6

I am experiencing confusion regarding one-time pads. I have read that a one-time pad generates a key that has the same length as the plaintext. This is considered to be an overhead in sharing such a large key. So how could a pseudo-random key eliminate this overhead?

I have read of communication parties sharing a short seed which is then used to create a pseudo random key, and I am having trouble relating these two approaches.

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
Humam Shbib
  • 171
  • 3

2 Answers2

8

No one uses One-time pads, because it is impractical. Modern cryptography utilizes block ciphers and stream ciphers because all you need to do is transmit a very small key, using a key exchange method and then based on this key you can generate an effectively infinite amount of pseudo-random output.

A stream cipher works a lot like a one time pad. If you message is X bytes long, then you generate X bytes of PRNG stream and then XOR this with your plain text message to produce the cipher text. If you ever reuse this PRNG stream you will probably seriously undermine the secrecy of your message. The same holds true for a one time pad. If the attacker knows the plain text, then a simple XOR yields the pseudo-random bytes used to encrypt the message.

rook
  • 46,916
  • 10
  • 92
  • 181
  • 2
    A difficulty with both xor-based stream ciphers and one-time pads is that an attacker who knows what part of a cleartext message will contain, and what he'd like it to contain, can xor that part of the ciphertext with the xor of the known and intended cleartexts. With many other systems, the effect of altering a bit in the ciphertext will vary in ways that cannot be predicted without knowing the key. – supercat Feb 11 '15 at 21:31
  • Pseudo-random output is not infinite, just have a long enough period (amount generated before it repeats) that it doesn't matter – ewanm89 Jun 12 '16 at 18:44
2

Wikipedia explains why the one-time pad is not used in practice; the need to exchange a very long key is not terribly practical.

One alternative is a stream cipher. Wikipedia explains how stream ciphers work. Stream ciphers use a short key to encrypt arbitrarily long messages.

Wikipedia explains the relationship behind the one-time pad and the stream cipher and why you can think of the stream cipher concept as being loosely related to a one-time pad, but with a shorter key. A stream cipher works by starting with a short seed, using a cryptographically strong secure pseudorandom number generator to stretch this into a long sequence (as long as the message), and then combining it with the message in the same way the one-time pad does. It is important to understand that this approach does not qualify as a one-time pad, and does not offer the same provable security properties as a one-time pad.

D.W.
  • 98,420
  • 30
  • 267
  • 572