patternModerate
Problem with the pseudo random number generator One-Time-Pad
Viewed 0 times
randomproblemthenumberwithtimegeneratoronepseudopad
Problem
I've started learning cryptography in class and we've come across One-Time-Pads, in which the key (uniformally agreed upon) is as long as the message itself. Then you turn the message into bits, do $XOR$ and get the cipher text. This encrypts the message and to decrypt the message you'd do $XOR$ with the cipher and key bits.
Now to make a more efficient One-Time-Pad you'd use a pseudo-random number generator, where the original key is $n$-bits long (and doesn't have to be as long as the message). Then you'd put the key in the generator and get a pseudo random number. But since it's pseudo random, wouldn't the sender and receiver get different keys? Then how can the receiver decrypt the message if they don't have the same key?
Now to make a more efficient One-Time-Pad you'd use a pseudo-random number generator, where the original key is $n$-bits long (and doesn't have to be as long as the message). Then you'd put the key in the generator and get a pseudo random number. But since it's pseudo random, wouldn't the sender and receiver get different keys? Then how can the receiver decrypt the message if they don't have the same key?
Solution
You seem to have misunderstood what the key is.
In the context of symmetric encryption, the key is a shared secret: something that is known to both the sender and receiver. For OTP, the key is the entire pad and, if two people wish to encrypt some message using OTP, they must ensure beforehand that they have a long enough pad to do that.
For your proposed "efficient" OTP, the key is the PRNG seed: both parties must ensure beforehand that they know it. Then, they both initialize the PRNG with the same seed and it is guaranteed to produce the same sequence of "random" numbers for each of them.
However, note that this is a massive, massive weakening of OTP. An actual OTP gives perfect security, as long as the pad is kept secret. If you intercept the 17-character message
you have zero knowledge of whether it is
encoded with one pad, or
encoded with a different pad. Or
or literally anything else. However, using a pseudorandom pad means that only certain pads are possible (maybe there's no key at all that encrypts the kitten message to "nsmklmfmwnfmngner", so you can rule that out). Anybody who knows the PRNG algorithm can start guessing keys to try to decrypt messages. Anyone who captures some pad material can start trying to reverse engineer the PRNG. Anyone who captures encrypted messages can start trying the same.
You really shouldn't call it OTP unless the key material is as long as the message. Your proposal for using a PRNG is just a generic stream cypher.
In the context of symmetric encryption, the key is a shared secret: something that is known to both the sender and receiver. For OTP, the key is the entire pad and, if two people wish to encrypt some message using OTP, they must ensure beforehand that they have a long enough pad to do that.
For your proposed "efficient" OTP, the key is the PRNG seed: both parties must ensure beforehand that they know it. Then, they both initialize the PRNG with the same seed and it is guaranteed to produce the same sequence of "random" numbers for each of them.
However, note that this is a massive, massive weakening of OTP. An actual OTP gives perfect security, as long as the pad is kept secret. If you intercept the 17-character message
nsmklmfmwnfmngneryou have zero knowledge of whether it is
maketrumpthepotusencoded with one pad, or
ensureclintonwinsencoded with a different pad. Or
kittensarethebestor literally anything else. However, using a pseudorandom pad means that only certain pads are possible (maybe there's no key at all that encrypts the kitten message to "nsmklmfmwnfmngner", so you can rule that out). Anybody who knows the PRNG algorithm can start guessing keys to try to decrypt messages. Anyone who captures some pad material can start trying to reverse engineer the PRNG. Anyone who captures encrypted messages can start trying the same.
You really shouldn't call it OTP unless the key material is as long as the message. Your proposal for using a PRNG is just a generic stream cypher.
Code Snippets
nsmklmfmwnfmngnermaketrumpthepotusensureclintonwinskittensarethebestContext
StackExchange Computer Science Q#89531, answer score: 17
Revisions (0)
No revisions yet.