I'm pretty sure the original idea of the one-time-pad didn't involve ACSII and binary. The system was such that it could be easily done on a piece of paper by hand.
It may not have used ASCII specifically (numbers may have been different), but it would've worked exactly the same. The ASCII version, and any other character coded system can be done on paper (I had to do that for this video actually).
OTP was mainly used by Secret services. Agents were given a sheet of numbers (The equivalent to the key here) with which they could decrypt secret messages.
ENCRYPT: (msgcharvalue + otpcharvalue) - 1 DECRYPT: (encryptcharvalue - otpcharvalue) + 1 If a result is more than the character set length or is less than zero then mod it by character set length.
So if there was an agent in the field, they might be given a OTP in person before leaving, then if and when a message needs to be sent, they could just broadcast it publicly in complete confidence?
Yes, so old wartime schemes you would leave with a physical ciphertext, and using that ciphertext you can just broadcast out in public over radio. Often different ciphertexts were given to people of different ranks so that messages could only be read by specific people in the field depending on the operation.
What binary translation are you using to get your numbers? If your ASCII strings are, for example, 51 for the plain text first letter and 101 for the pad first letter, then the binary conversion will be of a differing length? You can't do XOR with differing string lengths of binary.
This is actually a good point. I should have mentioned it during the video. If you watch the animation from 3:55 onward you will see every number is left-padded (add 0's to the left) to 8 bits. So every number is 1 byte, and if it can be stored in less bytes then it's just less efficient. This is because ASCII is a fixed-length encoding, whereas something like Unicode makes this more complicated. Hope that makes sense
There are essentially an infinite number of ways to do this. These could include any form of network interaction like sending messages back and forth via WIFI, all the way to printing the details out and doing it by hand would work. That section of the protocol allows for a ton of leniency to implement however works best for you.
But if Eve has the pad and ciphertext then she can easily decrypt it, right? And it is usually the case that the pad and ciphertext are public, isn't it?
The pad in this example is typically the thing that is kept secret or is somehow obfuscated. This means the content itself can be distributed publicly without worry, and the only thing you need to keep safe is the pad. Likewise it means you can use the same pad for multiple pieces of content (VERY NOT IDEAL security wise) which means you only have to keep 1 thing private and everything else after that can just be distributed publically. Alternatively it can be distributed with some sort of encryption that then has a handshake to allow the decryption key to be distributed. For example you might distribute an encrypted pad over a public channel, but it is locked behind a 16 digit password that was transferred using something like the Diffie-Hellman key exchange (github.com/Descent098/Diffie-Hellman), or even just setup a secure connection with something like SSL (www.ssl.com/faqs/faq-what-is-ssl/) using a key exchange to distribute the pad privately.
There isn't any specific way to do this, ideally this is a step you would do "in-private", since if you do it "in-public" this part would need to be secured somehow (no specifics given in the OTP protocl). If eve is able to get ahold of the pad while in transfer then the whole system is no longer secure. One option is to do public-key exchange and then encrypt the pad with a key when you send it. Something like diffie-hellman can do this, which I created a repo to explain here: github.com/descent098/diffie-hellman Thanks for watching!
I read on Wikipedia that it is the only encryption mechanism that is not breakable no matter what quantum computer together with any mathematical decryption algorithms is used. Is that correct? If so, then is this the ultimate encryption system?
The version I explained in my video is not quantum secure afaik. I think you could make it EFFECTIVELY quantum secure if your note is long enough, but the protocol itself is not secure against quantum attacks. There are versions of the one-time pad that could be, but they're more complicated. I think what you're referring to is when people call the one time pad a "perfectly secret" scheme. All this means is that the ciphertext we use doesn't leak any information, meaning there are no side channel attacks. This is all a fancy way to say that you can't get information AT ALL about the content you're trying to encrypt, from how you encrypted it. Other methods will use the source text to generate their encryption, and so they are not "perfect secret" schemes. I can't cite sources in a youtube comment but if you google "perfect secrecy" there is a video on khan academy, and one on wolfram U that will explain the concept well. For post-quantum security there's a good channel called Chalk Talk here on youtube that cover quantum secured approaches like lattice-based cryptography.
The version I explained in my video is not quantum secure afaik. I think you could make it EFFECTIVELY quantum secure if your note is long enough, but the protocol itself is not secure against quantum attacks. There are versions of the one-time pad that could be, but they're more complicated. I think what you're referring to is when people call the one time pad a "perfectly secret" scheme. All this means is that the ciphertext we use doesn't leak any information, meaning there are no side channel attacks. This is all a fancy way to say that you can't get information AT ALL about the content you're trying to encrypt, from how you encrypted it. Other methods will use the source text to generate their encryption, and so they are not "perfect secret" schemes. I can't cite sources in a youtube comment but if you google "perfect secrecy" there is a video on khan academy, and one on wolfram U that will explain the concept well. For post-quantum security there's a good channel called Chalk Talk here on youtube that cover quantum secured approaches like lattice-based cryptography.
Since this video is getting more popular, I will give people some other cryptography topics, and links that have come up in the comments: - History of OTP - It was used heavily before computers in wartime where people would be physically given a sheet of paper for the ciphertext, and then messages would be sent out over public radio frequencies to soldiers to get their orders - Crib Dragging - This is a method that allows you to break the one time pad if you know some of the contents that are in the text - Public Key cryptography; This is how all your connections on the internet are secured - Diffie Hellman is the most popular of these schemes - I have an explainer for this on my github at github.com/descent098/diffie-hellman - Post Quantum Cryptography - Lattice-based encryption - Chalk Talk is a good channel on youtube for info about this - Encodings - What we did with the binary numbers to letters is called an encoding, there are a bunch of popular ones - UTF-8; The most commonly used encoding for text these days
For a video like this Unicode is unwieldy, this is meant to be an intro not a how-to necessarily. The primary purpose of this video was for a course I took where the prof wanted a teaching utility to show people about the protocol. ASCII is just simple because it's a small enough collection to do by hand while being expressive enough to be useful. In the real world the character encodings themselves get incredibly annoying to deal with (especially with bloody emoji's), and Unicode would be better especially for languages other than English. Thanks for watching!
whoa! after searching for hours finally you made it crystal clear. thank you buddy. you the man
you are amazing in teaching simple and straight to the point and making it funny at the same time. thank you for your time!
Amazing , super clear and precise! Thank you! :D
thanks for the clear explanation. much appreciated
Nice explanation of OTP. Thanks.
Dude I love this, thanks
beautiful animations
very well explained
great video ..thank you so much
I'm pretty sure the original idea of the one-time-pad didn't involve ACSII and binary. The system was such that it could be easily done on a piece of paper by hand.
It may not have used ASCII specifically (numbers may have been different), but it would've worked exactly the same. The ASCII version, and any other character coded system can be done on paper (I had to do that for this video actually).
OTP was mainly used by Secret services. Agents were given a sheet of numbers (The equivalent to the key here) with which they could decrypt secret messages.
ENCRYPT: (msgcharvalue + otpcharvalue) - 1 DECRYPT: (encryptcharvalue - otpcharvalue) + 1 If a result is more than the character set length or is less than zero then mod it by character set length.
It is also the final operation in every Stream Cipher.
Thx for the great explanation!
So if there was an agent in the field, they might be given a OTP in person before leaving, then if and when a message needs to be sent, they could just broadcast it publicly in complete confidence?
Yes, so old wartime schemes you would leave with a physical ciphertext, and using that ciphertext you can just broadcast out in public over radio. Often different ciphertexts were given to people of different ranks so that messages could only be read by specific people in the field depending on the operation.
Damn, I love your humor hahahah
What binary translation are you using to get your numbers? If your ASCII strings are, for example, 51 for the plain text first letter and 101 for the pad first letter, then the binary conversion will be of a differing length? You can't do XOR with differing string lengths of binary.
This is actually a good point. I should have mentioned it during the video. If you watch the animation from 3:55 onward you will see every number is left-padded (add 0's to the left) to 8 bits. So every number is 1 byte, and if it can be stored in less bytes then it's just less efficient. This is because ASCII is a fixed-length encoding, whereas something like Unicode makes this more complicated. Hope that makes sense
How Bob get the pad form Alice?
There are essentially an infinite number of ways to do this. These could include any form of network interaction like sending messages back and forth via WIFI, all the way to printing the details out and doing it by hand would work. That section of the protocol allows for a ton of leniency to implement however works best for you.
But if Eve has the pad and ciphertext then she can easily decrypt it, right? And it is usually the case that the pad and ciphertext are public, isn't it?
The pad in this example is typically the thing that is kept secret or is somehow obfuscated. This means the content itself can be distributed publicly without worry, and the only thing you need to keep safe is the pad. Likewise it means you can use the same pad for multiple pieces of content (VERY NOT IDEAL security wise) which means you only have to keep 1 thing private and everything else after that can just be distributed publically.
Alternatively it can be distributed with some sort of encryption that then has a handshake to allow the decryption key to be distributed. For example you might distribute an encrypted pad over a public channel, but it is locked behind a 16 digit password that was transferred using something like the Diffie-Hellman key exchange (github.com/Descent098/Diffie-Hellman), or even just setup a secure connection with something like SSL (www.ssl.com/faqs/faq-what-is-ssl/) using a key exchange to distribute the pad privately.
how the pad is exchanged?
There isn't any specific way to do this, ideally this is a step you would do "in-private", since if you do it "in-public" this part would need to be secured somehow (no specifics given in the OTP protocl). If eve is able to get ahold of the pad while in transfer then the whole system is no longer secure. One option is to do public-key exchange and then encrypt the pad with a key when you send it. Something like diffie-hellman can do this, which I created a repo to explain here: github.com/descent098/diffie-hellman
Thanks for watching!
I read on Wikipedia that it is the only encryption mechanism that is not breakable no matter what quantum computer together with any mathematical decryption algorithms is used. Is that correct? If so, then is this the ultimate encryption system?
The version I explained in my video is not quantum secure afaik. I think you could make it EFFECTIVELY quantum secure if your note is long enough, but the protocol itself is not secure against quantum attacks. There are versions of the one-time pad that could be, but they're more complicated.
I think what you're referring to is when people call the one time pad a "perfectly secret" scheme. All this means is that the ciphertext we use doesn't leak any information, meaning there are no side channel attacks. This is all a fancy way to say that you can't get information AT ALL about the content you're trying to encrypt, from how you encrypted it. Other methods will use the source text to generate their encryption, and so they are not "perfect secret" schemes.
I can't cite sources in a youtube comment but if you google "perfect secrecy" there is a video on khan academy, and one on wolfram U that will explain the concept well.
For post-quantum security there's a good channel called Chalk Talk here on youtube that cover quantum secured approaches like lattice-based cryptography.
The version I explained in my video is not quantum secure afaik. I think you could make it EFFECTIVELY quantum secure if your note is long enough, but the protocol itself is not secure against quantum attacks. There are versions of the one-time pad that could be, but they're more complicated.
I think what you're referring to is when people call the one time pad a "perfectly secret" scheme. All this means is that the ciphertext we use doesn't leak any information, meaning there are no side channel attacks. This is all a fancy way to say that you can't get information AT ALL about the content you're trying to encrypt, from how you encrypted it. Other methods will use the source text to generate their encryption, and so they are not "perfect secret" schemes.
I can't cite sources in a youtube comment but if you google "perfect secrecy" there is a video on khan academy, and one on wolfram U that will explain the concept well.
For post-quantum security there's a good channel called Chalk Talk here on youtube that cover quantum secured approaches like lattice-based cryptography.
Since this video is getting more popular, I will give people some other cryptography topics, and links that have come up in the comments:
- History of OTP
- It was used heavily before computers in wartime where people would be physically given a sheet of paper for the ciphertext, and then messages would be sent out over public radio frequencies to soldiers to get their orders
- Crib Dragging
- This is a method that allows you to break the one time pad if you know some of the contents that are in the text
- Public Key cryptography; This is how all your connections on the internet are secured
- Diffie Hellman is the most popular of these schemes
- I have an explainer for this on my github at github.com/descent098/diffie-hellman
- Post Quantum Cryptography
- Lattice-based encryption
- Chalk Talk is a good channel on youtube for info about this
- Encodings
- What we did with the binary numbers to letters is called an encoding, there are a bunch of popular ones
- UTF-8; The most commonly used encoding for text these days
👍
☮️
Why is this so hard for me to understand? Lol
Next time use unicode lol
For a video like this Unicode is unwieldy, this is meant to be an intro not a how-to necessarily. The primary purpose of this video was for a course I took where the prof wanted a teaching utility to show people about the protocol. ASCII is just simple because it's a small enough collection to do by hand while being expressive enough to be useful. In the real world the character encodings themselves get incredibly annoying to deal with (especially with bloody emoji's), and Unicode would be better especially for languages other than English. Thanks for watching!
this overcomplicates the one time pad immensely.
How so?