OTP(One Time Pad)
박서경The One-Time Pad (OTP) is the only symmetric cipher that offers theoretical perfect secrecy. No matter how powerful the attacker, it's impossible to derive the plaintext from the ciphertext alone—if the key is truly random, used only once, and kept secret.
🔐 What Is the One-Time Pad?
Definition: The One-Time Pad takes a plaintext PP, a random key KK of the same length, and outputs ciphertext C using bitwise XOR:
C=P⊕K
Decryption: Simply XOR the ciphertext with the same key:
P=C⊕K
XOR property:
A⊕B⊕B=A. So XOR-ing the same key twice cancels it out.
🧮 Example
Plaintext PP:
01101101Key KK:
10110100Ciphertext CC:
01101101 ⊕ 10110100 = 11011001Decryption:
11011001 ⊕ 10110100 = 01101101
🚨 Rule #1: Never reuse the key
If the same key is used for two messages:
C1=P1⊕K, C2=P2⊕K
⇒C1⊕C2=P1⊕P2
This reveals the XOR of the two plaintexts—leaking critical information. If an attacker knows one plaintext, they can fully recover the other.
💡 Advantages
| Feature | Description |
| Security | Perfect secrecy (unbreakable) |
| Speed | Extremely fast (XOR is cheap) |
| Simplicity | Very simple algorithm |
⚠️ Practical Limitations
| Issue | Explanation |
| Key length | The key must be as long as the message |
| Key reuse | Keys must be truly random and used only once |
| Key sharing | Securely transmitting the key itself is a separate challenge |
| Storage | To encrypt 1TB, you need a separate 1TB of random key storage |
📜 Real-World Usage
Used by British SOE in WWII, KGB spies, NSA, and even Swiss bankers
Still used today in ultra-secure environments
🔐 Why Is the One-Time Pad Secure?
The One-Time Pad (OTP) is the only known cipher that offers perfect secrecy—a guarantee that not even an attacker with infinite computing power can learn anything about the plaintext just by seeing the ciphertext.
📐 Claude Shannon’s Proof of Perfect Secrecy
In the 1940s, Claude Shannon, the father of information theory, formally proved that perfect secrecy is only possible if:
The key is truly random
The key is at least as long as the plaintext
The key is used only once
This is the core of the One-Time Pad's security.
🧠 Why Is It Secure?
The core idea is simple:
If the key KK is random, then the ciphertext C=P⊕KC=P⊕K is also random from the attacker’s perspective—because XORing any fixed string with a truly random string produces a uniformly random result.
For example:
The probability that the first bit of a truly random key XORed with a plaintext bit equals 0 is ½
This holds for every bit independently
Therefore, every possible plaintext of the same length remains a valid guess
In short:
Without knowing the key, every plaintext is equally likely.
🎯 Example
If a ciphertext is 128 bits long:
There are 21282128 possible plaintexts.
If the key is also 128 bits and randomly chosen, an attacker cannot eliminate a single possibility.
But if the key is only 64 bits:
The attacker can try all 264264 keys and rule out the rest.
That leaks information—perfect secrecy is broken.
⚠️ Why It’s Not Practical
| Requirement | Challenge |
| Random key | Must be as long as the message |
| One-time use | Key reuse breaks security |
| Secure distribution | Must send the key securely first |
Imagine encrypting a 1TB drive—you’d need 1TB of random key stored and securely shared.
✅ Summary
| Item | Description |
| Encryption | C=P⊕K |
| Decryption | P=C⊕K |
| Security | Perfect secrecy |
| Conditions | Key = random, same length as message, used once |
| Drawback | Highly impractical for most modern use cases |
✅ Summary
| Feature | One-Time Pad |
| Security | Perfect secrecy (proven) |
| Key requirement | Random, same length as plaintext |
| Reuse | Absolutely not allowed |
| Practicality | Low — only used in rare scenarios |
Next up: how modern encryption achieves practical security without massive keys.
Subscribe to my newsletter
Read articles from 박서경 directly inside your inbox. Subscribe to the newsletter, and don't miss out.
Written by