One Time Pad

The One Time Pad is not a cipher, but in fact is just a large collection of keys. These keys can be used in the encryption and decryption of messages, often using a Vigenère or modular addition method of encryption. The "pad" refers to a real pad of paper - each with an individual, unique key. "One time" refers to the fact that each of these papers would be used once - and only once. The only catch with the one time pad is that each key must be totally randomized, and the message sent using the key must be as long or shorter than the key - it cannot be longer. It was independently developed throughout the late 19th and early 20th centuries by Frank Miller and Gilbert Vernam.

Encoding With a One Time Pad

The Vigenère Method: Encoding a message using a one time pad is no different than using a normal keyword. Just follow the same rules as applied when encoding with the Vigenère cipher.

The Modular Addition Method: Encoding a message using this method is incredibly easy after learning about modulo and modular arithmetic. It simply consists of four steps:

  1. Change each letter of the plaintext into its corresponding place in the alphabet. For instance, A = 1, B = 2, C = 3, and so on. Do the same for the letters of the key.
    • Note: It is common practice to actually begin the alphabet at 0, as in A = 0, B = 1, C = 2, etc. For simplicity, we will not be using this method.
  2. Taking the numbers given from the plaintext, add the numerical values given by the key to them.
  3. Find the value of the number mod 26. For our purposes, think of modular arithmetic as division with remainders. If we have a value x mod y, we divide x/y, and then the remainder of the problem is the mod. However, since in our case, no value will be above 52, the only thing we will have to do is subtract any number that equals or is greater than 26 by 26.
  4. Change those numbers into their resulting letters. This is your encoded text.

Here is an example of encryption with the message "CRYPTO" and the key "HARUEW".

Plaintext:     C      R      Y      P      T      O  
Plaintext:  3 (C) 18 (R) 25 (Y) 16 (P) 20 (T) 15 (O) 
Key:        8 (H)  1 (A) 18 (R) 21 (U)  5 (E) 23 (W) 
Addition:  11 (K) 19 (S) 43 ( ) 37 ( ) 25 (Y) 38 ( )
Modulo 26: 11 (K) 19 (S) 17 (Q) 11 (K) 25 (Y) 12 (L) 
Ciphertext:    K      S      Q      K      Y      L 

Decoding With a One Time Pad

The Vigenère Method: Once again, decoding a message using a one time pad is again not different than using a standards keyword. Simply follow the same rules when decoding using the Vigenère cipher.

The Modular Addition Method: When decoding a message encoded with the modular addition, simply follow the same steps as encryption, but this time, subtract the key from the ciphertext. If a number ends up below 1, add 26.

Why Is The One Time Pad Special?

The One Time Pad is special, since unlike any other cipher in existence, the One Time Pad offers something incredibly unique: absolute guarenteed secrecy. It cannot be broken by any amount of cryptanalysis - no message can ever be intercepted by an enemy, irregardless of time or technology.

Some of you may ask, "How does using a One Time Pad ensure total secrecy, especially given that its method of encoding and decoding aren't that incredibly strong?" There are two things that separate a regular key from a One Time Pad key:

  1. The key is as long as the message. This ensures that the Kaskiski method of breaking Vigenère is ineffective, since no repition occurs.
  2. The key is totally random. This means that there are no exploitable patterns created by human nature, but more importantly, it means that any form of Frequency analysis is completely worthless - there would be an equal distribution of characters.

Imagine a 20-letter long message. That means we must generate a key that is 20 characters long. However, due to the randomness of the key, that means each letter could be any of the 26 characters in the alphabet. That means there are 2620 (ie 19,928,148,895,209,409,152,340,197,376) possible random keys that could be generated. This method of key generation is secure not only because it would take an impossibly long time for any human or computer to brute force every single key, but also in the fact that keys will be generated for other messages of the same length. Let's use our previous example: We have a ciphertext of "KSUKYL". Using our key, that creates the intended message of "CRYPTO", but using different keys, that could easily become "CASTLE" or "BOTTLE". Without context, a cryptanalyst has no way of determining which message was the intended one.

So Why Don't We All Use the One Time Pad?

So if using the One Time Pad offers entirely secure communication, why isn't it used everywhere?

  1. The Impossibility of Random Keys. For the One Time Pad to work effectively, keys must be truly random; however, pure randomness is incredibly difficult to come across in a deterministic universe. A common idea would be to randomly hit letters on a keyboard, but humans are lazy: Eventually, the random keyboard smashing turns into a controlled pattern of a letter from the left hand to a letter from the right hand, etc. While increidbly pedantic, this still gives a cryptanalyst some vulnerability to exploit. Another option is to use natural processes, such as radioactive decay. However, these methods are often too slow and inefficient to create random keys in an effective manner.
  2. The Ever-Lasting Problem of Key Distribution. Even if we could generate truly random keys, the method fails to solve another issue: How are the keys going to be distributed? For the One Time Pad to even work, everyone who needs to decipher a message must have the correct key pad, be using the correct key sheet, and recive the pad at the same time as everyone else who needs one. Not to mention, the pad is a physical object; if an enemy got their hands on one, the entire system falls apart.
  3. History. The One Time Pad was finalized around the early 20th century, just nearing the end of World War I. Even with its merits, the mass coordination needed for the One Time Pad would absolutely break down in the chaotic enviornment of the European trenches. If it was used, hundreds of men would be required just to transport messages and keys to every commander in the field. The One Time Pad would be too unwieldy for real use. The wartime leaders of the World Wars would need ciphers that were hard to break yet simple to implement. The One Time Pad couldn't compete.

However, the One Time Pad has been used in communications that require absolute security between parties. For instance, communications between the Presidents of the United States and Russia are often secured using a One Time Pad. Furthermore, the spread of the internet means that the One Time Pad may possibly become increasingly feasible in the future. So while it remains entirely impractical for common use, it may not be for much longer.


Here is an example of an One Time Pad key that has been used by the National Security Agency of the United States.