Posted: 09/30/2013 in Communications

In cryptography, the OTP is a very simple, yet completely unbreakable, symmetric cipher. The OTP is essentially a pad of papers on which each page has a unique set of random letters. The sender and receiver are given two pads. One half of one set for encipher and one half of another set for decipher goes to each person. Each letter on the pad is used to determine a single letter of the enciphered message. Since the letters on the pad are random, there is no formula that can be determined by studying the letters. Assuming that the pad is not compromised, and each page is used only once, the OTP system is unbreakable. That is why the one time pad is considered to be the holy grail of cryptography.

The rules of OTP use are:

1. The key text code must always be longer than the message to be encrypted.
2. Use each key text one time, then destroy it.
3. The OTP must be kept secure to avoid compromise.

This is an example of a ONE TIME PAD page – The pad page name is the first key group, This would be page “UMAZP”.

UMAZP ETDRA NFJEW LKUKK OBWYM XWDKJ BDIZC HAVQZ LKJOD NJIBZ
IGXNX WAYHN MTJSY BJVDC YLDTE RYAEM NXVBD YVCAN VVRWQ IWNCS
LPIJU TFXYZ KBWKU VMLBA BLYEB WPEVK MMLIE JZQOD TNNHU AAYKW
BVWDB TSJYI AINOF CXTRB LJIME GCYUZ DSOAW WLIZM THAYG BOHVY
DOPTV UYDTM OLYLS ATCSX USRSD KUCGG UIHXP ERFWV NOKHT

The key letters on the pad, and the messages themselves, are typically written in 5-letter groups. This helps the communicators to verify the length of the message, and if something was misunderstood, the receiving person could ask for a certain group to be repeated. When encrypting the message to be sent, the first 5 letter group on the encrypt pad page is sent “in the clear” or not encrypted, in order for the receiving communicator to locate the correct page in the pad to start decrypt from. Numbers are written long hand; “1” is written “one” etc. If the last word group does not equal 5 letters the remaining plain text letters are filled in with the letter(s) x to finish out the message. Each message should end with the letters “BTAR” to signify the end of the message to the receiver. Each page of the pad is sealed and must not be opened until actually enciphering or deciphering. The key text may not be reused and the used pages should be burned with the resulting ashes mixed in water to make a slurry after each use.”

To use the OTP, a method is needed for mixing a letter of plain text with the corresponding letter of the key text (from the pad), to produce a letter of enciphered text. The method used is called a “Vigenere’s Tableau”, or Tri-graph (see the first picture, below). The Tri-graph has the alphabet in the left-most column, and also across the top (printed in black in the picture). For each row, there is a shifted-reverse alphabet (printed in red). So, the “A” row lists the alphabet backwards, beginning with Z and ending with A. The “B” row begins with Y and ends with Z, etc.

Begin message encryption by first removing the top page from the pad. The page is removed so that the plain text message is not impressed into the paper of the page below. The plain text message is written directly under the key text on the removed page starting at the second key text group. The first group is not encrypted in order to identify to the receiving party, the page to start decryption with. To encrypt the first letter in a message, go to the row on the Tri-graph corresponding to the plain-text letter, then go to the column indicated by the first letter on your OTP. The letter at the row-column intersection is the encrypted letter. The Tri-graph does not contain any ‘secret’ information – it simply provides the mechanism for combining plain and key text into enciphered text.

For example, suppose that the message is “AMMO RESUPPLY AT OLD BARN TONIGHT” :

ETDRA NFJEW LKUKK OBWYM XWDKJ BDIZC HAVQC- this is the key text (from example above).
AMMOR ESUPP LYATO LDBAR NTONI GHTBT ARXXX —– this is the plain text written in 5 letter groups directly below the key text.
VUKUI ICWGO DRFWB AVCYW PKICI SPYZE SIKMD—– this is the enciphered text.

“E” from the cipher text, plus “A” from the plain text combined in the trigraph equals “V”. To decrypt a message, combine the Trigraph letter with the decrypt pad letter to break out the plain text message. If your wondering why the first group UMAZP was not used in the example above, remember, it would be sent in the clear, to i.d. the page to start decrypt with. When sending a message with this method, the sender should include a special, pre-arranged word, known only to the sender and receiver, in the same group, say…group 5, of every message. If this word is left out, the receiver would suspect that the pad or sender had been compromised. All computer based encryption methods use a similar type of authentication.

This tried and true method of encryption is slow and cumbersome. It can be used for all types of communication; dead letter drops, snail mail, telephone and radio communications. It requires planning, some training and pre-distribution of key. It can, however, be yet another tool for future use.

1. K@CSG says:

By pure coincidence, I was working on a post addressing this very topic. A clear breakdown of the Tri-graph’s use has been sorely needed. Nicely done MSG….

2. Harry Brown says:

Funny to see that sealing wax and hand code are still in vogue after thousands of years.

3. […] going to get detailed in why I am saying what I am about to say.  Go and read this post – Encryption Via A One-Time Pad – at Dan Morgan’s place.  Also, all of this is courtesy of Mosby via […]

• danmorgan76 says:

Thanks Stephen, that a beautiful copy

4. Chris says:

“Each message should end with the letters “BTAR” to signify the end of the message to the receiver.” LOL – This is just the Morse code procedural signals for “pause, end of message” and would not be encoded. It is sent in plain text so the receiving operator gets ready for the next message.

If you have files of random bytes, this method of encryption can be employed using CHAR() and ASCII() functions and additions/subtractions (mod 255) to encrypt any sort of files. (This is what Tom Clancy novels call “TAPDANCE.”) As the article says, be sure you have truly random keys and be sure every copy is secure.

• danmorgan76 says:

Chris, you are correct, “BT AR” stands for “break” “end of message” and it is sent in the clear at the end of the message. We used a technique whereby we were required to send our messages buried in a 120 5 character group message, using manual cw, with a leg key, to the base station. The base did the same to us., although the base was automated. We got fairly good at copying code. We pretty much had the Trigraph memorized. One Echo would copy code, while the other broke out the message on the pad. We made a deal with the base operators to also encrypt BTAR at the end of the message intended for us, that was buried in the 120 groups, so when we saw BTAR break out, we stopped copy, packed the radio gear and got off the x. The base station continued to send the rest of the message that was meaningless. Just another technique to save time while maintaining security.

5. […] Herschel adds a caveat to the recent post by Dan Morgan. […]

6. […] Dan Morgan 76 […]

7. Mark Matis says:

If you use a computer to generate these OTPs, if that computer is connected to the Internet, and if you are running software from Microsoft, Apple, Google, or Facebook on that computer, you hopefully will understand that generating OTPs may also conveniently provide a full copy to the US government, if they are interested in you. At very least, those four software companies have provided back doors into their software that the government can use WITHOUT your knowledge to read any files on your computer, to capture any keystrokes you make, and to put files on your computer without you knowing they are there. I’m not sure how many other US-based software companies have ALSO provided such backdoors to the US government, but caution is warranted if you really intend to use such encryption.

I will also note that the favorite practice of the US government is “infiltrate to incite and indict”. Hutaree militia and Four Grandpas in a Waffle House are merely two examples. Encryption is useless if the OTHER end of your communications is corrupted…

• danmorgan76 says:

Mark,

Good points.

I use an air gapped linux box. The key and program are transfered using a thumb drive. Better yet, as stated by another, use dice. It’s a slow method, but time is on our side.

You should always throughly vet members of your team. Start now.

8. Joseph Plumb Martin says:

Thanks MSG Dan. Years ago the SITREPs etc were brief and to the point not the bloated multi page stories insisted on today. There were brevity codes, bundle codes and clear and concise formats in the SAV SERV SUP. I fear that this knowledge only resides in the memories of old time SF soldiers. Maybe time to look around gun shows for these old manuals and start training passing info using these formats. They worked fine years ago when we faced a more formidable enemy.

• danmorgan76 says:

JPM, I’m one of those old SF Commo guys that can can barely remember what day of the week it is much less remember all of the formats in the SAVSURSUP. I would give my left nut (the small one of the two) for a copy of it. Same with the FIPS you mentioned earlier.

• Here’s the latest FIPS doc, I think – fed cybersecurity manual finalized back in March 2013 http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-53r4.pdf

• danmorgan76 says:

Penny Pincher,

The FIPS that JPM and I are referring to is the acronym for the old Frequency Identifier Pad System. The official name is the KTC-1400 aka the DRYAD pad. They were used throughout the Army, mainly as an authentication system for radio operators. I think I first used them as an 11B (Infantryman) about a million years or so ago. In SF we used them to send coded information over the radio. The codes were used in situations such as frequencies to change to, or authentication of unknown radio contacts. I used a very simplified version of the fips authentication table in my SOI article and plan to go into more detail about it in the future.

9. jerry says:

There was an old field expedient we used for creating a one-time pad. It was necessary to have a preset agreement with your operations base as to the source, but it was pretty simple, as long as you both knew where to turn. For example…. any book, same publisher/edition will work. You have preset the page to turn to and start at the preset location (top of the page or second paragraph, whatever). You start right there and copy off the letters to form 120 groups of 5 characters. When you get to the end of that new “OTP”. I think we used to work from copies of the bible, War and Peace and Chairman Mao’s … On Guerrilla Warfare. Nobody ever broke us.

• You were lucky. If you use English text (or any non-random thing) as a OTP, they can crack it knowing the letter “e” is the most common letter, and so forth. It all depends on how much computer power your enemy has. Against some clueless peasants, sure it’ll work. Not against the NSA.

10. danmorgan76 says:

Jerry, Yep, I remember being taught that method. But let me tell you, I caught more flak from the blogosphere regarding this article then all the rest combined, so I’m a little leery recommending any other encryption methods. It may be in this age of super computers that these old methods can be quickly broken. As long as the rules for implementation are strictly adhered to, and you understand your threat, I suspect you’ll do just fine. Now that I’ve said that, I will proceed to show yet another method and draw fire down upon my head. Someone sent it in over at WRSA. Type into your search engine “30 sided Alphabet dice” A set of five is about \$7. I tried ’em and they worked great. The drawback; it is a slow method and you have to generate both sides of the pad and make distribution ahead of time.

• jerry says:

I bow to your wisdom and respect that code breaking today is a much more going business with superior computers. You’re probably right, but fifty years ago, we didn’t have Cray computers in the next hooch, waiting for the bad boys. Most messages had only 24 hours to be of any use anyway, so code breaking then was pretty moot. That might be the same now….if you use things sparingly, it will work.

Thx vry much for the idea of the 30-sided alphabet dice. That trumps everything….going to look into it. These things all have their limitations…. and you’re right…have to be very strict.

….and thx very much for running this site. Good fresh / refresh course.

11. anonymous says:

Your contribution is invaluable to the cause. Its easy to second guess and criticize those who are doing by those who wont. OTP and Book codes still work and being information is always time sensitive that even if a super computer cracks one, the intel is stale. To many are looking for a perfect solution to justify their inaction. Thank you for all of your effort and please keep sending the signal, its getting through.

12. re 30 sided alphabet dice why not use 6 6-sideds? In addition to being more available you could claim you were playing Yahtzee if you were caught with them. Or for those D&D players, a 20 and a 12 sided would also do.

See with 2 dice you will never get 1, with 6 dice you will never get 1-5 so you need more dice.

• danmorgan76 says:

PP,

The 30 sided dice just speed things up a little. Our standard message was 150 – 5 character groups, or 750 characters. That’s a lot of dice rolling. We were required to use that standard so no one could determine the actual length of the true message encrypted within. One of the rules for OTP use. As to why you would have such dice, they are an educational tool used to teach young’ens, like my grandchildren, their letters.

• numerology fiend says:

Six 6-sided dice make a bell curve of output centered at about (3.5×6). This means you get lots and lots of 19,20,21,22,23 and hardly any 6 or 36 in your output set. This is great for rolling up standardized D&D NPC’s (6 dice, divide result by 2 for the 3-18 attribute # for a good quality non-hero peasant) but not the kind of random you want for a OTP.

6 sided dice with dimples also have a slight bias to 5/6 over 1/2 due to the unbalance of more dimples in the cube. Not random.

26 sided die is pretty-random, but the faces are small and hard to read. 10-sided die is much easier to read (which side is up) and will directly read to make 5 number blocks.

+1 on making messages short. +1 on regular transmissions of low-content messages to bury important messages in and keep coders/decoders in practice. Don’t make traffic analysis easy.

Listen to Cuban “numbers” station broadcast. Who knows wtf this is, if anything? is it worth copying? Is it worth decoding? Is it worth jamming? There are decades of this out there, probably all in a US archive (analog tape reels) somewhere. It cost very little to do and occupied a bunch of expensive people and gear on our team for a long time.

13. Jack Kunnari says:

Just out of curiosity, can’t you simply make up the numbers instead of using dice (if you can’t use a random number generator)? You know, just write them down: 16393 etc. Whatever comes to your head. Or will this create some sort of subconscious pattern?

I don’t think our minds are completely random, but it seems to me that it would be as impossible to crack as any dice made key?

14. Jack Kunnari says:

Actually I guess you would just make up the letters, that would be easier. AKEJO etc.

15. Otpencrypt says:

Otpencrypt is software for performing one time pad encryption:

https://bitbucket.org/otpencrypt/otpencrypt/wiki/Home

• Action saxon says:

Making up the numbers and letters doesn’t work. People fall into patterns fast. You need to understand the need for TRUE Randomness. With out it, you are bullet-in-the-head vulnerable. Just use the dice.

Btw, random dot org does a great job with their string service and is workable with one issue. It violates the chain of control requirement for your data. IF the BIG boys are able to catch your R.O strings in the traffic of the net, then they could crack your OTP through colossal brute force. It is very, very hard, but not mathematically impossible. YOU WANT MATHEMATICALLY IMPOSSIBLE!!! Oh and for heavens sake! Don’t Mail a pad to your buddy across the country!!!