Why is encrypting with the same one-time-pad not good?
To encrypt a message $m_1$ with a one-time-pad key $k$ you do $Enc(m_1,k) = m_1 \oplus k$.
If you use the same $k$ to encrypt a different message $m_2$ you get $Enc(m_2,k) = m_2 \oplus k$, and if you perform Xor of the two ciphertext you get $$( m_1 \oplus k) \oplus ( m_2 \oplus k) = m_1 \oplus m_2$$
so, OK, there is some information leakage becuse you learn $m_1 \oplus m_2$, but why is it not secure? I have no way to learn (say) $m_1$ unless I know $m_2$. So why is it wrong to use $k$ twice??
Asked By : Ran G.
Best Answer from StackOverflow
Question Source : http://cs.stackexchange.com/questions/349
Answered By : Carl Mummert
I have no way to learn (say) $m_1$ unless I know $m_2$.
That is exactly the problem - if you re-use the same key, and someone has access to one message you encrypted in both plaintext and encrypted form, they can use that to find your key: $$ (m_2 \oplus k) \oplus m_2 = k $$
As an alternative scenario, if you use the same key over and over, the attackers may be able to guess just pieces of various encrypted message, and each successful guess reveals a piece of the key $k$, so that over time more and more of the key is revealed.
This general strategy for breaking a cryptosystem is known as a known plaintext attack. Many systems, like AES and RSA, are believed to be secure against these attacks. But a one-time pad becomes completely insecure against them unless a new pad is used for every encryption, which is why they are named "one-time pads".
Post a Comment