I've put together a little tutorial on one-time pad ciphers. Without further ado: A one-time pad is the only (theoretically) 100% secure method of encryption currently available today. The one-time pad's security comes from it's key; the key (if chosen correctly) is EQUAL to the length of the plaintext and is COMPLETELY random. When both conditions are simultaneously fulfilled, the key is cryptographically secure. A one-time pad works as follows: Alice wants to send a message to Bob. Alice obtains a random key that is equal to the length of the PT she wishes to send and transmits it to Bob through an existing secure channel. She uses an algorithm to encrypt the PT with the key. The actual algorithm used doesn't matter, so long as it is agreed upon by both Alice and Bob beforehand. After the encryption is completed, Alice DESTROYS the key (so it can never be recovered or used again). Alice then sends the message to Bob who reverses the encryption process and destroys his copy of the key. The key destruction ensures that the key will not be reused. Should a key be reused, the OTP's security is compromised. The cipher is called the one-time pad because you have a "pad" of keys that are used only once and thrown out (hopefully not just "thrown out" but you get the picture). KGB agents carried their keys in the field on pads of paper designed to ignite at low temperatures and leave little ash. Agents knew which key to use because each was assigned a unique serial number, which would be transmitted unencrypted along with the CT message. Next, we will explore how to encrypt and decrypt some example messages. Pretend I want to send you the message "THE BRITISH ARE COMING". I must have a random key of length 19. How I obtain this key is not important, so long as it is truly random. Current methods of obtaining random keys include noise from webcams and key-generators connected to a radioactive substance that use the eccentricity of nuclear decay to construct their keys. I'm going to use the key DKJFOISJOGIJPAPDIGN. All I did to obtain this key was bang on the keyboard, so it is not a "good" key, but it will do for purposes of this demonstration. Code: Step 1 - Write the PT above the key T H E B R I T I S H A R E C O M I N G D K J F O I S J O G I J P A P D I G N Step 2 - Determine an algorithm For a simple pen & paper implementation, I'm going to look up the numerical value of each letter in the alphabet (a=0, b=1, c=2, ..., z=25) for both PT and key, add them together and take it MOD the length of your alphabet (26 in this case; a-z). This gives us a new numerical value 1-26 which we can look up in our alphabet table and find the new encrypted CT character. I, personally, like to write out the table on my paper so it's easy for both me and the recipient of the message to encode and decode. It follows the formula "(plaintext + key) MOD alphabet length": A B C D E F G H I J K L M N O P Q R S T U V W X Y Z 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 Step 3 - Perform the encryption (T(19)+D(03)=22) (H(07)+K(10)=17) (E(04)+J(09)=13) (B(01)+F(05)=06) (R(17)+O(14)=31) (I(08)+I(08)=16) (T(19)+S(18)=37) (I(08)+J(09)=17) (S(18)+O(14)=32) (H(07)+G(06)=13) (A(00)+I(08)=08) (R(17)+J(09)=26) (E(04)+P(15)=19) (C(02)+A(00)=02) (O(14)+P(15)=29) (M(12)+D(03)=15) (I(08)+I(08)=16) (N(13)+G(06)=19) (G(06)+N(13)=19) MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 = = = = = = = = = = = = = = = = = = = 22 17 13 06 05 16 11 17 06 13 08 00 19 02 03 15 16 19 19 = = = = = = = = = = = = = = = = = = = W R N G F Q L R G N I A T C D P Q T T From this fairly simple and quick process, we can determine that our CT is "WRNGFQLRGNIATCDPQTT". This is not vulnerable to simple frequency analysis because the same letter is not encrypted the same way twice (unless, of course, it aligns with the same key character twice). It should also be invulnerable to index of coincidence attacks because your key is not repeated; it is the length of the text. Decryption is also quite straightforward. It follows the formula "(ciphertext - key + alphabet length) MOD alphabet length": (W(22)-D(03)= 19 (R(17)-K(10)= 07 (N(13)-J(09)= 04 (G(06)-F(05)= 01 (F(05)-O(14)=-09 (Q(16)-I(08)= 08 (L(11)-S(18)=-07 (R(17)-J(09)= 08 (G(06)-O(14)=-08 (N(13)-G(06)= 07 (I(08)-I(08)= 00 (A(00)-J(09)=-09 (T(19)-P(15)= 04 (C(02)-A(00)= 02 (D(03)-P(15)=-12 (P(15)-D(03)= 12 (Q(16)-I(08)= 08 (T(19)-G(06)= 13 (T(19)-N(13)= 06 +26) +26) +26) +26) +26) +26) +26) +26) +26) +26) +26) +26) +26) +26) +26) +26) +26) +26) +26) MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD MOD 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 26 = = = = = = = = = = = = = = = = = = = 19 07 04 01 17 08 19 08 18 07 00 17 04 02 14 12 08 13 06 = = = = = = = = = = = = = = = = = = = T H E B R I T I S H A R E C O M I N G We can see the original message here: "The British are coming". That's basically all there is to one time pads. Some key points to remember are: 1) Your key MUST be as long as your plaintext 2) Your key MUST NOT be reused 3) Your key MUST be random (not pseudorandom and PLEASE not a WORD!!) 4) The key MUST be exchanged over an existing secure channel Hope you found this tutorial enjoyable and informative (and correct!) Pulsar