Jump to content
Not connected, Your IP: 18.118.30.253
AirVPN
bigbrosbitch

How To: One-Time Pads (Perfect Encryption)

By bigbrosbitch, ... in Off-Topic

Recommended Posts

bigbrosbitch    65

bigbrosbitch
Posted ...

​INTRODUCTION

Do you want to try a simple method for the only unbreakable form of encryption known (if implemented properly), even if your computer system is currently back-doored?*

Do you want to play Jason Bourne for fun?

Do you need to send a message to your lawyer (or other contact) that actually forces compliance with constitutionally protected rights concerning personal communications?

Are you willing/able to share a pad of unique encryption keys with your intended communication target, in person, for the purpose of sharing messages/data that you can't afford the Stasi to read/intercept?

Do you want a method that doesn't require any reliance upon computers for generation of the perfect encryption key or any other steps in the process, except transmission/receipt of the encrypted block?

Are you tired of computer experts talking down to you in their incomprehensible gibberish about encryption when you try to ask simple questions about practical applications of certain protocols?

Do you have six or ten-sided dice at home or willing to print templates out to use?

Can you do basic addition and subtraction calculations by hand?

Do you just want to piss off the powers that be with communications they can't read in their Borg-like systems, just because you can? 4th amendment anyone?


If you answered yes to the above, then read on and lets have some fun... mathematicians/cryptos on the forum are more than welcome to point out any errors in the proposed implementation, and I will correct it.

* This method described below is unbreakable, but doesn't prevent malicious modification of the cipher text by an adversary, given it does not utilise message authentification protocols.


ONE TIME PAD ENCRYPTION - BASIC BACKGROUND
 

One-time pad (OTP), also called Vernam-cipher or the perfect cipher, is a crypto algorithm where plaintext is combined with a random key. It is the only existing mathematically unbreakable encryption.

Used by Special Operations teams and resistance groups during WW2, popular with intelligence agencies and their spies during the Cold War and beyond, protecting diplomatic and military message traffic around the world for many decades, the one-time pad gained a reputation as a simple yet solid encryption system with an absolute security which is unmatched by today's modern crypto algorithms. Whatever technological progress may come in the future, one-time pad encryption is, and will remain, the only truly unbreakable system that provides real long-term message secrecy.

In cryptography, the one-time pad (OTP) is an encryption technique that cannot be cracked if used correctly. In this technique, a plaintext is paired with a random secret key (also referred to as a one-time pad). Then, each bit or character of the plaintext is encrypted by combining it with the corresponding bit or character from the pad using modular addition... It has also been proven that any cipher with the perfect secrecy property must use keys with effectively the same requirements as OTP keys.



The reason there is "Perfect Forward Secrecy" achieved by this (often impractical) method is as follows:
 

One-time pads are "information-theoretically secure" in that the encrypted message (i.e., the ciphertext) provides no information about the original message to a cryptanalyst (except the maximum possible length of the message). This is a very strong notion of security first developed during WWII by Claude Shannon and proved, mathematically, to be true for the one-time pad by Shannon about the same time...  Properly used one-time pads are secure in this sense even against adversaries with infinite computational power.

Claude Shannon proved, using information theory considerations, that the one-time pad has a property he termed perfect secrecy; that is, the ciphertext C gives absolutely no additional information about the plaintext. This is because, given a truly random key which is used only once, a ciphertext can be translated into any plaintext of the same length, and all are equally likely.

Thus, the a priori probability of a plaintext message M is the same as the a posteriori probability of a plaintext message M given the corresponding ciphertext. Mathematically, this is expressed as H(M)=H(M|C), where H(M) is the entropy of the plaintext and H(M|C) is the conditional entropy of the plaintext given the ciphertext C. Perfect secrecy is a strong notion of cryptanalytic difficulty.



Essentially, the mathematics suggests that even advanced adverseries with almost unlimited computatational power, over an infinite period, can't bust your cipher down. In other words, you use the laws of physics to take back your inalienable rights.

Who doesn't want to give 'the mathematical bird' to lurking, uninvited government strangers/peeping toms with paranoid fantasies about the citizenry?


AUTHENTICATION - IMPOSSIBLE WITH MANUAL ONE-TIME PAD METHOD IMPLEMENTATION

Because we are not using standard computer protocols*, we cannot achieve message authentification manually. That is, encryption programs like OTR, OpenVPN and so on use a message authentification code (MAC) to authenticate messages/data and provide an integrity check to see whether there have been any changes to the content.

MAC can be achieved in multiple ways, for example, crytographic hash functions, universal hashing and block cipher algorithms, but these are not possible with purely manual methods. Consequently, if a message is corrupted (doesn't make sense when decrypted), you don't know if this was due transmission errors across the network or whether an adversary has modified the cipher text, with it remaining the exact same size as the original message.

For the joy of unbreakable encryption, we can live with this scenario.**

* Due to the threat of widespread viruses, spyware, worms and Trojan Horses frequently found in 'trusted' and 'secure' computers.

** We also don't use very large one-time pads for multiple messages e.g. a computer disk full or random data, as it is inconvenient and poses other security risks.


ONE-TIME-PAD ENCRYPTION PRE-REQUISITES

Ciphers are only unbreakable if the following conditions are FULLY MET:

- One-time pad values are actually random (not pseudo-random).*
- Secure messages must have one-time pad values that are at least as long as the message/data to be encrypted.
- Encryption keys are never used more than once by the sender or receiver.
- Encryption keys are immediately destroyed by the sender/receiver after use.**
- One-time pads used by communicating parties are kept secure at all times.
- Key and plaintext are calculated modulo 10 (digits), modulo 26 (letters) or modulo 2 (binary).
- There should only be two copies of the key: one for the sender and one for the receiver (some exceptions exist for multiple receivers)***

* Randomness is harder to generate then you think and simple computer functions designed for this purpose can't be trusted. This is why we will resort to physical measures for entropy instead of pseudo-random number generators in deterministic computer systems, or the use of insecure 'random' bits of data transmitted across the internet (and most probably already captured by advanced adversaries e.g. Random.org and other sites).

** This is another reason we don't use /dev/random or /dev/urandom in Linux or Mac to generate our keys in this instance - traces of computer activity are generally left all over the place. Plus, we remove the ability of any eavesdropper to capture the unique key during the generation phase.

*** For simplicity, communication between only two parties is used in this instance.


RESOURCES NEEDED FOR ONE TIME PAD WITH NUMBERS

1) Two (or more) six-sided dice OR 1 to 5 x ten-sided dice.*

2) A pencil and single sheets of paper to write unique keys on.

3) An agreed-upon 'checkerboard variation' (see below) for conversion of plain text into digits.

4) The mental ability to calculate simple addition/subtraction to encrypt/decrypt messages (modulo 10 for numerical keys; modulo 26 for alphabetical keys).

5) A computer and pre-agreed communication chanel to relay the encrypted message.**

*From game sets or printed templates that can form paper dice e.g. see http://timvandevall.com/printable-paper-dice-template/

** Obviously not sent/recieved at your home IP address if you are a legitimate target and evidence of encrypted messages poses a risk in itself. For instance, a cautious target would probably use:

- A non-persistent TAILS USB stick (freshly installed; new USB stick bought with cash).
- Utilise MAC spoofing in TAILS.
- Disconnect all peripherals or HDD/SSDs in second hand computer gear that has never been used before for communications.
- Disable/cover/physically disconnect all webcams/microphones.
- Use a new wi-fi dongle (bought with cash).
- Use public wi-fi spot in a physical environment that doesn't have a million cameras, webcams or other peripherals due to time-stamps associated with communications.
- Utilise (perhaps) a one time account that allows registration via Tor nodes under a free trial e.g. Hushmail or similar to send the message.
- And more (this is a complex topic in itself)....

If you don't care about who knows you use encryption, then you can always send the ciphertext via gmail or another corporate bitch who scans every line, since it is unbreakable.

 

However, a more sensible method would be to hide the cipher text in plain looking messages or letters using steganography (see further below).


NOTE ON 'TRUE RANDOMNESS'
 

High-quality random numbers are difficult to generate. The random number generation functions in most programming language libraries are not suitable for cryptographic use. Even those generators that are suitable for normal cryptographic use, including /dev/random and many hardware random number generators, make some use of cryptographic functions whose security is unproven.



This is the topic of heated debate in Linux, including the developers of the kernel itself, but will be the main reason we won't use a host of techniques capable of providing 'random' numbers/strings at the terminal that could be used for our purpose e.g. in Linux:
 

< /dev/urandom tr -dc _A-Z-a-z-0-9 | head -c${1:-32};echo;

OR

openssl rand -base64 32

OR

for i in {1..5}; do echo $RANDOM; done

OR

od -An -N2 -i /dev/random


and so on.


THE POOR MAN'S ONE-TIME PAD METHOD - PRACTICAL EXAMPLE

Note: in this example, we are going to use numbers 0-9 (modulo 10) instead of applying the method with letters (modulo 26), since it is just easier.

STEP 1) Create unique keys using six or ten-sided dice for our one-time pad.
 

A default one-time pad sheet usually contains 50 groups of 5 random digits, which is sufficient for one normal message, and each one-time pad sheet should have a unique first group of five digits. This first group will be used to identify the key and is not used in the encryption process. A one-time pad set consist of two identical one-time pads. To establish a one-way communication you will only need one OUT pad for the sender and one IN pad for the receiver. To communicate in both directions both sender and receiver need OUT and IN pads. Never use a single pad to communicate in both directions!

 

​See the example picture below. Each pad would be used in turn for each message.



To generate your set of 50 groups, roll 5 x ten-sided dice, 50 times. If you are using 2 x six-sided dice, then you must take special care:
 

Never ever simply use normal six-sided dice by adding the values of two dice. This method is statistically unsuitable to produce values from 0 to 9 and thus absolutely insecure (the total of 7 will occur about 6 times more often that the values 2 or 12). Instead, use one black and one white die and assign a value to each of the 36 combinations, taking in account the order/colour of the dice (see table below). This way, each combination has a .0277 probability (1 on 36). We can produce three series of values between 0 and 9. The remaining 6 combinations (with a black 6) are simply disregarded, which doesn't affect the probability of the other combinations.


Use this table below to generate true random numbers between 0-9 when using six-sided dice (throws with a black six are discarded):

 



This is my example, 'secret' encryption key - 25 groups of 5 random digits (1/2 the required size for illustration purposes; normally 50 groups of 5 random digits). This was generated just now using multiple dice rolls, '00021' is the pad number/identifier and is not used in the encryption process, but forms the first 5 digits of the message, so the receiver knows which pad to decrypt with:
 

00021

98730 87323 64946 18612 59989
79735 92849 98243 70861 66958
11555 33694 79075 51087 68904
00212 27328 90492 70329 74889
36421 53036 07425 09807 55518
.............................




Obviously you would repeat this process further - 50 groups of 5 - for each message pad entry that would be needed for future use. We use keys of this size which should suffice for most messages. Store this information in a small pad at all times and NOT on computer media e.g. USB sticks, CD roms, HDDs etc.

STEP 2) Choose a checkerboard that you will use to prepare you plain text message for encryption.

Before we can perform the calculations with the plaintext message and key to turn it into cipher (encrypted) text, we need to convert the plain text message into digits. There are various ways to do this. A most basic method is to assign a two-digit value to each letter (eg. A=01, B=02 and so on through Z=26).
 

A popular and more economic way to convert text into digits is a so-called straddling checkerboard. Note that this text-to-digit conversion itself is by no means secure and must be followed by an encryption! A straddling checkerboard converts the most frequently used letters into one-digit values and the other letters into two-digit values. This results in a ciphertext that is considerably smaller than the basic A=01/Z=26 systems. Various checkerboards exist with different character sets and symbols, optimized for different languages.



It DOES NOT matter which checkerboard you use, so long as the recipient also uses the same one. Knowledge of the checkerboard method DOES NOT assist the adversary in decryption, because this conversion is not a type of encryption and offers absolutely NO PROTECTION whatsoever!

In this example, w will use the CT-37c conversion table (see below) which is very easy to use:


 

Using the CT37c table requires all characters of the plain text are converted into their one-digit or two-digit value.

To convert numbers, always use "FIG" before and after one or more digits. Each digit is written out three times to exclude errors. You can use spaces and punctuations within the "FIG" mode. An example: "1.5 KG" = "90 111 91 555 90 77 74". The "REQ" or "REQUEST" field enables questions and spaces are created with the "SPC" field. The apostrophe (93) can be used as both apostrophe and comma. The "CODE" field is the codebook prefix and is used before each codebook value. The use of spaces before and after codebook words is not necessary.



In this example, I want to encode as a secret message: SNOWDEN DOCUMENTS AT SECRET ONION ADDRESS. DOWNLOAD BY 3PM.

Using the CT-37c table for encoding, this message becomes in digit form (no code book used in this example to shorten messages; also note the triple repeat of numbers and use of 'fig' brackets around it):
 

S  N O W  D  E N   D  O C  U  M   E N T S    A T  S   E C  R  E T   O N I O N   A D  D   R   E S   S     .    D  O W  N L  O A D    B   Y           3        P   M  .
83 4 5 86 72 2 4   72 5 71 84 79 2 4 6 83   1 6  83 2 71 82 2 6   5 4 3 5  4   1 72 72 82 2 83 83  91   72 5 86 4 78 5 1 72   70 88  90 333 90 80 79 91



We re-arrange this into groups of five, leading to:
 

83458 67224 72571 84792 46831 68327 18226 54354 17272 82283 83917 25864 78517 27088 90333 90807 99191



Note that the last group of 5 is filled with full stops if there are any spaces, hence the 9191 in this case above.

STEP 3) Encryption and decryption.
 

Once our message is converted into digits we can start the encryption. First, we tell the receiver which key was used. This is done by adding the first five-digit group of the one-time pad sheet at the beginning of the message. This first group of the one-time pad should never be used in the encryption process. Always start enciphering from the second group of the pad. This method of identification doesn't reveal any order of the messages, nor how many messages were actually sent. In the example we skip the identification group 74061 of the pad.

Write down the plaintext digits from Step 2 in groups of five, write the numbers, obtained from the one-time pad key, underneath the plaintext and subtract the one-time pad key from the plaintext, digit by digit and from left to right. Subtraction is performed without borrowing (e.g. 5 - 9 = 15 - 9 = 6). Always complete the last group of plaintext with zeros.




Plain   : KEYID  83458  67224  72571  84792  46831  68327  18226  54354  17272  82283  83917  25864  78517  27088  90333  90807  99191
OTP (-): 00021  98730  87323  64946  18612  59989  79735  92849  98243  70861  66958  11555  33694  79075  51087  68904  00212  27328

Result : 00021  95728  80901 18635  76180  97952  99692  26487   66111  47411  26335  72462  92270  09542  76001  32439  90695 72873

Now destroy the pad you just used, including any of the unused part!

We send the message in the set groups of 5 as per the pad design, with the first five numbers indicating the key ID. This leads to:
 

00021 95728 80901 18635 76180
97952 99692 26487 66111 47411
26335 72462 92270 09542 76001
32439 90695 72873


To decrypt the message, the receiver verifies the first group of the message to ensure that he uses the correct one-time pad sheet. Next, he writes the proper one-time pad digits underneath the ciphertext and adds the key to the ciphertext, digit by digit, without carry (e.g. 9 + 6 = 5 and not 15). The first group is skipped as it is only used to identify the key.

Ciphertext : 00021  95728  80901  18635  76180  97952  99692  26487  66111  47411  26335  72462  92270  09542  76001  32439  90695  72873
OTP Key(+): 00021  98730  87323  64946  18612  59989  79735  92849  98243  70861  66958  11555  33694  79075  51087  68904  00212  27328

Plain text   : KEYID  83458  67224  72571   84792 46831  68327  18226  54354  17272  82283  83917  25864  78517   27088 90333  90807  99191

Now we have the plain text, we simply re-use CT-37c table (decode side) to covert the numbers into the message, giving:

SNOWDEN DOCUMENTS AT SECRET ONION ADDRESS. DOWNLOAD BY 3PM.

Success my paranoid friends!


PITFALLS TO AVOID

- Like PGP and other methods that generate private keys, secure key management is essential to this technique.
- Reminder: don't store keys on computers or print them out etc for convenience. This is a poor method if you are serious. Same goes for USBs, CDs, HDD/SSDs and so on - you can't ever be sure all traces will be removed from the system.
- Reminder: don't use pads more than once!
- Enough key material must be available for potentially years in advance, depending on your situation. Make sure pads are numbered with a key ID so there is no confusion.
- Do your calculations by hand and only ever enter the cipher-text into a computer for communication purposes, NOT for encrypt/decrypt calculations.

COMBINING STEGANOGRAPHY WITH ONE-TIME PADS

If you want to hide the cipher-text in a normal looking email and have full deniability, you could attempt the WPS method:
 

The plaintext message (payload) is encrypted and the ciphertext digits are hidden inside a seemingly innocent text, e-mail or letter (carrier). This technique is called steganography (lit. hidden writing) and enables both sender and receiver to fully deny the existence of encrypted communications. Note that the payload must always be encrypted before hiding it in the carrier. Even when the adversary knows the method of hiding, any attempt to extract encrypted information would merely produce unintelligible digits. The message remains fully deniably. However, an attempt to extract non-encrypted data could reveal the message. Protect before hiding! There are various ways to hide ciphertext digits in a seemingly innocent text. Of course, simply inserting strange sequences of digits or some illogical values will draw suspicion.

The Words-Per-Sentence (WPS) system is a simple yet effective text-based method to conceal digits. For each digit, a sentence is composed with as many words as the digit + 5. Adding 5 to the total ensures that all sentences have at least five words. Words like “it’s”, “you’re” or “set-up” are regarded as one word. To retrieve the original digits, the receiver subtracts 5 from the total number of words in each sentence.

To avoid statistical bias, some sentences with less than five words or more than fourteen words should be added (these are later simply ignored). The advantages of this method are an excellent linguistic freedom and the lack of complex calculations or conversions. Always start by writing a meaningful text and then play with the words to obtain the required sentence length. Exclude the salutation in a letter from the system, as a nine-letter salutation would arouse suspicion. The random digits produce an average of ten-words sentences.



Continuing with our 'Snowden example', if you didn't want to arouse suspicion, you could bury the first five digit cipher (95728) in the following series of sentences:
 

Dear Barry,

I hope everything is going really well for you and your three beautiful kids! I'm pretty busy these days in a senior work position. Did you end up getting that big promotion you were hoping for?

We should catch up for some drinks. Anyway, say hello to Amanda and I hope to see you guys soon.

Frank.



WPS = 14, 10, 12, 7, 13.
WPS (-5) = 95728

Because sentences less than 4 words are ignored, the recipient would understand that the first cipher buried in the message is 95728. Of course this method requires you writing a substantial amount of material to your 'friend' to bury the message, but is worth considering for the most hard-core.

CONCLUSION

If you want it bad enough, you can have perfect encryption and bury it in innocent looking emails or hand written letters.

The Stasi can't break the laws of mathematics, so you are not completely powerless it seems. Happy encrypting!


SOURCES

http://www.cyberciti.biz/faq/bash-shell-script-generating-random-numbers/

https://en.wikipedia.org/wiki/Message_authentication_code

https://en.wikipedia.org/wiki/One-time_pad

http://www.howtogeek.com/howto/30184/10-ways-to-generate-a-random-password-from-the-command-line/

http://timvandevall.com/printable-paper-dice-template/

http://users.telenet.be/d.rijmenants/D10.pdf

http://users.telenet.be/d.rijmenants/en/onetimepad.htm

http://users.telenet.be/d.rijmenants/en/otp.htm
 

OmniNegro, rainmakerraw and snipe reacted to this

Share this post

Link to post

OmniNegro    155

OmniNegro
Posted ...

In your example where the 91 is used for a space, you would be better off putting anything else than 9191 to fill that block of five characters. Any competent Human can figure out that if you said "SNOWDEN DOCUMENTS AT SECRET ONION ADDRESS. DOWNLOAD BY 3PM.DF" the last two characters evenly fill out that block of five. And so since there was already an end to the sentence, they can be ignored.

 

Thank you for explaining this in detail. Everyone should know such things in this foul world. Be well my friend.

Debugging is at least twice as hard as writing the program in the first place.

So if you write your code as clever as you can possibly make it, then by definition you are not smart enough to debug it.

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
  • Security Check
    Play CAPTCHA Audio
    Refresh Image
Go To Topic Listing
×
×
  • Create New...