Friday, February 03, 2012

Nothing To See Here: The One-Time Pad

Today, Tovarich, we are going to learn how to use a One-Time Pad (or OTP) to encrypt, or decrypt, secret communications. This system is essentially unbreakable so long as it is only used ONCE - hence the name.

While not exactly part of a regular PI's toolbox, it may be of possible interest to budding spies.

You will need:

  1. Some paper
  2. A pencil
  3. State secrets

First, let us get to the basics and familiarise ourselves with some terms. 

Plaintext is the message, unencrypted, ie in plain text whereas cyphertext refers to the encypted message.

A Conversion Table is used to convert message to and from numbers, letters, or both. This is NOT the encryption or decryption process! Here is an example of a conversion table:

A Key is the (usually 250) random letters or numbers that comprises the One-Time Pad itself. Here is an example of a numeric OTP key:

So, let us begin with a basic example using the above conversion table and OTP key.

Step 1 - Write message out in plaintext


Step 2 - Convert using table

Using the conversion table above, this plaintext message would be converted to the following:

79, 2, 2, 6, 3, 4, 74, 6, 5, 72, 1, 88, 1, 6, 90, 1, 2, 0, 0, 90, 75, 82, 83

Note that when numbers are given in plaintext, ie 1200, FIG is used before and after the series to denote that the numbers are numerals and not to be converted as letters. So, in this case 1200 is coverted as FIG 1200 FIG, or 90, 1, 2, 0, 0, 90.

Step 3 - Group output into groups of 5

79226 34746 57218 81690 12200 90758 28391 91919

Always finish off your message with a series of full-stops (ie 91 91 91...).

Remember, this is still plaintext. Once we have reached this step we are ready to use the One-Time Pad and encrypt our message.

Step 4 - Encryption

We will use the OTP above as our key in this example. Note, the first set of numbers on the OTP (in this case 54048) are not used in the encryption process, but the KEYID to identify which OTP is being used.

Here is our plaintext message:

79226 34746 57218 81690 12200 90758 28391 91919

Here are the next 8 groups of numbers from the OTP Key after 54048:

84038 99541 47661 32157 83268 19341 64279 92507

To encrypt, take each numeral individually in turn from the plaintext and subtract the corresponding number from the key. If the number being subtracted is greater, add 10 to the plaintext number. So, in this case we start with plaintext value of 7 minus key value of 8. Since 8 is larger than 7 we calculate it instead as 17 - 8, which results in 9.

Working through the first group we do the following calculations: (1)7-8, 9-4, 2-0, (1)2-3, (1)6-8, resulting in the cyphertext of 95298. Continuing through with the rest we end up with:

95298 45205 10657 59543 39042 81417 64122 09412

We have just encrypted our message! However, before we can send it we must not forget to include the KEYID - the first set of 5 numbers, otherwise our recipient will never know which OTP key to use to decrypt our vital communication. So the actual message will look like this:

54048 95298 45205 10657 59543 39042 81417 64122 09412

Step 5 - Destroy OTP Key used!

The OTP remains a totally unbreakable system so long as certain security measures are adhered to - including that it is never used more than once. Also, the more copies of the OTP that exist, the greater the opportunity that it may be compromised, so it is best that only two copies of OTP keys exist - one for the agent and one for the handler.

Decrypting an OTP message

It is a simple process which is essentially the exact reverse of the encryption steps undertaken. The first set of numbers will refer to which OTP key to use. Then the cyphertext

95298 45205 10657 59543 39042 81417 64122 09412

is added to the OTP key (no remainders: 8 + 4 = 2 not 12)

84038 99541 47661 32157 83268 19341 64279 92507

which equals uncoverted plaintext 

79226 34746 57218 81690 12200 90758 28391 91919

 which converts to



Is that it?

Well, in a nutshell, yes. However, there are other options for encryption keys, such as using letters rather than numbers, and using a codebook for commonly used terms to maintain brevity and as a further level of security.

And, of course, before you can send your secret messages selling out your country, you need to create your OTP keys. You can find a cool little tool here to create random numbers or letters formatted as OTPs, worksheets and even conversion tables.

Next time on Nothing To See Here, we'll look at how OTPs are in use today and examine an enduring mysterious phenomenon...


  1. I find typing in wingdings to be an effective encryption.

    1. Hmmm. I'm thinking that maybe it isn't best used when transmitting stolen missile codes or something.

  2. Well if I ever have missile codes or anything of that nature, the encryption I use will be the least of my concerns.

  3. I have a paper and pencils but am having trouble locating any state secrets. Can you help?

    1. Possibly. Of course you could follow that other time-honoured spy tradition of just making stuff up.