Infinite one time pads, brute force multiple pads?

Question

So based on my understanding using the same key for encrypting two completely random plain texts when using an otp cipher will still retain perfectly secret. This is based on the answers on this question.

The answers to those questions also say that using that data couldn't then be used to encrypt more messages. My understanding is that if the messages have been transmitted securely using 2-time pad cipher. This should be equal to handing them off at a physical location.

What I am wondering is why not be able to send new one time pads? If the message are perfectly secure an enemy wouldn't be able to determine what the secrets are? How would you brute force crack the messages since they hold perfect secrecy?

Answer 1

Quite simply, it's exactly the same as a two-time pad with one extra step.

So, as you know the problem with re-using a one time pad is that it leaks information.

If we encrypt m₁ and m₂ with pad₁, that gives us:

m₁ xor pad₁ = c₁ and m₂ xor pad₁ = c₂

So if we capture c₁ and c₂, we can then:

c₁ xor c₂ to get m₁ xor m₂

If however, we re-use pad₁ to transmit pad₂, and then use pad₂ to encrypt m₂, we get the following:

• m₁ xor pad₁ = c₁
• pad₂ xor pad₁ = c₂
• m₂ xor pad₂ = c₃

So now, as long as I capture c₁, c₂, and c₃, I can do the following:

c₁ xor c₂ = m₁ xor pad₂

Which effectively gives me the ciphertext I would have if I had used pad₂ on m₁ directly. So now I effectively have the ciphertexts for:

m₁ xor pad₂ and m₂ xor pad₂

Which when xor'ed then gives me:

m₁ xor m₂

Voila.