Jump to content
Main menu
Main menu
move to sidebar
hide
Navigation
Main page
Recent changes
Random page
Help about MediaWiki
Special pages
Niidae Wiki
Search
Search
Appearance
Create account
Log in
Personal tools
Create account
Log in
Pages for logged out editors
learn more
Contributions
Talk
Editing
One-time pad
(section)
Page
Discussion
English
Read
Edit
View history
Tools
Tools
move to sidebar
hide
Actions
Read
Edit
View history
General
What links here
Related changes
Page information
Appearance
move to sidebar
hide
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Authentication=== As traditionally used, one-time pads provide no [[authentication|message authentication]], the lack of which can pose a security threat in real-world systems. For example, an attacker who knows that the message contains "meet jane and me tomorrow at three thirty pm" can derive the corresponding codes of the pad directly from the two known elements (the encrypted text and the known plaintext). The attacker can then replace that text by any other text of exactly the same length, such as "three thirty meeting is cancelled, stay home". The attacker's knowledge of the one-time pad is limited to this byte length, which must be maintained for any other content of the message to remain valid. This is different from [[malleability (cryptography)|malleability]]<ref>{{cite book|url=https://books.google.com/books?id=ySZwUT4nyPsC&q=malleable+one+time+pad&pg=PR1|title=Information Theoretic Security: Third International Conference, ICITS 2008, Calgary, Canada, August 10β13, 2008, Proceedings|first=Reihaneh|last=Safavi-Naini|year=2008|publisher=Springer Science & Business Media|via=Google Books|isbn=978-3540850922}}</ref> where the plaintext is not necessarily known. Without knowing the message, the attacker can also flip bits in a message sent with a one-time pad, without the recipient being able to detect it. Because of their similarities, attacks on one-time pads are similar to [[Stream cipher attacks|attacks on stream ciphers]].<ref name=":0">{{Cite web |last=Boneh |first=Dan |title=Attacks on Stream Ciphers and The One Time Pad - Course overview and stream ciphers |url=https://www.coursera.org/lecture/crypto/attacks-on-stream-ciphers-and-the-one-time-pad-euFJx |access-date=2022-03-21 |website=Coursera |language=en}}</ref> Standard techniques to prevent this, such as the use of a [[message authentication code]] can be used along with a one-time pad system to prevent such attacks, as can classical methods such as variable length [[padding (cryptography)|padding]] and [[Russian copulation]], but they all lack the perfect security the OTP itself has. [[Universal hashing]] provides a way to authenticate messages up to an arbitrary security bound (i.e., for any {{nowrap|''p'' > 0}}, a large enough hash ensures that even a computationally unbounded attacker's likelihood of successful forgery is less than ''p''), but this uses additional random data from the pad, and some of these techniques remove the possibility of implementing the system without a computer.
Summary:
Please note that all contributions to Niidae Wiki may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Encyclopedia:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)
Search
Search
Editing
One-time pad
(section)
Add topic
