Last week, at this bat-time on this bat-channel, I talked about checking off one of my 35 year old bucket list items by learning Commodore assembly language. (shut up, you're old too.) Coincidentally, I picked this up at the time I was re-reading Cryptonomicon by Neal Stephenson for the ump-teenth time. There are a few books that I consider so good that they're worth re-visiting, and this is one of them.
If you haven't read it, you don't need to worry about spoilers. The plot is multi-generational. One character, Lawrence Waterhouse, is a high level Allied Cryptographer tasked with cracking codes and coming up with new encryption methodologies. His weapon of choice for the most secure messages is the one time pad.
One time pads are deceptively simple. They're just a set of random somethings, usually numbers, that both the sender and receiver have. You encrypt your message with your pad, destroy it and the receiver decrypts the message and destroys it and her copy of the sheet in the pad. I'm going to do this today with a very simple subtract and add method (yeah yeah, I know your whatever method is superior. Stop.). What's most interesting about this is that you don't need any special tools at all to do it, but when all of the rules are followed, it's actually unbreakable. Mostly.
If you do all of this in a coffee shop with a security camera over your shoulder recording everything, then even "perfect" encryption isn't going to help anything. The chink in the armor for one time pads is user error.
The downside is that you each have to carry an identical pad with a bazillion numbers on it. Since one of the rules is that you can't use a computer (ALL computers are insecure), it's quite tedious and fairly impractical. Of course, in a follow up post, I'll violate the hell out of the No Computer Rule by implementing this on a 40 year old Commodore 64.
The Rules (just a small subset, there are probably many more)
So what do we need? Simple. A pencil, some paper, a hard writing surface (so you don't leave any message indentations on anything under your pencil) and a way to generate random numbers.
Computers can't generate perfectly random numbers. While they've gotten quite good at it over the years, the numbers are still pseudo random. Are they good enough for this demonstration? Probably.
In Cryptonomicon, to create the pads, Lawrence tasked a woman to pull a wooden ball with a letter on it from a bingo basket. She picked one out, and typed the letter on a page with carbon paper under it and repeated the process. (minor spoiler alert: the way she performed this task turned out to be problematic for the allied spymasters later on. Read the book to find out how.)
I don't have access to a WWII typing pool lady and I suspect you don't either, so we'll be using a 10 sided dice. These are readily available, mine came in a role playing game pack from the internet for a couple bucks. We're looking for the one with the digits 0 through 9 on it.
Using a perfectly weighted, blindly and perfectly thrown 10 sided dice (d10) nowhere near any gravity disruption devices, creates true random numbers. Without REALLY getting into the weeds, we'll assume this is random enough for our purposes today.
I've created some worksheets to use to make this whole process easier. After doing it a few times, you won't need them, but feel free to use them as often as you want.
Create the pads
First we're going to create two copies of a one time pad sheet. Roll your dice, write the number on each of the two copies, roll again. I've divided these blocks into groups of six. I think it makes things easier to keep track of where you are on the page this way.
So after we've rolled 300 times, we have two copies of a OTP sheet that look something like this:
OTP 917667 472122 743015 949112 394492 196680 545078 226776 176487 735627 636752 636396 110814 327257 243271 674649 261141 833271 285087 763132 727766 691411 423537 559464 831374 342008 648947 498220 126948 803543 943369 936420 500595 675785 644153 852795 532324 206365 151688 865376 964881 199041 876052 905228 843875 542527 132732 961138 346355 261365 DESTORY AFTER USE
If you make several (or dozens) of these sheets, you've can assemble them together into a One Time Pad.
Now we need to think of a secret message. Hmm...
BE SURE TO DRINK YOUR OVALTINE
Perfect. Our enemies who drink that chocolate milk made with partially hydrogenated something-or-other will never know!
Now let's encrypt the message.
Convert to ASCII
Next, we need to convert the letters into numbers. There are MANY methods for this, but for me, the easiest is to use their ASCII values. That way the only thing the sender and receiver need is their copy of the pad. The conversion table is well known and it's one less thing we have to decide on.
So we convert our text into numbers. Spaces are a 32.
Identify the sheet in your OTP
We’ll use the first 6 digits of the sheet we've chosen as the identifier. The recipient will look through their OTP for their copy of the sheet that starts with these six numbers.
Now line up the OTP sheet with the converted message text columns, keeping in mind that you have to skip your fist six numbers that you're using as the identifier. The worksheet makes this easy.
Subtract to Encrypt
Subtract the one time pad digit that lines up with the first digit of our message, treating each set of lined up digits like individual subtractions.
Pretty easy, but what happens if the number is negative (the bottom number is greater than the top)?
Add 10 like you are borrowing in a larger number subtraction. Don’t worry, we’ll do the opposite on the decrypt part so everything will line up.
Other examples 4 1 3 -9 -4 -5 -- -- -- 5 7 8 Treat 4 like 14, 1 like 11, and 3 like 13 in these examples
Send your message
You should end up with an encrypted message like so:
You can remove all the spaces and send the message so that it will look like this.
Now DESTROY everything you used to create it and send the encrypted message to your recipient in whatever way you want.
- Morse code
- Over a phone
- VHF Radio (don't use a HAM radio, encrypted messages are against the rules there)
- Smoke signals
- You could even email or text it (kinda boring though)
I DO NOT RECOMMEND USING A DROID FOR THIS. They get lost, stolen, manipulated, and sometimes writers forget that they know things from a prequel that make no sense several story chapters later. Do not trust robots.
Great, is your message sent?
Seriously, take the sheet out of your pad book and...
The recipient then receives your message. What they see is this.
Identify the OTP sheet
Now we're going to work in reverse as if we were the recipient. First we need to figure out which OTP sheet to use, so let's look through our pad for the sheet that begins with the same first six digits that we see in the message.
917667 - Our Sheet ID
OTP Sheet 917667 472122 743015 949112 394492 196680 545078 226776 176487 735627 636752 636396 110814 327257 243271 674649 261141 833271 285087 763132 727766 691411 423537 559464 831374 342008 648947 498220 126948 803543 943369 936420 500595 675785 644153 852795 532324 206365 151688 865376 964881 199041 876052 905228 843875 542527 132732 961138 346355 261365 DESTORY AFTER USE
Now shift the one time pad columns so they line up with the message, skipping the first 6. The worksheet makes this easy.
Add to Decrypt
Add the one time pad code that lines up with the first digit of our encrypted message, treating each set of lined up digits like individual additions.
Pretty easy, but what happens if the number is greater than 10?
Just do the addition and ignore the carry. The opposite of what you did on the subtraction phase.
Other examples 4 8 5 +9 +9 +5 -- -- -- 5 7 0 Ignore the carried "1" so 15 is 5, 17 is 7 and 10 is 0
Then convert your message from the ASCII numbers to uppercase letters and you've got your message.
That's really all there is to it. Congratulations! You've done something wildly impractical and quite error prone. And you learned it from an idiot who used a Commodore 64 instead of powerpoint to show you how it works. BUT it's pretty interesting that you can make completely secure messages with just a pencil and some simple math.
Some things to work on for more advanced usage:
- Come up with a codebook of commonly used phrases with numerical codes. (for example, instead of the word "passport" you might use the numbers 0838)
- Come up with a better encoding method
- Argue on the internet about why this isn't secure, or that pencils are dumb, or why strawberry Yoohoo beats Ovaltine any day.
There are MANY resources on more advanced One Time Pad implementations. This is the simplest of them and easiest to implement as there is no complicated math, no need to understand bitwise operations like exclusive OR, and no need to carry around anything other than a series of random number sheets.
If you stick to the rules, this can be a completely secure method of communication.