Q.

Explain One-Time Pad with examples, and discuss the merits

demerits.
1. One-Time Pad
One- time pad in Cryptography is a system in which a randomly generated private key is
used only once to encrypt a message that is then decrypted by receiver using a matching one-
time pad and key. Messages encrypted with keys based on randomness have the advantage that
there is theoretically no way to "break the code" by analyzing a succession of messages. Each
encryption is unique and bears no relation to the next encryption so that some pattern can be
detected. With a one-time pad, however, the decrypting party must have access to the same key
used to encrypt the message and this raises the problem of how to get the key to the decrypting
party safely or how to keep both keys secure. One-time pads have sometimes been used when the
both parties started out at the same physical location and then separated, each with knowledge of
the keys in the one-time pad. The key used in a one-time pad is called a secret key because if it is
revealed, the messages encrypted with it can easily be deciphered. One-time pads figured
prominently in secret message transmission and espionage before and during World War II and
in the Cold War era. On the Internet, the difficulty of securely controlling secret keys led to the
invention of public key cryptography.

Typically, a one-time pad is created by generating a string of characters or numbers that

will be at least as long as the longest message that may be sent. This string of values is generated
in some random fashion - for example, by someone pulling numbered balls out of a lottery
machine or by using a computer program with a random number generator. The values are
written down on a pad (or any device that someone can read or use). The pads are given to
anyone who may be likely to send or receive a message. Typically, a pad may be issued as a
collection of keys, one for each day in a month, for example, with one key expiring at the end of
each day or as soon as it has been used once.

Examples
There are several different types of encryption, and they are used for many things. Common
examples include protecting the password on your cell phone, securing the communications
between yourself and ecommerce websites, and hiding sensitive email. In each case, it quietly
does its thing, behind the scenes Although it seems like common sense to use data encryption in
business and other entities for security, many organizations are opposed to encrypting data
because of some of the obstacles involved with doing so. Like everything else, data encryption
has its pros and cons and businesses must look at all of the considerations to make an informed
decision about encryption.
To encrypt a letter, a user needs to write a key underneath the plaintext. The plaintext letter is
placed on the top and the key letter on the left. The cross section achieved between two letters is
the plain text. It is described in the example below

To decrypt a letter, user takes the key letter on the left and finds cipher text letter in that row. The
plain text letter is placed at the top of the column where the user can find the cipher text letter.

Merits
It is extremely important to understand that "One Time Pad" is an element of the actual
cipher used not any particular protocol. For example, SSL or TLS using RC4 is, effectively,
implementing a digital One Time Pad, while SSL or TLS using DES or AES is not using one.

One Time Pad refers to the old-school cryptographic technique of printing code pads actual
paper things that could be used to encrypt and decrypt messages. The pad was effectively the key
to be used to encrypt a message. The strength of a One Time Pad derives from the fact that your
messages are generally short and the key is used one and only one time. This makes statistical
attacks against the cipher text difficult. However, should you reuse the key, you instantly begin
to compromise the overall security of the data, making a statistical cryptanalysis more viable.
There are other important features, however. Since a One Time Pad uses the key only one time, it
also means that you get Perfect Forward Secrecy for free. PFS means that should an attacker
"break" a key, either through a chosen plaintext, a known plaintext or other cryptanalysis,
breaking that key gives you absolutely no information about any previous key or any future key,
except, of course, that those keys are not the current key.

In practice, digital one time pads do not change the key after every single message. If
they did, that would be fantastic, but it's simply not practical. To offset this deficiency (key
reuse) implementations typically include two things. The first is a protocol or method to
periodically replace the fixed portion of the key based on time or the amount of data sent. The
second is to use some type of random "initialization vector" (think of it as a big salt) that is
added to the key before encrypting each message.
Demerits
The main disadvantage of encryption with the one-time pad is that it requires a pad of the
same length as the message to be encrypted. Since each pad can only be used once, this means
that it is necessary to share a pad of the same length as the message to be shared. Actually, the
problem with OTP isn't the storage of the pad (although secure erasure of the parts of the pad
you used is trickier than it looks), and it isn't the pad generation (although, again, that's trickier
than it looks), but the secure transport.

After all, it's not enough for you (Alice) to have the secure pad, you also have to give a
copy to the guy (Bob) you're sending the message to, and you need to send it in a way that's
secure. That's the real reason OTP's aren't used that often; OTP's would require meeting with the
other side directly, or alternatively using a trusted courier; we rarely want to put up with the
expense with either, especially since there are cheaper alternatives available.

2. Steganography
Steganography is data hidden within data. Steganography is an encryption technique that can be
used along with cryptography as an extra-secure method in which to protect data.
Steganography techniques can be applied to images, a video file or an audio file. Typically,
however, steganography is written in characters including hash marking, but its usage within
images is also common. At any rate, steganography protects from pirating copyrighted materials
as well as aiding in unauthorized viewing.

Rather than being incomprehensible to an unauthorized third party, as is the case with
cryptography, steganography is designed to be hidden from a third party. One use of
steganography includes watermarking which hides copyright information within a watermark by
overlaying files not easily detected by the naked eye. This prevents fraudulent actions and gives
copyright protected media extra protection. There is some concern, sans definite proof, that the
terrorists who plotted and deployed the 9/11 mission in New York City utilized steganography.
This is what primarily brought the science of stenography front and center. Data can be stolen
and encrypted through a file transfer or, more often than not, through email. And as with what
has been suspected for 9/11, steganography can be used for secret communications that deal with
terrorists plots.

Examples
Many different schemes have been developed to send steganographic messages. Here, we
will cover a few schemes developed in early days, ones used during wartime, and methods
commonly used today.
Early
In ancient Greece, wax tablets with a wooden backing were common writing surfaces
since the wax could be melted and reused. To send secret messages, a message would be
inscribed directly on a wooden tablet before the wax was applied. Another, innocuous message
would be carved into the wax on top and the tablet sent to its intended recipient, who would melt
off the wax and read the true message. Another method of concealing messages was to encode a
message on a piece of thread using Morse code. This thread would be knitted into the clothing of
a messenger and then removed and read at its destination.

Wartime
During the World Wars, many different methods of sending hidden messages were used.
Female spies would encode messages in knitted patterns (leading to a ban on new knitting
patterns). Photosensitive glass (which shows an image when exposed to the correct wavelength
of light) was used during World War II to send messages to Allied forces.

Modern
The most common form of steganography used today hides files within image files on a
computer. The hidden file is encoded in the least significant bits of the values encoding the color
of each pixel of the image. Changing the least significant bits changes the appearance of the
image very slightly, and is not perceptible to the naked eye. If the change is detectable at all, the
colors will just look a little off as if the image was taken from a low quality camera on in poor
light. A similar process can be used to conceal data in sound files since the human ear is limited
in its ability to differentiate different, similar frequencies (and in the range of frequencies it can
detect).

Merits
Steganography is distinct from cryptography, but using both together can help improve
the security of the protected information and prevent detection of the secret communication. If
steganographically-hidden data is also encrypted, the data may still be safe from detection --
though the channel will no longer be safe from detection. There are advantages to using
steganography combined with encryption over encryption-only communication.

The primary advantage of using steganography to hide data over encryption is that it
helps obscure the fact that there is sensitive data hidden in the file or other content carrying the
hidden text. Whereas an encrypted file, message or network packet payload is clearly marked
and identifiable as such, using steganographic techniques helps to obscure the presence of the
secure channel. The larger the cover message (in binary data, the number of bits) relative to the
hidden message, the easier it is to hide the hidden message (as an analogy, the larger the
"haystack", the easier it is to hide a "needle"). So digital pictures, which contain much data, are
sometimes used to hide messages on the Internet and on other digital communication media. It is
not clear how common this practice actually is.

Although steganography and digital watermarking seem similar, they are not. In steganography,
the hidden message should remain intact until it reaches its destination. Steganography can be
used for digital watermarking in which a message (being simply an identifier) is hidden in an
image so that its source can be tracked or verified (for example, Coded Anti-Piracy) or even just
to identify an image (as in the EURion constellation). In such a case, the technique of hiding the
message (here, the watermark) must be robust to prevent tampering. However, digital
watermarking sometimes requires a brittle watermark, which can be modified easily, to check
whether the image has been tampered with. That is the key difference between steganography
and digital watermarking.

Demerits
Unfortunately most uses of steganography and research around the topic of
steganography center on the illegitimate purposes. The three biggest areas of illegitimate
steganography evolve around terrorism, pornography and data theft. During the research for this
website the illegitimate uses of steganography were also found to be on a global scale, involved
national security or were done on an academic basis in order to better understand the potential
danger of steganography if created by individuals with ill-intentions.