cipher;cryptography;secret-key;key-management;stream cipher">


Question 93. What is a One-time Pad?

A one-time pad, sometimes called the Vernam cipher [Ver26], uses a string of bits that is generated completely at random. The keystream is the same length as the plaintext message and the random string is combined using bitwise exclusive-or with the plaintext to produce the ciphertext. Since the entire keystream is random, an opponent with infinite computational resources can only guess the plaintext if he sees the ciphertext. Such a cipher is said to offer perfect secrecy and the analysis of the one-time pad is seen as one of the cornerstones of modern cryptography [Sha49].

While the one-time pad saw use during wartime, over diplomatic channels requiring exceptionally high security, the fact that the secret key (which can be used only once) is as long as the message introduces severe key-management problems. While perfectly secure, the one-time pad is impractical.

Stream ciphers (see Question 86) were developed as an approximation to the action of the one-time pad, and while contemporary stream ciphers are unable to provide the satisfying theoretical security of the one-time pad, they are at least practical.