Talk:One-time pad

From Citizendium, the Citizens' Compendium
Jump to: navigation, search
This article is developed but not approved.
Main Article
Related Articles  [?]
Bibliography  [?]
External Links  [?]
Citable Version  [?]
To learn how to fill out this checklist, please see CZ:The Article Checklist. To update this checklist edit the metadata template.
 Definition A cipher system in which the cryptographic key, i.e. the secret used to encrypt and decrypt messages, is a sequence of random values, each one of which is only ever used once, and only to encrypt one particular letter or word. [d] [e]

This is an external article. See Talk:One-time pad/Permission.

Disagreement with external article

First, since the under the heading "bogus one time pads" was changed at CZ, the article is no longer completely external.

Second, while it is said that the invulnerability is "easily" proved, neither the proof is given here, nor is Shannon's proof cited. CZ doesn't insist that everything be sourced, but in a case like this, when sources are readily available, it seems reasonable to have it. Shannon is the original, but there are other reasonable sources.

Third, and speaking again to sourcing, give examples or citations, not just generalities about marketing and stream ciphers. In a few minutes of searching, I was able to find, admittedly with some shock that the patent was granted, "US Patent 6337910 - Method and apparatus for generating one time pads simultaneously in separate encryption/decryption systems", which is not generating one-time pads, but exchanging seeds for pseudorandom number generators. See

There is a quite interesting discussion in some joint lecture notes from MIT and UCSD at, with Chapter 3 variously pointing out that some truly natural phenomena can be autocorrelating and thus weak one-time pads, and some arguments, which I want to reread in detail, about a claim that some pseudorandom number generators can be proven "that a generator that passes the next-bit test is perfect in the sense that it will pass all polynomial-time statistical tests."

I am concerned, as a Computers Workgroup Editor, that this article would not meet the CZ:About criteria for eventual approval of "authoritative, error-free, and well-written as encyclopedia articles are expected to be" The current version might develop into such, but it needs much work. Howard C. Berkowitz 21:00, 2 August 2008 (CDT)

Howard - given the current state of the United States Patent System, are you truly shocked? I know I'm not. America's patent system is in shambles - patents are granted left and right for work that has prior art that can be easily found, or the patent's name doesn't accurately describe what is being patented, as you've found. See [1] for more articles illustrating my points Eric M Gearhart
Such comments are sort of apropos to this article, as in my last few dealings with the Patent Office and our own counsel, decisionmaking seemed to be governed by random numbers. Going back to when I worked for a firm with in-house patent counsel, they didn't want to do the one for my team's development, because the stars at the lab next to corporate had gotten patents for what they insisted was the Only Way to do something. More recently, the venture capitalists were not going to give us a new infusion until we had certain biomedical monitoring patented. Ours had a very flexible, fault tolerant, distributed architecture that let the control centers be anywhere. The closest issued patent, which did much less for the patient, had hard-wired multidrop connectivity that could go a few hundred meters, but they called it packet-switched, said the packets could be moved by other methods "obvious to those skilled in the art". Our attorney said that once a patent was granted, the burden of proof that the "obvious" was clearly hand-waving, and we would be considered to infringe by using a networking technology, well known, but about 20 years ahead of theirs.
One-time pad decisionmaking, I supposeHoward C. Berkowitz 15:30, 5 August 2008 (CDT)

The possibility of pseudo-random methods that are adequately random

We currently have a section with that title. It contains good material, but I do not feel it belongs in this article.

Certainly there are such techniques; any stream cipher could be described as a pseudo-random method that is adequately random. However, they are not one-time pads, so I don't think they should be discussed here. Move that text to stream cipher? Somewhere else, like random number? Sandy Harris 22:10, 4 August 2008 (CDT)

I think, with appropriate caveats, it does belong here.
All pseudo-one-time pads, such as BBS, may not be snake oil. Rather than move the entire subject, it's more appropriate to have at least a brief note with a link. In general, I have a sense that your preference is to move something out completely, where mine is to have a summary with a link elsewhere. There should be a compromise.
I still want to get rid of it. I think everything that needs to be said here about pseudo-random methods is said toward the end of the "proof" section. Sandy Harris 14:58, 23 March 2009 (UTC)
Also when linking to a more detailed article, there are strong reasons to have wikilinks in the other direction. There are several reasons to do this. It may give ideas to a reader who came from another direction. It may suggest new articles. Also, the more cross-linked we are, the more likely we are appear high in a Google searchHoward C. Berkowitz 10:12, 5 August 2008 (CDT)
Yes, and stream cipher does link here. Sandy Harris 14:58, 23 March 2009 (UTC)

Part of it has been copied to random number generator. The section here One-time_pad#One-time_pads_and_stream_ciphers now covers the ground, I think, and has the Goldwasser et al link.

Is that an acceptable compromise? Can I now nuke the section? Sandy Harris 09:33, 14 June 2010 (UTC)

I did. Sandy Harris 15:48, 26 June 2010 (UTC)

FAQ link

There's a good FAQ on this topic [2] from a well-known player [3]. I'd say it should obviously be linked to. However, I'm not sure if I already put it in once and someone deleted it or if I just overlooked it, so I'll ask here before adding it. Sandy Harris 03:12, 23 November 2008 (UTC)


Our current text says the technique was invented by Joseph Mauborgne. The FAQ says by Vernam. Both cite Kahn as their source. Wikipedia has a possible explanation at [4]. I do not have Kahn to hand. Can someone who does please check & update our text if necessary. Sandy Harris 07:44, 14 September 2009 (UTC)

I altered the text to deal with this. Sandy Harris 15:50, 26 June 2010 (UTC)


I think it is now ready, or very close. Sandy Harris 15:50, 26 June 2010 (UTC)

Some suggestions and observations on a first reading:
  1. Switch generation and applications. Logically, generation must come first.
  2. Generation, just from a style standpoint, should have two or three subheads: manual, auto/PRNG (auto/physical). There is a sentence fragment, "An expert in the physical phenomenon being measured. "
  3. To me, there is a difference in "applications" and "operations". Espionage traffic, for example, is a perfectly reasonable application. VENONA was possible due to operations errors. I'm a little bothered by the specific about VENONA being early in the article.
  4. We ought to see if we can get multiple Editors here. I could contribute material on their operational use. For example, a very basic rule, especially if the sender is outside a secure location, is to destroy the OTP keys as soon as the message has been acknowledged. Howard C. Berkowitz 17:20, 26 June 2010 (UTC)

What is there is close. I deleted the sentence fragment, re-ordered per your suggestion, moved VENONA a bit, and added some detail.

But you're right. It needs more, especially in the area of operational use. I have neither expertise nor time for that. Care to put your writer hat on? Sandy Harris 07:21, 28 June 2010 (UTC)

Approval Process: failed

Call for review: Sandy Harris 01:38, 10 July 2012 (UTC)

Call for Approval: Anthony.Sebastian 22:19, 11 August 2012 (UTC)

Approval Notice: Anthony.Sebastian 23:59, 27 September 2012 (UTC)

Certification of Approval:

Failed: Anthony.Sebastian 17:58, 28 September 2012 (UTC)

Please discuss the article below, One-time pad/Approval is for brief official referee's only!


The discussion under "Approval?" just above is two years old. It seems like time to raise the question again.

Perhaps the question is "what does it need to reach approval?" rather than "can this be approved now?", but a review seems in order either way. Sandy Harris 01:38, 10 July 2012 (UTC)

Sandy, are there two copies of a given one-time pad, one for the sender, one for the receiver of the secret message? If so, wouldn't that belong in the lede sentence? Anthony.Sebastian 21:33, 5 September 2012 (UTC)
I went to add that and ended up rewriting the entire first paragraph. Comment solicited. Sandy Harris 23:53, 5 September 2012 (UTC)
Clearer now. In first sentence, does 'letter' refer missive or alphabet. I presume the latter. Should it read plural? Anthony.Sebastian 04:16, 6 September 2012 (UTC)

We have a problem. The page shows me as nominating this for approval and I am definitely not willing to do that.

For one thing, I am the main author; I think the now-departed Howard was the only other contributor. It needs other eyes. For several other issues, see comments above. Finally, there are questions of scope and structure. Currently the descriptions of some attacks on OTPs just link to parts of the stream cipher article, Stream_cipher#Reusing_pseudorandom_material and Stream_cipher#Rewrite_attacks where I am also the main author. Should there be more detail here? should those attacks get their own articles?

I wrote above:

Perhaps the question is "what does it need to reach approval?" rather than "can this be approved now?", but a review seems in order either way.

My own opinion is that what is there is pretty good, but Anthony found real problems and there may be more. Also, it may not be complete; Howard suggested things to add in earlier comments. Sandy Harris 03:12, 28 September 2012 (UTC)

Sandy, I removed the approval notice. This article has been up for review for a long time without internal review. Suggest you give me names of three external reviewers, and their contact informaton, including email addresses. I will contact them, see if they will review.
By the way, when you are happy with this article, or any other in which you are the chief author, as Editor you can self-nominate it, according to ME decision:

Approval of Editor-authored articles.

Anthony.Sebastian 18:20, 28 September 2012 (UTC)

Yes, I am aware of that possibilty and block cipher was re-approved that way, no problem. However, I would not be happy about approving this one without outside comment.
I do not know who would be willing to act as an external reviwer on this. Internally, there are mathematics editors who could check parts of it but I'm not sure we have anyone who knows the applications, which are mainly espionage, or the history. WP has more than we do on the history. Sandy Harris 03:57, 29 September 2012 (UTC)