Best short description of one-time pads (OTPs) is from Jason Matthews, who is describing their use in the heyday of the cold war in the book Strangers on a Bridge by James B Donovan.
Before the advent of automatic enciphering technology, secure radio communications between an intelligence headquarters and its agents in the field were abetted by use of one-time pages (OTPs, sometimes referred to as “cut numbers”). These cipher pads were individual sheets of printed rows and columns of five-digit numerical groups. The pads were bound with rubberized adhesive on all fours sides, and normally printed small for concealment purposes.
A field agent would receive a shortwave radio broadcast from headquarters via one-way-voice link (OWVL.) These OWVL broadcasts consisted of a monotone female voice reading a series of recited numbers—an enciphered message. The agent would record the recited numbers in five-digit groups and subtract them on the correct OTP page. The resultant values would correspond to the 26 letters of the alphabet and reveal the message. Because each page of the OTP is randomly different and used only once, looking for patterns in cryptanalysis is futile. It is an unbreakable cipher…
Indeed it is unbreakable. Eat your heart of quantum cryptography! Because, in essence, every character in a OTP is separately encrypted, and each pad used only once, the code is impossible to break. I use impossible in its literal sense. No computer no matter how powerful running for any amount of time can decipher the message. That is to say, unless the “key” which generates the OTP can be discovered.
Since random means unknown, the “secret” to key generation is an unknown process. Here, of course, “quantum” events can be used, say, in the form of static of radios tuned to unused stations—as long as that static is atmospheric, or preferably extra-gallactic, in origin and thus unpredictable. Using any kind of “random number algorithm” produces, as all experts know, perfectly predictable, deterministic keys. (This, incidentally, is why in Uncertainty, I recommend against simulation methods.) Also, the device used to capture static must itself be as “noise-free” as possible, since known circuitry could generate predictable signals.
OTPs were used well after the advent of “automatic enciphering technology”. I recall in the early 80s listening on shortwave to “numbers broadcasts”, almost always in Spanish and male voices, in San Antonio. (Not only did I get my start in the Air Force in a cryptographic specialty, I was and am a “ham”; back then I was KA5YHN and am now K2JM.)
Shortwave broadcasts have the added benefit of disguising the intended receiver, which could be anybody with a radio and a length of wire. This is important to discourage “SIGINT“, or signals intelligence, which is the study of where, when, and how signals are sent. A surprising amount of information can be gathered about an encrypted message, even if the cipher is never broken, simply by paying attention to the transmission. SIGINT is called “meta data” with respect to your cell phone and computer messages, and that “secrets” about you can be discovered using it alone and ignoring the actual content of your phone calls and emails is why we don’t want the government, or other sources, evasedropping on our conversations.
Real OTPs must be destroyed immediately after use, or the cipher can be broken. They must be used only one time, or patterns will stick out like a Republican in an Anthropology department.
Now, with our hand-distractions, it is easy to store very large electronic OTPs (which can be used in encrypting text or digitized voice); it is even easy to generate keys, assuming the cautions about unpredictable generation are minded. The problem comes in swapping keys with recipients. You have a cell phone on which is the OTP App. How do you communicate this key to your friend? The key has to migrate from your device to his. It could do this via Bluetooth, but doing so exposes the key to the world. The device itself, unless it is well shielded against electronic emanations, can leak the key (this is called Tempest security). The key may be shifted to something like a thumb drive or SD chip, and then the chip inserted into your friend’s phone. The chip must then be destroyed, as in utterly, or otherwise rendered unreadable (perhaps by rewriting on it new unused keys many times).
This meeting between you and friend must take place. You can’t use an old key to transmit a new one, because with OTPs it’s digit-for-digit: compression of keys is impossible. Transmission of the key over the air or, say, internet exposes it. Anything short of a hand-to-hand swap exposes it. Since a meeting must take place, the usefulness of OTPs is limited. But very useful is absolute, unbreakable security is desired.
There are more problems, besides Tempest leakage. Suppose you are receiving the encrypted message from your friend, and decrypting on your device (ignoring electronic leakage, which is no small consideration). The device will still have the key and the plain-text message! Of course, this is no different a situation than the spy who sits in his room and has on hand the OTP and decrypted message. But a small piece of paper, or two, is easier to destroy and conceal than a cell phone.
This means the key must be self-destroying. As it is used, the places on the storage device must be re-written dynamically, and in such a way that no fine probing will ever reveal what was originally written. No easy task. And the same must happen to the message itself, after it is made use of. For voice communications, this is easy, because they’re (forgive me) in one ear and out the device. But texts (or emails, etc.) must be guarded more zealously.
OTPs are in use still on the internet, with otherwise innocuous web pages and images containing updated version of the five-number groups. Decrypting short messages can, and surely are, still processed by hand using paper OTPs. But long messages or other formats is not different than the two cell-phone case. Key swapping must still take place—as it did with paper OTPs, of course.
SIGINT for cell phones, and even web sites, is still a problem. Even thought the OTP App works as desired, your enemy will still know when you sent the message, where you were when it was sent, where your friend was when he received it, and how long that message was. That last item is perhaps the most revealing. So lucrative, if I can use this word, is this that stations have taken to swapping continuous messages so that outsiders never know when the real one starts and ends and how large the message was.
One last point about spoofing. A concern is that an enemy agent can inject numbers into the “code stream” which might mistakenly be taken to be real by the recipient. But unless the spoofer knows the key, and therefore hasn’t much need of spoofing, injection is immediately detectable. Which is also a boast of quantum-key cryptography. In that, incidentally, key swapping must still take place, though it is of a different form.
Conclusion? For cell phones, anyway, the whole thing is possible, and not even so difficult. The problems are signal leakage, lost phones, SIGINT and of course the key swapping. Just as with paper OTPs, we aren’t limited to only two phones, but an indefinite number in a network.
I always wanted to try this, but I am not a coder (though I code). The ideas are so obvious they must already be in use somewhere, but I’m too lazy to look them up.