4.3 Multiple Use of a One-Time Pad

Alice sends messages to Bob, Carla, and Dante. She encrypts each message with a one-time pad, but she’s lazy and uses the same key for each message. In this section, we’ll show how Eve can decrypt all three messages.

Suppose the messages are $M_{1}, M_{2}, M_{3}$ and the key is $K$ . The ciphertexts $C_{1}, C_{2}, C_{3}$ are computed as $M_{i} \oplus K = C_{i}$ . Eve computes

C_{1} \oplus C_{2} = (M_{1} \oplus K) \oplus (M_{2} \oplus K) = M_{1} \oplus M_{2} .

Similarly, she obtains $M_{1} \oplus M_{3} = C_{1} \oplus C_{3}$ and $M_{2} \oplus M_{3} = C_{2} \oplus C_{3}$ . The key $K$ has disappeared, and Eve’s task is to deduce $M_{1}, M_{2}, M_{3}$ from knowledge of $M_{1} \oplus M_{2}$ , $M_{1} \oplus M_{3}$ , $M_{2} \oplus M_{3}$ . The following example shows some basic ideas of the method.

Let’s assume for simplicity that the messages are written in capital letters with spaces but with no other punctuation. The letters are converted ...

Get Introduction to Cryptography with Coding Theory, 3rd Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

Introduction to Cryptography with Coding Theory, 3rd Edition by Wade Trappe, Lawrence C. Washington

4.3 Multiple Use of a One-Time Pad

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly