Practical One-Time Pad

2023-04-02

One-time pads are well known for their ability to provide unbreakable encryption, but they do not see very widespread use. This is understandable: they are limited in the amount of information they can practically convey, and generating them properly is tedius and slow1. And while there are some guides for using them (see Resources), these are mostly discussions of historical uses or require a lot of leg-work to follow.

However, pen-and-paper one-time pads offer a level of simplicity and observability that is unmatched by any (electronic) digital encryption. This also means that they are far more accessible than most conventional encyprtion methods for those who are not very proficient in computers and computer security. This, along with the promise of perfect secrecy if handled properly, is reason enough to make sure an implementation of the idea is usable and readily available.

So I set out to make a simple, straightforward process for creating and using one-time pads. The result is provided below as a pair of templates for sending and receiving pads. Each document is two pages and meant to be printed two-sided so that the front provides a brief explanation, warnings, and instructions for use. The back side then has the pad itself in the form of a worksheet that can be filled out cell-by-cell following the instructions on the front and using the character translation table that is provided.

The idea is that the template must be filled-out with the one-time pad values by someone who has an understanding of the requirements for secure one-time pad use (such as the need for the numbers to be generated by a True Random Number Generator), but can then be packaged and given to someone who only needs to follow the instructions on the sheet (e.g. a less technically-inclined parent).

Note that although the instructions are meant to be easy-to-follow, they are not foolproof. There are many ways to fail to encrypt the messsage and accidentally leak the secret. It would probably be best to work through a couple examples with whoever you want to share the pads with.

Template Downloads

Note: Each one-time pad template is meant to be printed out on a single sheet with the instruction page on one side and the pad itself on the other. That way the instructions will always remain with the pad.

Source Files:

How to Fill out the Template

Note: When writing down the values, keep the pad on a hard surface, especially not on top of another sheet of paper. The sheet below the pad can keep the impressions of the writing which leaks the secret pad values.

The one-time pad values on the sheet must be generated by a True Random Number Generator and the values must be from 0 to 9 inclusive. Anything pseudo-random or generated deterministically in any way (e.g. keystretching) will violate the requirements for the perfect secrecy of the one-time pad and will reduce the security of the system.

The best way to generate values for the one-time pad is to use 10-sided dice. Get as many 10-sided dice as you can and roll them in a box, then tilt the box so the dice form a line on the edge and the results can be copied off on to the one-time pad. Using this method with four dice takes about 30 minutes to make a one-time pad pair (i.e. rolling, filling out the values on one sheet, then copying the values to the other sheet).

6-sided dice can also be used following the chart below where one die is marked as black and the other as white.

Black,White B,W B,W B,W B,W B,W
1,1: 0 2,1: 6 3,1: 2 4,1: 8 5,1: 4 6,1: reroll
1,2: 1 2,2: 7 3,2: 3 4,2: 9 5,2: 5 6,2: reroll
1,3: 2 2,3: 8 3,3: 4 4,3: 0 5,3: 6 6,3: reroll
1,4: 3 2,4: 9 3,4: 5 4,4: 1 5,4: 7 6,4: reroll
1,5: 4 2,5: 0 3,5: 6 4,5: 2 5,5: 8 6,5: reroll
1,6: 5 2,6: 1 3,6: 7 4,6: 3 5,6: 8 6,6: reroll

Note that the first eight digits that are generated should go in the 'Encrypted Message' line in both sheets since they are simply used to identify which pad the message is for. The rest of the generated digits will go in the 'One-Time Pad Value' line.

It is possible to use other sources of random values, but not recommended. Dice are common, simple, and, with rare exceptions, known to be good sources of randomness. The same cannot be said for most other, especially computer-based, methods. If you are worried about the dice you have, try using several from different sets or purchasing casino-grade dice2.

Once the pad values are generated and written on one sending/receiving pad, copy them over to a receiving/sending pad.

Caution: Handwriting is prone to errors. Try to write distinctly and avoid glyph variations that can be confused with each other (like a one with only a serif and a seven without a stroke).

Handling the Filled-out Pads

After filling out both pads in a pair, you should ensure they can't be surreptitiously read. A couple simple steps will raise the required sophistication for this from casual snooper to dedicated adversary. First, note the shared identification digits for the pads so that you can put them on the packaged receiving pad. It will be used to find which pad should be used to decrypt a message that has been received. Then place each pad in an envelope, first wrapping them in aluminum foil. That should prevent someone from just shining a light through to see the pad's numbers3. Seal the envelope as usual, then apply a tamper-evident, serialized seal across the normal seal. These seals won't stop snooping, but will indicate if they've been removed or replaced. They are also cheap and widely available.

Labelling packaged pads with the name of the other party does potentially leak some information, but for most cases (e.g. for pads shared with family members), it is probably worth the convenience. Remember that losing or mixing up pads is a real risk too.

Lastly, a pad from each pair must be delivered to the other party. While it's easy to go down the rabbit-hole of paranoia, It's best to keep to the simple rule that you should deliver the sealed pad in-person. Other than that, don't worry too much about extra precautions.

Custom Codebook

Because the character conversion table is only (0,0) to (4,9), the rest of the codes can be used for other purposes. Custom codebooks can be created using the template to assign complete words to those codes. This can significantly shorten messages if the codebook contains frequently used words. They are usually best if tailored to whatever specific use they will be put to, but a good general example with 50 very common words is given here:

word code word code word code word code word code
about 5 0 from 6 0 like 7 0 receive 8 0 way 9 0
all 5 1 get 6 1 make 7 1 repeat 8 1 we 9 1
as 5 2 have 6 2 not 7 2 take 8 2 what 9 2
be 5 3 he 6 3 of 7 3 that 8 3 when 9 3
because 5 4 his 6 4 on 7 4 the 8 4 which 9 4
but 5 5 in 6 5 or 7 5 there 8 5 who 9 5
by 5 6 into 6 6 other 7 6 they 8 6 will 9 6
could 5 7 it 6 7 out 7 7 this 8 7 with 9 7
do 5 8 just 6 8 say 7 8 time 8 8 would 9 8
for 5 9 know 6 9 send 7 9 to 8 9 you 9 9

Once you choose the words you want to use, it's best to put them in alphabetical order so they are easier to look up.

Make sure to keep a copy of the codebook with each pad in the pairs that will use it.

Disadvantages

While this method has much to offer, it's important to understand all its disadvantages when using it.

  • Short message length: Only 172 characters for each pad pair

  • Labor-intensive to create: Roughly 30 minutes for each pad pair

  • No error-detection or error-correction, and the values involved in the message must be copied / calculated about 8 times

    1. Maker of pad: Copy values from dice to one-time pad template
    2. Maker of pad: Copy values from template to its paired pad
    3. Sender: Encode message on sending pad
    4. Sender: Encrypt message on sending pad
    5. Sender: Copy encrypted message to separate sheet
    6. Receiver: Copy encrypted message to pad
    7. Receiver: Decrypt message
    8. Receiver: Decode character values
  • You must keep pads for each person you want to communicate with.

  • You must be able to distribute pads securely.

Use-Cases

Despite these disadvantages, one-time pads are genuinely useful for a few common uses (in addition to many uncommon ones):

  • Sending passwords
  • Providing some authentication (e.g. to instruct someone to transfer money, especially if one party is travelling internationally). Especially now that AI techniques allow for difficult-to-identify voice and video impersonations.
  • Bootstrapping another, more convenient encryption scheme by exchanging keys using OTP.

Resources

  1. There are some computer-based one-time pads, but pencil-and-paper pads offer significant security benefits by side-stepping the issue of spyware completely. Digital pads do however offer the possibility of offline encryption. ↩︎
  2. At the very least, it seems to be the case that dice with sharp edges may be more random than those with rounded edges. See A Scientific Analysis of Dice ↩︎
  3. Note that even so-called 'security' envelopes don't prevent this ↩︎