threats occur.

© All Rights Reserved

- InformationSecuirty(Apr 09)
- BITSF463_LECT2
- cryptography
- 2m
- EMPIRICAL STUDY OF ALGORITHMS AND TECHNIQUES IN VIDEO STEGANOGRAPHY
- Online Votes and Fund analysis for political parties with Data Security
- IS623 – Midterm
- An Enhanced Symmetric-key block cipher algorithm to manage network security
- Efficient and Secure Authenticated Key Exchange
- Enhanced Secure E-Gateway using Hierarchical Visual CryptographyE031
- Hiding in Plain Sight. Steganography and
- onion steganography
- Affine Ciphers and Using Modular Arithmetic
- Forgot Password a Double Layer Security for Password Protection (1)
- Forgot Password a Double Layer Security for Password Protection (2)
- Hierarchical Attribute Setpp-libre
- A Novel Authenticated Cipher for RFID Systems
- 08643923
- Course
- Cure53 Tweetnacl Js

You are on page 1of 7

Of all the methods of encryption ever devised, only one has been mathematically

proved to be completely secure. It is called the Vernam cipher or one-time pad.

The worth of all other ciphers is based on computational security. If a cipher is

computationally secure this means the probability of cracking the encryption key

using current computational technology and algorithms within a reasonable time is

supposedly extremely small, yet not impossible. In theory, every cryptographic

algorithm except for the Vernam cipher can be broken given enough ciphertext

and time.

For example the public key cryptosystems such as PGP and RSA are based on

the following :

Calculate an integer N such that it has only two prime number factors f1 and f2.

This triad of integers forms the basis of the encryption and decryption keys used

in PK cryptosystems. The security of these systems is simply based on the

computational difficulty of calculating f2 and f1 from N if N is a very large integer.

To break this cipher N must be factored, and at the time these systems were

devised the best publicly available factoring algorithms would take millions of

years to factor a 200 digit number. This does not logically exclude the possibility of

a new factoring algorithm being discovered, or the existence of a secret factoring

algorithm, or the invention of technology capable of running current factoring

algorithms at high speed.

(Please also click here to view RFC1750 - "Randomness

recommendations for security")

Computationally secure cryptosystems ?

The use of public key cryptosystems has become commonplace, yet should their

widespread presence in itself lead to an unquestioning trust of the security of data

encrypted using these methods? How do you know the cryptosystem you use is

actually safe? Do you understand how it works? Do you think if a Government or

military intelligence institution had a method of breaking cryptosystems they would

announce this fact? Though the security of cryptosystems should be a matter of

importance to anyone with a healthy mistrust of those drawn to positions of power

it is of particular relevance to those activists and dissidents operating within a

society ruled by oppressive governments, dictators or power elites. The

interception and decryption of personal communications can literally be a matter of

life or death to these individuals.

As a result of work on a new form of computational technology known as the

quantum computer a factorisation algorithm now exists to factor giant integers in

The only unbreakable cryptosystem known - the Vernam cipher http://www.pro-technix.com/information/crypto/pages/vernam_...

1 of 7 01/07/2014 6:14 PM

linear time. This was devised in 1994 by Peter Shor from AT&T's Bell Laboratories.

A quantum factorisation engine running Shor's algorithm could factor a one

hundred digit integer in few thousand arithmetic operations, which might well take

only a matter of minutes. Anyone with access to such a machine would easily be

able to read any intercepted message encrypted using a pubic key cryptosystem.

Prototype quantum computers are already operational ( see the Scientific

American article on the NMR quantum computer and this introduction to quantum

computing).

This article contains information on a hardware implementation of a scalable matrix

inversion on time area optimised (SMITH) cryptanalysis device.

Follow this link for the paper "Randomness and the Netscape Browser" by Ian

Goldberg and David Wagner describing their attack on the security of this browser.

This article provides an excellent introduction to the dangers of using deterministic

processes when generating encryption keys.

Finally, for those of you wishing to still place your faith in the experts I recommend

reading about the Data Encryption Standard (DES), the EEF DES cracker

machine, and a possible secret backdoor found within a encryption standard from

the NSA.

The Vernam cipher or one-time pad.

Cryptology is such a complex specialist subject that there seems no choice but to

place your trust in a few individuals with sufficient knowledge to grasp the

underlying principles of supposedly secure cryptosystems. However

understanding the operation of the Vernam cipher is not demanding. Its perfect

security is intuitively obvious.

Using the Vernam cipher

In 1917 during the First World War the American scientist Gilbert Vernam was

given the task of inventing an encryption method the Germans could not break by

AT&T. What was devised was the only provably unbreakable encryption scheme

known to this day. Compared with most cryptosystems it is a very simple. To use a

one-time pad, you need 2 copies of the "pad" ( also known as the key ) which is a

block of truly random data at least as long as the message you wish to encode. If

the data on the pad is not truly random, the security of the pad is compromised.

One-time pads are used in pairs. The more copies of a given pad, the greater the

likelihood is that one may be captured, in which case the message encrypted by

the pad will be compromised. One copy of the pad is kept by each user, and pads

must be exchanged via a secure channel (e.g. face to face on disks or USB keys).

Pads must only be used once.

The fastest method of encrypting and decrypting a message with a one-time pad

is with a computer. If you do choose this method keep the pad on a USB key, CD

or DVD and destroy it completely once used. Supposedly deleted data can be

The only unbreakable cryptosystem known - the Vernam cipher http://www.pro-technix.com/information/crypto/pages/vernam_...

2 of 7 01/07/2014 6:14 PM

retrieved and reconstructed from storage media, so never store pads on your hard

drive or keep the medium holding the pad one it has been used. The message

recipient should apply the same precautions. Using a networked computer for

implementing the encryption/decryption should be avoided because of possible

eavesdropping.

A computer simplifies the process because the message and pad are encoded in

binary. Each character is represented internally by a computer as a unique

combination of zeros and ones called bits, for example the letter 'b' is composed

of the eight bits '1100010'. This binary number is 98 in decimal. To encrypt the

message each bit of each letter in the plaintext is combined with the

corresponding letters' bit in the pad in sequence using a transformation called the

bitwise exclusive or ( abbreviated to XOR ). This simply takes two bits as input and

outputs a single bit according to the following schema :

Input bits Output

bit Message Pad

0 0 0

0 1 1

1 0 1

1 1 0

This operation is performed on each letter in sequence i.e. The first letter of the

plaintext is XORed with the first letter of the pad to produce the first letter of the

ciphertext, then the second letter of the plaintext is XORed with the second letter

of the pad to produce the second letter of the ciphertext and so on.

A basic example :

Suppose you wish to encrypt the message [begin at 17.30] using the pad

[#/KBZaF>TQV^Nc ]. Firstly all the bits in 'b' are XORed with all the bits in '#. This

produces the binary pattern for the character 'A'.

Bit

sequence

for [b]

Bit

sequence

for [#]

Bitwise

XOR [A]

1

1

0

0

0

1

0

0

1

0

0

0

1

1

1

0

0

0

0

0

1

The only unbreakable cryptosystem known - the Vernam cipher http://www.pro-technix.com/information/crypto/pages/vernam_...

3 of 7 01/07/2014 6:14 PM

The same process is repeated for the next letters - '

e' and '/' are XORed to produce 'J'

'g' and 'K' are XORed to produce ',' etc.

To do this manually necessitates that you have a list of all the character binary

codes, which is why a computer is helpful. The completed ciphertext looks like

[AJ,+4A'Jt`ap}S]. By XORing the ciphertext with their duplicate pad, the receiver

regenerates the plaintext. This entire process can be implemented rapidly using

the Vernam.exe program on the downloads page.

You can experimentally verify this procedure as follows :

Produce a mapping table containing the letters of the alphabet, numerals 0

to 4 and the hyphen character. The hyphen character should be used as you

would a space. Assign to each entry an unique bit sequence between 00000

and 11111. A sample table is provided below.

Table 1

Letter

Bit

sequence

Letter

Bit

sequence

a 00000 q 10000

b 00001 r 10001

c 00010 s 10010

d 00011 t 10011

e 00100 u 10100

f 00101 v 10101

g 00110 w 10110

h 00111 x 10111

i 01000 y 11000

j 01001 z 11001

k 01010 0 11010

l 01011 1 11011

m 01100 2 11100

n 01101 3 11101

o 01110 4 11110

p 01111 - 11111

1.

Create a short message to encrypt. Remember to use the hyphen character

as a substitute for a space.

2.

Next generate a random pad of the same length as your message by

throwing a dice twice to index first the rows and then columns of the table

below. If the throws of the dice access an empty cell then simply throw the

3.

The only unbreakable cryptosystem known - the Vernam cipher http://www.pro-technix.com/information/crypto/pages/vernam_...

4 of 7 01/07/2014 6:14 PM

dice again twice until an occupied cell is indexed.

Table 2

- 1 2 3 4 5 6

1 a g m r w 1

2 b h n s x 2

3 c i o t y 3

4 d j p u z 4

5 e k q v 0 -

6 f l -

XOR each bit from each letter of the text with the corresponding bit of the

equivalent pad letter to create the ciphertext. This can be done manually or if

you used the mappings in table 1 the process can be simplified with table 3.

4.

XOR the ciphertext with the pad. You will regenerate the plaintext. 5.

One final test is to XOR the ciphertext with the plaintext. This will reconstruct

the pad.

Table 3

- a b c d e f g h i j k l mn o p q r s t u v w x y z 0 1 2 3 4 5

a a b c d e f g h i j k l m n o p q r s t u v w x y z 0 1 2 3 4 5

b

b a d c f e h g j i l k n m p o r q t s v u x w z y 1 0 3 2 5 4

c c d a b g h e f k l i j o p m n s t q r w x u v 0 1 y z 4 5 2 3

d d c b a h g f e l k j i p o n m t s r q x w v u 1 0 z y 5 4 3 2

e

e f g h a b c d m n o p i j k l u v w x q r s t 2 3 4 5 y z 0 1

f f e h g b a d c n m p o j i l k v u x w r q t s 3 2 5 4 z y 1 0

g

g h e f c d a b o p m n k l i j w x u v s t q r 4 5 2 3 0 1 y z

h h g f e d c b a p o n m l k j i x w v u t s r q 5 4 3 2 1 0 z y

i i j k l m n o p a b c d e f g h y z 0 1 2 3 4 5 q r s t u v w x

j j i l k n m p o b a d c f e h g z y 1 0 3 2 5 4 r q t s v u x w

k k l i j o p m n c d a b g h e f 0 1 y z 4 5 2 3 s t q r w x u v

l

l k j i p o n m d c b a h g f e 1 0 z y 5 4 3 2 t s r q x w v u

mm n o p i j k l e f g h a b c d 2 3 4 5 y z 0 1 u v w x q r s t

n

n m p o j i l k f e h g b a d c 3 2 5 4 z y 1 0 v u x w r q t s

o o p m n k l i j g h e f c d a b 4 5 2 3 0 1 y z w x u v s t q r

p p o n m l k j i h g f e d c b a 5 4 3 2 1 0 z y x w v u t s r q

q

q r s t u v w x y z 0 1 2 3 4 5 a b c d e f g h i j k l m n o p

r r q t s v u x w z y 1 0 3 2 5 4 b a d c f e h g j i l k n m p o

s

s t q r w x u v 0 1 y z 4 5 2 3 c d a b g h e f k l i j o p m n

t t s r q x w v u 1 0 z y 5 4 3 2 d c b a h g f e l k j i p o n m

u u v w x q r s t 2 3 4 5 y z 0 1 e f g h a b c d m n o p i j k l

6.

The only unbreakable cryptosystem known - the Vernam cipher http://www.pro-technix.com/information/crypto/pages/vernam_...

5 of 7 01/07/2014 6:14 PM

v v u x w r q t s 3 2 5 4 z y 1 0 f e h g b a d c n m p o j i l k

w w x u v s t q r 4 5 2 3 0 1 y z g h e f c d a b o p m n k l i j

x

x w v u t s r q 5 4 3 2 1 0 z y h g f e d c b a p o n m l k j i

y y z 0 1 2 3 4 5 q r s t u v w x i j k l m n o p a b c d e f g h

z

z y 1 0 3 2 5 4 r q t s v u x w j i l k n m p o b a d c f e h g

0 0 1 y z 4 5 2 3 s t q r w x u v k l i j o p m n c d a b g h e f

1 1 0 z y 5 4 3 2 t s r q x w v u l k j i p o n m d c b a h g f e

2

2 3 4 5 y z 0 1 u v w x q r s t m n o p i j k l e f g h a b c d

3 3 2 5 4 z y 1 0 v u x w r q t s n m p o j i l k f e h g b a d c

4

4 5 2 3 0 1 y z w x u v s t q r o p m n k l i j g h e f c d a b

5 5 4 3 2 1 0 z y x w v u t s r q p o n m l k j i h g f e d c b a

The security of the Vernam cipher

The one-time pad is unbreakable if used properly. The pad must be composed of

truly random data, it must never be used more than once and it must be kept

secure.

If each key letter in the pad sequence is truly random a cryptanalyst can do no

better than try every possible key letter for every ciphertext message position. This

is a hopeless situation for the attacker because it is equivalent to trying all the

possible messages the key could ever encrypt. Even for a short pad such as the

example given above the number of possible messages is in the region of

200,000,000,000,000,000,000,000. The ciphertext can provide no clues as to which

one of these possibilities is the real message.

Why 'one-time' pad?

A pad should never be reused. As long as the pads are unique and never reused

no statistical analysis or pattern matching techniques can be applied by

cryptanalysts. The fact that the pad can be used only once is the "one time" point

of this cipher.

Soviet intelligence once reused one-time pads years after they had originally been

distributed to field agents in Britain. The British intelligence service noticed some

patterns in coded messages and began searching for comparisons through a

complete archive of all encrypted communications intercepts. Over a period of

years, various secret communications were compromised. This operation took

place under the code word VERONA. See the Wikipedia description of the

VERONA project here for further information.

Randomness and the Vernam cipher

True Randomness

The only unbreakable cryptosystem known - the Vernam cipher http://www.pro-technix.com/information/crypto/pages/vernam_...

6 of 7 01/07/2014 6:14 PM

The other critical aspect of the Vernam cipher is the randomness of the pad

sequence. An event sequence can be said to be truly random if it is impossible to

predict the next event in the sequence even if the entire state of the generating

process up to that point is known. Any deterministic process, such as running

software on a computer, can never produce truly random numbers. The next event

in a computer is completely predictable given the current machine/network/IO

state. ( This ignores the slight probability of a high energy subatomic particle

passing through your CPU or RAM chips and altering the state unpredictably )

Random data for the pad should never be generated purely by software. It must

be gathered by hardware accessing processes of a truly non-deterministic nature.

Radioactive decay and electron tunneling in electronic components are both

non-deterministic phenomena produced by events occurring at the quantum

subatomic level. By gathering and processing the output from Geiger counters or

Zener diodes it is possible to obtain truly random data for the pad. A statistical

study of the available hardware with links to the manufacturers can be found here.

Other resources on cryptological strength random numbers can be found in

Appendix E of the IEEE P1363 Public Key standard. The copy of the Randomness

Recommendations for Internet Security paper available in HTML format from this

site is very informative.

Conclusion

If you are intending to send highly secure or confidential information over

non-secure channels such as telephone, radio or post, and you require absolute

certainty that the ciphertext will not be decrypted if intercepted then there is no

choice but to use the Vernam cipher. This can be implemented using a hardware

true random number generator, a secure computer and some software to rapidly

XOR the data. The software needed is supplied in this site. Manufacturers of the

hardware can be found by following these links :

http://comscire.com/Home/

http://valley.interact.nl/av/com/orion/home.html

http://www.idquantique.com/true-random-number-generator/products-

overview.html

1999 - 2014 Protechnix.

The only unbreakable cryptosystem known - the Vernam cipher http://www.pro-technix.com/information/crypto/pages/vernam_...

7 of 7 01/07/2014 6:14 PM

- InformationSecuirty(Apr 09)Uploaded byMukesh
- BITSF463_LECT2Uploaded bySimran sandhu
- cryptographyUploaded bySubir Maity
- 2mUploaded bysujithamohan
- EMPIRICAL STUDY OF ALGORITHMS AND TECHNIQUES IN VIDEO STEGANOGRAPHYUploaded byJournal 4 Research
- Online Votes and Fund analysis for political parties with Data SecurityUploaded byAnonymous 7VPPkWS8O
- IS623 – MidtermUploaded byAnkitGoyal
- An Enhanced Symmetric-key block cipher algorithm to manage network securityUploaded byAnonymous vQrJlEN
- Efficient and Secure Authenticated Key ExchangeUploaded byIchitsuki
- Enhanced Secure E-Gateway using Hierarchical Visual CryptographyE031Uploaded byijtetjournal
- Hiding in Plain Sight. Steganography andUploaded bymemx
- onion steganographyUploaded byShahid Ali Goharvy
- Affine Ciphers and Using Modular ArithmeticUploaded bySoham Syed
- Forgot Password a Double Layer Security for Password Protection (1)Uploaded byInternational Journal of Innovative Science and Research Technology
- Forgot Password a Double Layer Security for Password Protection (2)Uploaded byInternational Journal of Innovative Science and Research Technology
- Hierarchical Attribute Setpp-libreUploaded byVaralakshmi Harikka
- A Novel Authenticated Cipher for RFID SystemsUploaded byijcisjournal
- 08643923Uploaded bySai Kiran
- CourseUploaded byBoo Cori
- Cure53 Tweetnacl JsUploaded byDevi Mandiri
- Comparative Study on Dynamic Key Management for Cluster based Sensor NetworksUploaded byAshish D Patel
- Wireless Sensor Networks Security Survey Using CryptographyUploaded byAnonymous vQrJlEN
- A Distributed Publisher-Driven - FinalUploaded byGayatri
- JavaSymmetric.pptUploaded byasifmechengr
- Sovrin Glossary—Live VersionUploaded byabhi
- (670926345) Acknowledgement, Abstract n IndexUploaded byMaan Shikha Sarabjeet
- criptographyUploaded byapi-3746880
- The Grey Matter of Securing Android ApplicationsUploaded byВлаткоЛазаревски
- Operational Manual After ApprovalUploaded byWillpower The Happiness
- RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2Uploaded byCharitha Reddy

- D-separation Without TearsUploaded bygschiro
- ARIMA Models for Time Series Forecasting - Introduction to ARIMA ModelsUploaded bygschiro
- The Art of Negative Space - 25 Amazing ExamplesUploaded bygschiro
- Scales and ReliabilityUploaded bygschiro
- The Practice of PsychoAnalysisUploaded byGuillermo Eduardo Santa Cruz
- 10 Essential Selling Principles Most Salespeople Get Wrong - ForbesUploaded bygschiro
- Quality Function Deployment - A Comprehensive ReviewUploaded bygschiro
- Transfer Functions, Eigenvalues and QFD in ConcertUploaded bygschiro
- Sheet Music of the Beethoven Piano Sonata No 17, Opus 312 Tempest IIIUploaded bygschiro
- Are the Skewness and Kurtosis Useful StatisticsUploaded bygschiro
- The Kano Model - Michael D. LiebermanUploaded byintansatwika
- Integrating Quantitative Techniques With Quality Function DeploymentUploaded bygschiro
- The Kano Model - Recent DevelopmentsUploaded bygschiro
- Bayes FactorUploaded bygschiro
- Fitts' LawUploaded bygschiro
- Haldane Speech on Non-normality Bank of EnglandUploaded byNick Gogerty
- Fabry DiseaseUploaded bygschiro
- A Conceptual Framework for Applying LeanUploaded bygschiro
- The Kano Model - A Review of Its Application in Marketing Research From 1984 to 2006Uploaded bygschiro
- Chronicle of Death Foretold for PalestineUploaded bygschiro
- Why the Mind is in the HeadUploaded bygschiro
- A Painless Way to Learn About Systems ThinkingUploaded bygschiro
- Decision Tree Determining Feasibility for Experimental DesignUploaded bygschiro
- The Challenge of U sing the Single-Screw Compressor with SteamUploaded bygschiro
- Social Physics - The Metaphorical Application of Principles of Physics to Social BehaviorUploaded bygschiro

- ADFGX ADFGVXUploaded bycagedraptor
- Web Server Attacks and Mitigation Using SnortUploaded byphilpq
- Cryptographic Tamper EvidenceUploaded byKrish Chaitu
- Micro Payment System (1)Uploaded bysit89
- Sheryl Sandberg testimony to Senate Intelligence CommitteeUploaded byFortune
- Wireless Security: Analysis and Improvement for IEEE 802.11 WLAN StandardUploaded byThanavit Cheevaprabhanant
- Exam 1 Chapters 1-4Uploaded bytarakandi
- I Know What You Did Last LogonUploaded byHarry Palmer
- SENATE HEARING, 113TH CONGRESS - DEPARTMENT OF DEFENSE AUTHORIZATION FOR APPROPRIATIONS FOR FISCAL YEAR 2015 AND THE FUTURE YEARS DEFENSE PROGRAMUploaded byScribd Government Docs
- Writing Penetration Testing Report 33343Uploaded byActforsustainableDevelopment
- 1251 Md5 Collisions 1.0Uploaded byAlvaro Acoria
- Chap 141Uploaded byTaiwo
- Hardening 52Uploaded byMauricio Flores
- Information Systems Misuse Threats&CountermeasuresUploaded byRiskyei
- Vipre Antivirus Premium User GuideUploaded byAmshad Khan
- Darshan SeminarUploaded byThirumalesh
- David Fisher Server 2008 Lab 8Uploaded byDavid G Fisher
- RC6 AttackUploaded byМилош Пантовић
- Security DeliverablesUploaded byjohnny59471503
- NIST RetailUploaded byYogesh Shahdadpuri
- Babington PlotUploaded bydianwiryo
- Malicious SoftwaresUploaded byosef06
- 20 New QuestionsUploaded byDany J. Marroquin
- Threats and Challenges to Global Systems for Mobiles Security PosterUploaded bymodafar_ati
- Sophos EH01 - V1.0 - Engineer Handout - FundamentalsUploaded byPedro Fernandez Mochales
- Palo Alto Networks PCNSE6 Study Guide Feb 2015Uploaded byPartha Dash
- EMIS 528_Assignment(Security in E Commerce)Uploaded byনিশ্চুপ আহাদ
- Chapter-1 Access Control Systems & MethodologyUploaded bynrpradhan
- Building a secure ecosystem for LaserficheUploaded byKyle McGowan
- The Future of Things “Cyber - Gen. Michael V. HaydenUploaded byDavid Hong

## Much more than documents.

Discover everything Scribd has to offer, including books and audiobooks from major publishers.

Cancel anytime.