How to use one-time pads for secret communications -------------------------------------------------- There is only one cipher system that cannot be cracked by the FBI or NSA - or by anyone else for that matter. That system is the one-time pad. A message encrypted using a one-time pad cannot be broken because the encryption key is a random number and because the key is used only once. A proven system. Intelligence agencies routinely use many different kinds of encryption systems - ranging from mechanical devices to invisible inks to computer software - but for mission critical messages that must be 100% secure they always use a one-time pad. At the height of the cold war during the fifties and sixties, Soviet spies in the USA used one-time pads to communicate with their controllers, usually located inside Russian embassies and consulates. Not a single message was cracked by the FBI or NSA. And none of those messages ever will be cracked. Used by the best. The one-time pad system is still being used today by intelligence agencies like Britain's MI.6, Germany's BND, France's DGSE, Russia's MBRF, and China's Cheng Pao K'o. One-time pads are also being used by resistance groups like Northern Ireland's IRA, France's Action Direct, Uruguay's Tupamaros, Algeria's GIA, Lebanon's Hezbollah, Peru's Shining Path, and Argentina's Monteneros. Inside this article. This article provides practical information that you can use to set up your own one-time pad encryption system. The article describes subtle refinements that you won't find in other books or articles. Our information comes direct from people with hands-on experience. Our two sources are an ex-MI.6 intelligence officer and a former member of Peru's Shining Path guerrillas. (Return to our home page and click on About Us for more on this.) After studying this article you will have all the knowledge you need to set up a 100% secure system of communication that cannot be cracked by the FBI, BATF, DEA, NSA, or any other organization. If you're playing by Big Boys' Rules, the one-time pad will keep you out of the internment camps. BACKGROUND - Cryptography as a science was originally developed by the Arabs. The year 1412 saw the publication of Subh al-a 'sha, a 14-volume encyclopedia written by Shihab al-Din al-Qalqashandi. The text described transposition and substitution ciphers. The Arabs were light-years ahead of the Europeans because their mathematics were more advanced - and cryptography relies heavily on math. While the Europeans were still struggling with Roman Numerals, the Arabs had already discovered the principle of zero. The word cipher is derived from the Arab word al cifr, literally meaning nothing or zero. The one-time pad system itself was perfected in 1917 during the first world war. Random keys were written on sheets of paper that were glued together to form a pad. Each key was used only once - hence the name, one-time pad. Step 1: Create the key... The core of the one-time pad system is the random key. A key is a block of numbers that is used to transform your original message (the plaintext) into a coded message (the ciphertext). Before you can begin to work with a one-time pad system, you need to create a random key. Before you can create a random key, you need a method for converting alphabet characters into numbers. The chart below illustrates a workable system that is simple and easily remembered. BACKGROUND - Government agencies use code-books containing often-used words and phrases that are represented by numbers. For example, rather than encrypting a phrase like safe house 4 to 0916 2698 1402 2004 1301, the coding clerk might simply use 0219. Spies and agents, on the other hand, cannot afford to carry incriminating evidence like bulky code-books, so they use instead the simplified conversion method shown below and spell out every word in full. A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 Now you're ready to create a key. First, write down a series of random alphabet characters, such as HLMSEZRBHPSJOTDW. To make the key easier to work with, break it into blocks of two characters each, thus HL MS EZ RB HP SJ OT DW Now use the conversion table shown above to convert the alphabet characters into numbers. For example H=08 and L=12, so the first block HL becomes 0812. The result is 0812 1319 0526 1802 0816 1910 1520 0423. You've just created your first one-time pad. This is also called the key. (Normally you would create a much longer key than this, enabling you to send a number of messages before the key is used up.) As you use the blocks of numbers to encrypt messages, you would cross out each block you've used. This will ensure that you use a block only once. (We'll simulate crossing out a block by marking squares under it.) 0812 1319 0526 1802 0816 1910 1520 0423 #### You would normally create two copies of the key and provide one copy to your intended recipient. Use the character X to represent a period in your plaintext. Step 2: Format your message... Suppose that the message you want to send is MY SECRET. You would next format your message into blocks of two characters each, yielding MY SE CR ET. Next, use the conversion chart above to convert the alphabet characters into numbers. In the example we're using M=13 and Y=25, so the first block would be 1325. The entire string becomes 1325 1905 0318 0520. You can now see how using blocks makes the text increasingly difficult for anyone to crack, even at this stage. Guidelines... Rule 1 - Numbers. Spell out all numbers in full in your plaintext. For example, 365 becomes THREE SIX FIVE. Rule 2 - Negatives. Always add emphasis to the word NOT in your plaintext. For example, you would write AGENT ALPHA NOT RPT NOT AVAILABLE FOR MEETING TUESDAY, where RPT stands for REPEAT. Rule 3 - Punctuation. Use an X for each period in your plaintext. For example, MESSAGE RECEIVEDX SEND MORE INFOX. All other punctuation must be written out in full. For example, COMMA. Rule 4 - Termination. End your plaintext with XX. If necessary, add dummy characters after XX in order to pad out the message to frustrate cryptanalysis and to conclude on a doublet (ensuring the numeric string ends with four digits). Use a pointer at the beginning of your message to specify the key so your recipient can decrypt the text. Step 3: Encrypt your message... We need some way to indicate to our recipient where the key begins, otherwise he/she won't be able to decrypt. Remember in our earlier example, we created a key and stroked off (squares) the blocks we'd already used. Here's what our key looked like. 0812 1319 0526 1802 0816 1910 1520 0423 #### The starting position in the key is at block 1319. So we'll place the string 1319 at the beginning of our message so the recipient will know how to decrypt. The plaintext message of 1325 1905 0318 0520 becomes 1319 1325 1905 0318 0529 because we place the pointer 1319 at the beginning of the string. We're now ready to encrypt. First we write out the plaintext. Then directly below it we write out the key. Then we add the key to the plaintext using Fibonicci addition. This means we do no carrying. For example, 9 + 2 would yield 1 not 11. And 7 plus 6 would yield 3 not 13. Here's how the spy's working sheet would look. Plaintext 1319 1325 1905 0318 0520 Key -- 0526 1802 0816 1910 Ciphertext 1319 1841 2707 0124 1430 The encrypted message 1319 1841 2707 0124 1430 is ready to be sent to our recipient. And we can sleep peacefully knowing that it cannot be cracked by anyone except the recipient. To decrypt the message, the recipient simply reverses the calculations. Decrypting the message... To decrypt a message, we simply reverse the calculations. We subtract the key from the ciphertext using Fibonicci subtraction. This means we allow no negative numbers. We add 10 if required. For example, 2 - 9 would yield 3 (because we add 10 so that we're able to subtract 9 from 12). The first block in the ciphertext tells our recipient where to start in the key. Here's what the recipient's working sheet looks like. Ciphertext 1319 1841 2707 0124 1430 Key 1319 0526 1802 0816 1910 Plaintext -- 1325 1905 0318 0520 Here's how we subtract 0526 from 1841. The first column is 1 - 0 = 1. The second column is 8 - 5 = 3. The third column is 4 - 2 = 2. The fourth column is 1 - 6 = 5 (because 11 - 6 = 5). Using the conversion chart described earlier, the recipient converts the string of numbers back into alphabet characters. In this example, 13=M and 25=Y, so the first block 1325 converts to MY. The string 1325 1905 0318 0520 becomes MY SE CR ET. The recipient reformats it to become MY SECRET. About security... Provided that an eavesdropper cannot get access to either the sender's or receiver's key, the one-time pad method is 100% secure. No FBI cryptanalyst will ever crack it. No Cray supercomputer running the NSA's cracker software will ever break it. Period. But you need to be prudent about security. Key security. Good security means you must conceal your key in a location where you'll know if it's been tampered with. Usually this means carrying it on your person at all times. Location security. Good security means choosing private locations to encrypt and decrypt your messages. Remember, it's easy for FBI agents or local police to install a pinhole video camera above your desk. When choosing a location, be creative, be unpredictable, and be quick. SURVIVAL TIP - At the first sign of surveillance you must stop working at your desk unless you're absolutely sure there's no way they can gain access to install the video surveillance equipment. In a pinch you can work under your desk until you implement off-site locations. Disposal security. Good security means destroying your working materials after each encryption or decryption. Don't leave anything around for the authorities to work with. This usually means shredding and burning - or ingestion. (Yes, eat the evidence. It saved Kim Philby's bacon early in his career.) Random means just that. The security of your one-time pad system depends on the randomness of the key. Don't use a computer to generate your keys. Do it by hand - and be sure to introduce a second element of randomness into your method by throwing dice or flipping a coin every now and then while you're creating your keys. One-time means just that. Don't use a key more than once. Ever. Even if just a few blocks overlap in two different messages, the NSA cracker software will shift and compare the ciphertext messages until the statistical frequency of characters matches the expected statistics for English language text. Giving the NSA an opening like this is tantamount to setting the fox loose in the hen-house. The perfect system. When used correctly, the one-time pad system provides perfect security for your secret messages. The weakest link is the human element. The first four-digit group is a pointer to the starting place in the one-time pad. How to test your skills... Here is a piece of ciphertext and a one-time pad you can use to verify your new skills. The one-time pad is 0916 0305 2521 2113 0119 0605 1413 2024 0806 0518 1306 0602 1710 2022 0410 0804 2301 2116 1512. The ciphertext is 0119 2110 3521 2739 2026 0113 1414 1527 2231. Remember that the first four-digit group in the ciphertext is a pointer indicating where to begin in the one-time pad. 2110 3521 2739 2026 0113 1414 1527 2231. 0605 1413 2024 0806 0518 1306 0602 1710 2022 0410 0804 2301 2116 1512. --------------------------------------- Copyright ©1998 Lee Adams. All rights reserved. Ascii conversion by: MRF