One Time Pad Encryption The unbreakable encryption method

Transcription

1 One Time Pad Encryption The unbreakable encryption method

2 One Time Pad The unbreakable encryption method One Time Pad encryption is a very simple, yet completely unbreakable cipher method. It has been used for decades in mils electronic cipher systems for encrypting our customers sensitive data. Over the years, we have perfected the implementation of One Time Pad encryption into our products. Today, high levels of automation, high capacity storage media, continuous key protection, and huge One Time Pads provide our customers with outstanding communication security without sacrificing convenience. This document will help you understand how One Time Pad can ensure complete privacy for your sensitive information. Characteristics of the One Time Pad encryption method The One Time Pad encryption method is a binary additive stream cipher, where a stream of truly random keys is generated and then combined with the plain text for encryption or with the cipher text for decryption by an exclusive OR (XOR) addition. It is possible to prove that a stream cipher encryption scheme is unbreakable if the following preconditions are met: A The key must be as long as the plain text. B The key must be truly random. C The key must only be used once. The One Time Pad implementation in mils electronic s products fulfills all these requirements and therefore provides absolute protection for our customers sensitive information.

3 Components of the OTP encryption Truly random key generation For One Time Pad encryption, a truly random key stream must be employed. The word random is used in its most literal sense here. In mils electronic products, all keys are exclusively generated by a True Random Noise Source. This Noise Source is incorporated into the hardware security token of each mils electronic application. As it is part of the security token, it is protected against all manipulation and tampering attempts and provides a very high key generation speed. Oscillator ring 1 Oscillator ring 2 Oscillator ring n Combination stage Random bits The random noise source derives its randomness by sampling a set of parallel ring oscillators, a reliable technology for obtaining genuine randomness. This technique uses timing jitter and oscillator drift found in free-running CMOS ring oscillators as a source of randomness. Timing jitter is a random phenomenon caused by the thermal noise and local voltage variations present at each transistor of a ring oscillator. Local variations in voltage and temperature will cause each ring to oscillate faster (or slower) over time - resulting in a random drift relative to the other rings. As the frequency of each oscillator randomly drifts with each cycle, the output stream becomes random relative to the lower frequency sampling rate.

4 The One Time Pad encryption process One Time Pad keys are used in pairs. The keys are distributed securely prior to encryption. One copy of the key is kept by the sender and one by the recipient. The confidentiality and authenticity of the One Time Pad keys can be guaranteed thanks to the continuous protection during their distribution and storage. Therefore, outsiders will not be able to misuse the key (e.g. by copying or altering the key during distribution) Plain text 0 Cipher text Exclusive OR function One Time Pad Generated by the True Random Noise Source A To encrypt plain text data, the sender uses a key string equally long as the plain text. The key is used by mixing (XOR-ing) bit by bit, always adding one bit of the key with one bit of the plain text to create one bit of cipher text. B This cipher text is then sent to the recipient. C At the recipient s end, the encoded message is mixed (XOR-ed) with the duplicate copy of the One Time Key and the plain text is restored. D Both sender s and recipient s keys are automatically destroyed after use, so that erroneous re-application of the same key is impossible.

5 Why is One Time Pad encryption unbreakable? The popular scientific explanation Cipher text KNQX L ZRV Key 1 ZCVPQ I T A YES COME, Plain text 1 (meaningful) Key 2 HSUXZRAV CPQXAT I F Plain text 2 (meaningless) Key 3 E T DYHCNX HZAUHPSE Plain text 3 (meaningless) Key 4 L F ZRX I BH S T AY OF F Plain text 4 (meaningful) Exclusive OR function The brute force attack With One Time Pad encryption, the key used for encoding the message is completely random and is as long as the message itself. That is why the only possible attack to such a cipher is a brute force attack. Brute force attacks use exhaustive trial and error methods in order to find the key that has been used for encrypting the plain text. This means that every possible combination of key bits must be used to decrypt the cipher text. The correct key would be the one that produces a meaningful plain text. Unlimited computing power is useless Let s assume an eavesdropper has intercepted a One Time Pad encrypted message and that he has unlimited computing power and time. For example, typical messages are at least 200 bytes long, requiring the testing of bits. Even if the eavesdropper is both willing and able to do this, the following paragraph will describe why unlimited computational power will not compromise the system. Attackers must try every possible key Since all One Time Keys are equally likely and come from a completely unpredictable noise source that is proven to be random, the attacker has to test all possible key strings. Impossible to guess the right plain text If he used every possible key string to decrypt the cipher text, all potential plain text strings with the same length as the original plain text would appear. As illustrated above, most of these potential plain text strings would make no sense; however, every meaningful string the same length as the original plain text would also appear as a potential plain text string. Without knowing the applied OTP, the eavesdropper has no way of finding out which meaningful string is the original plain text. Thus, trying all possible keys doesn t help the attacker at all, because all possible plain texts are equally likely decryptions of the cipher text.

6 Why is One Time Pad encryption unbreakable? The mathematical proof DEFINITION A noise source is called a True Random Noise Source or fulfills the true random property if for all any generated key sequence for all satisfies (1) THEOREM: Unconditional security of One Time Pad For a cipher system with a true random noise source, the One Time Pad cipher is perfectly secret. PROOF First, we determine the length of the plain text by. Let denote the plain text and the One Time Pad generated by the true random noise source. The resulting cipher text is calculated by, i.e. for all. A system is called perfectly secret or unconditionally secure if for all for all (2) is satisfied. For we conclude from equation (2) and. (3)

7 We get for all and by using the law of total probability and the true random property of the noise source (4) By again applying the true random property of the noise source and equation (2) for we obtain and (5) From the definition of conditional probability follows for all and all (6) and (7) and thus we get (8) From equation (5) and equation (4) we deduce equation (8) simplifies to and thus for all. Hence, the mathematical proof is complete.

8 Further reading Schneier, Bruce: Applied Cryptography: Protocols, Algorithms, and Source Code in C. 1996, John Wiley and Sons, Inc. New York, Chichester, Brisbane, Toronto, Singapore

9 Menezes, Alfred J., Paul C. van Oorschot, and Scott A. Vanstone: Handbook of Applied Cryptography 1997, CRC Press Boca Raton, New York, London, Tokyo

10 The history of One Time Pad encryption The One Time Pad encryption method is nothing new. In 1882, Frank Miller was the first to describe the One Time Pad system for securing telegraphy. In 1917, Gilbert Vernam invented a cipher solution for a teletype machine. U.S. Army Captain Joseph Mauborgne realized that the character on the key tape could be completely random. Together, they introduced the first One Time Pad encryption system. Since then, One Time Pad systems have been widely used by governments around the world. Outstanding examples of a One Time Pad system include the hot line between the White House and the Kremlin and the famous Sigsaly speech encryption system. Another development was the paper pad system. Diplomats had long used codes and ciphers for confidentiality. For encryption, words and phrases were converted to groups of numbers and then encrypted using a One Time Pad. The famous patent for the Secret Signaling System from Each character of a message was combined with a character on a paper tape key. Frank Miller Gilbert Vernam Joseph Mauborgne

11 mils electronic s OTP history OTP encryption has always played an essential role in mils electronic s product philosophy. When the company was founded in the late 1940s, OTP was the only applied encryption method. The TT-360 Tape Mixer was one of the first electro-mechanical cipher machines which the company developed and sold. TT-360 Tape Mixer OTP Cipher Disk Although unbreakable, OTP encryption is so simple that you can even employ it manually. We therefore often give a OTP Cipher Disk to our customers as a gift. When used correctly, it s a powerful tool to create short unbreakable messages. M640 Tape Mixer M730 Cipher Machine with MilsCard M830 Cipher Machine MilsOne Client with OneQube With the invention of microprocessor technology, OTP encryption was complemented by algorithm based encryption in the M640 Tape Mixer or the M830 Cipher Machine. The usability of OTP was drastically increased by software based development. With the invention of the personal computer it was necessary to remove the sensitive parts of OTP encryption from the PC into dedicated security hardware, like the MilsCard of the M730 Cipher Machine. Today, the entire OTP storage and encryption process is handled by the OneQube, the hardware token of MilsOne. With its fully automated OTP usage and 29 GB of OTP storage it represents the state-of-the-art OTP implementation.

12 mils electronic gesmbh & cokg leopold-wedl-strasse mils austria t f info@mils.com TEC-OTP-04e