One-Time Pad: The Only Unbreakable Cipher

simulation intermediate ~6 min
Loading simulation...
10-character message XOR'd with 10-character random key. Key entropy: 80 bits. Each ciphertext byte is uniformly random. Without the key, all 26¹⁰ ≈ 1.4 × 10¹⁴ plaintexts are equally likely.

A 10-character message XOR'd with a 10-character truly random key produces ciphertext with 80 bits of entropy. Without the key, every possible 10-character plaintext is equally likely — perfect secrecy.

Formula

C = M ⊕ K (encryption: XOR message with key)
M = C ⊕ K (decryption: XOR ciphertext with same key)

Perfect Secrecy: A Mathematical Guarantee

In 1949, Claude Shannon — the father of information theory — proved something remarkable: the one-time pad provides perfect secrecy. This means that the ciphertext reveals absolutely zero information about the plaintext, even to an adversary with unlimited computational power. No other practical encryption system makes this claim. AES, RSA, and every modern cipher are computationally secure — they rely on problems being 'hard enough' to solve. The one-time pad is information-theoretically secure: there is literally not enough information in the ciphertext to determine the message.

The XOR Operation

The one-time pad works through XOR (exclusive or), the simplest binary operation. For each bit of the message, XOR it with the corresponding bit of the key: 0⊕0=0, 0⊕1=1, 1⊕0=1, 1⊕1=0. If the key is truly random, each ciphertext bit is equally likely to be 0 or 1, regardless of the message bit. This is why it's perfectly secure: the ciphertext is statistically indistinguishable from random noise. To decrypt, simply XOR the ciphertext with the same key — XOR is its own inverse: (M ⊕ K) ⊕ K = M.

Why Key Reuse Destroys Security

The 'one-time' in one-time pad is not a suggestion — it's a requirement. If the same key encrypts two different messages, an eavesdropper can XOR the two ciphertexts: C1 ⊕ C2 = (M1 ⊕ K) ⊕ (M2 ⊕ K) = M1 ⊕ M2. The key cancels out, revealing the XOR of the two plaintexts. From this, statistical techniques (like frequency analysis on the XOR pattern) can recover both messages. The US VENONA project exploited exactly this flaw: Soviet intelligence accidentally reused one-time pad pages, allowing American cryptanalysts to decrypt thousands of messages over decades.

The Practical Paradox

If the one-time pad is unbreakable, why don't we use it for everything? Because the key must be at least as long as the message, truly random (not pseudorandom), and used only once. To encrypt a 1GB file, you need 1GB of random key material. To encrypt all internet traffic, you'd need a key as long as all internet traffic. And you need a secure channel to transmit these keys — the very problem encryption is supposed to solve. This chicken-and-egg dilemma is why we use computationally secure ciphers (like AES) for most purposes, reserving the one-time pad for the most sensitive communications where key distribution is manageable.

FAQ

What is a one-time pad?

An encryption method where the message is combined (XOR'd) with a random key that is at least as long as the message and used only once. Claude Shannon proved in 1949 that it provides perfect secrecy — the ciphertext reveals absolutely nothing about the plaintext.

Why isn't the one-time pad used everywhere?

Because the key must be as long as the message, truly random, and never reused. Distributing these massive keys securely is the same key distribution problem that public-key cryptography was invented to solve.

What happens if the key is reused?

Security is completely destroyed. XOR-ing two ciphertexts encrypted with the same key yields the XOR of the two plaintexts, from which both messages can often be recovered. This is how the US VENONA project decrypted Soviet intelligence messages.

Was the one-time pad ever used in practice?

Yes — the Moscow-Washington hotline used one-time pad encryption. Soviet intelligence used it extensively (with occasional key reuse, which VENONA exploited). It's still used for the most sensitive diplomatic and intelligence communications.

Sources

Other simulations: Cryptography

visualization

Caesar Cipher Visualizer
simulation

Diffie-Hellman Key Exchange
visualization

Cryptographic Hash Visualizer
calculator

RSA Public Key Encryption

Embed

<iframe src="https://homo-deus.com/lab/cryptography/one-time-pad/embed" width="100%" height="400" frameborder="0"></iframe>
View source on GitHub