Daniel Lyons' Notes
Topics
Software Development
Cryptography
A Better One-Time-Pad Cipher
Attack Types in Cryptography
Cryptanalysis
Cryptography security scale
Cryptography tools
Cryptography
Frequency Analysis
Hash Collision
Hashing
History of Cryptography
HMAC
Public Key Cryptography
Resources for Learning About Cryptography
Superpowers in Cryptography
The Kryptos Code
2-2-2
Algebraic Data Types
alt text
Bootstrapping
Bug Reporting
Domain modeling with Types
Dynamic Programming
git
GitHub
Infrastructure as Code
logging in Software Development
OpenGL
orthogonality in Software Development
PRD
Promotion in Software Development
Public APIs
separation of concerns
Shaders
shebang
shell environment variables
Software Development
structured data
Tech Roles
Telemetry in Software Development
Typical Hiring Process in Software Development
UI Design
3D Printing
ACTS prayer
aimlessness
beauty
China
Christmas Songs
clarity
collaboration
commitment
comparison
competence
consistency
Creative Commons
daily bible reading
Decision-making
delayed gratification
Delegated Complexity
Denial
Digital Autonomy
Discipline
DRM-free solutions
economics
emergent
Emmaus Orthodox Presbyterian Church
enshittification
Estate Planning
excellence
experts
Feedless February
focus
Gartner hype cycle
GraphViz
How to Futureproof Your Data
immediate gratification
incentives
integrity
intensity
intentionality
isomorphic
keystone habit
land acknowledgment
Mars Inc. Principles
mediocrity
mindfulness
Monopolies enforced by the US Federal Government
moralism
My Views on Feedback
nerd sniping
optimism
Ouroboros
Palestine
Parkinson's Law
Passkeys
Post Expertise Scarcity Examples
pray the news
privacy
Project Gutenberg
Public Domain
RAWG
regret
responsibility
Royalty Free Music
Scenius
scientism
self-examination
self-improvement
Self-lish
Setup Jackbox for Streaming
simplicity
sorrow
Speech
Textus Receptus
The Historical Jesus
Time Zones
Topics
Transhumanism
two pizza rule
values
war
Homepage
Daniel Lyons' Notes

A Better One-Time-Pad Cipher

  • Abstract: let's combine an OTP cipher with Steganography
  • Defining terms:
    • Cipher/Encryption: An algorithm that can be used to encrypt data
    • Steganography: A method used, not to encrypt data, but to hide it.
    • Encryption vs. Steganography:
      • Encryption makes data difficult or impossible to read, but doesn't make it harder to find.
        • By encrypting it, you are making it obvious that you are hiding something thus incentivizing a bad actor to investigate further.
      • Steganography makes data harder to find, but not harder to read.
        • By using steganography, the bad actor is less likely to know that you are hiding something in the first place, and therefore less likely to investigate at all.
        • But if they find it, it will be easy to read.
      • Encryption + Steganography: By using both techniques together, we dramatically increase our security.
    • OTP: the One-Time Pad Cipher:
      • A key is used such that:
        • the key has the same length as the plaintext
        • every single character in the key is random
        • the key is never reused
      • Out of all the ciphers, none is as secure as the one-time pad cipher.
        • In 1949, the mathematician Claude Shannon proved that the OTP has has "Perfect Secrecy".
        • This means it is impossible to break this cipher because every possible plaintext solution is equally likely to be correct
          • because they are equally likely to be correct we can call this perfect plausible deniability
            • Even if the correct key is found and used to decipher the ciphertext, it doesn't matter because there is no statistical evidence that that message is any more likely to be the correct message than any of the red herrings
      • Observation: when a plaintext is enciphered with the OTP cipher, the ciphertext and the key are the same in that:
        • They are both completely random
        • They are both impossible to convert into the plaintext without the other
        • They both have perfect plausible deniability.
        • Since the key is random then the ciphertext is also random (since it is XOR'ed using a random key).
        • Therefore, since the key and the ciphertext are both the same length, and perfectly random, they are effectively the same thing. We might as well store then and treat them in the same way:
          • In terms of purpose they are indistinguishable.
          • Neither can be "attacked" to gain any insight on the other.[1]
      • Limitations of the OTP cipher:
        • It's worth asking If the OTP cipher is so great then why isn't everyone using it.
          • The answer is because, despite all it's advantages, it is not practical to use for most applications.
        • Like any other symmetric cipher, it has the "key distribution problem":
          • In order for the receiver to decrypt the message they must receive both the key and the ciphertext,
          • and the key must be secret or else any eavesdropper could decrypt the message trivially.
          • The easiest way to send a message secretly is to encrypt it, and if you're gonna encrypt the key, then you might as well use that encryption technique instead of using OTP.
        • Despite these limitations, I still think that there is great potential for the OTP to be quite useful in many new applications when mixed with other techniques
      • Advantages of the OTP cipher:
        • We already mentioned Perfect Secrecy. This is the holy grail and the reason why I think it warrants further exploration
        • Trivial compute requirements:
          • Almost every cipher operates on the same principles:
            1. The key must be secret and
            2. the encryption algorithm must be so complex that it cannot be broken.
              • More precisely:
                  1. No human alive is currently smart enough to break the encryption without knowing the key
                  1. No machine currently exists that can break the encryption without knowing the key
          • Throughout history this has always been an arms race.
            • Cryptographers devise more complex ciphers which are more computationally expensive to break
            • Cryptologists (code breakers) devise more clever solutions, and more powerful machines to either lower the computation expense required, or to increase their computational capabilities.
          • BUT the OTP cipher is unique among ciphers in that it's approach is different. It requires little to no computational power to encrypt, or decrypt messages. In fact it is so simple that it can be done on pencil and paper.
            • While other methods use computational requirements to guarantee secrecy, the OTP instead uses randomness to guarantee secrecy.
    • Plausible Deniability
      • A government or a malicious actor could force a party to hand over a private key in order to decrypt the message.
      • Plausible deniability is a strategy to mitigate this threat:
        • We could hand them a key that does in fact produce an intelligible message, however it is not the actual original plaintext. Instead it is a decoy.
        • this strategy could be incredibly valuable but also very risky:
          • valuable: We could satisfy the demands for the key. They would think that they have the genuine key, thus they might likely give up on searching for the true key and plaintext since they think that they already possess it.
          • risky: If they realize that they have been duped then there could be more punishment, of a harsher extent.
    • Perfect Plausible Deniability:
      • Just as encryption creates secrecy, and the OTP creates "Perfect Secrecy", so too OTP could be used to create "Perfect Plausible Deniability".
      • Remember that OTP already has Perfect Secrecy:
        • Since every possible solution is equally likely, therefore we could generate many fake decoy solutions. These would serve 2 main purposes:
          • FUD: By generating many decoys, even if they find the hidden data in the steganography, and even if they acquire the ciphertext and the key, and even if they decipher the message, still they are in possession of many fake keys and ciphertexts which means they don't know:
            • which is the correct key and ciphertext
            • However, this only slows the adversary down. They now have a maze with many dead ends, but if they have enough time, money, and patience, they will eventually find the correct solution.
          • Mathematical uncertainty: This next part is more important. It bears repeating. Every possible solution has an equal statistical likelihood of being true.
            • In other words, you have completely removed your security protocol (the OTP cipher and steganography) from their possible evidence at their disposal.
            • For example, even if they found your actual ciphertext, and key, and then used that to generate your actual plaintext, you could simply give them another decoy key, which would create a decoy plaintext.
              • This would create FUD, but more important it would create Perfect Plausible Deniability. This means that the decoy and the true plaintext are equally likely to be true. The OTP cipher algorithm betrays no information whatsoever regarding which plaintext is the true plaintext.
              • Therefore they would be forced to look for some other form of evidence outside of the message itself or the encryption algorithm.
  • Huge problems:
    • exponential data increase: so far this protocol only obfuscates the message. It doesn’t perfectly remove the ability of the attacker to find both the key and the plane text and the message. Worse, yet, it requires the creation of many decoys which dramatically increased the data storage requirements.
    • Data compression: because the data is completely random, it is impossible for us to compress the data
    • #DATA corruption: A mistake of a single bite could corrupt the data rendering it on unreadable
    • Authentication: this protocol still lacks the ability to authenticate the message. And the adversary could modify either the plane text or the cipher text and the message would still be corrupted.

Footnotes

  1. that is unless someone possesses both the key and the ciphertext and knows that they should be linked together↩︎

A Better One-Time-Pad Cipher
Interactive graph
On this page
Footnotes
Powered by Obsidian Publish