3

In one-time pads we always say do not use same key twice to encrypt ASCII messages, but if we use a random key to XOR a random binary message and then reusing the same key for XORing new random messages will compromise our key ? Or is attacking reused keys for random messages infeasible?

midhunhk
  • 1,151
  • 2
  • 13
  • 19
lanc
  • 31
  • 2

2 Answers2

1

Once you've XORed two messages with the same secret value, the net result is the same as if you had XORed them with each other without using the secret at all.

Given $plaintext_1$ ⊕ $key$ = $cyphertext_1$ and $plaintext_2$ ⊕ $key$ = $cyphertext_2$, then $cyphertext_1$ ⊕ $cyphertext_2$ == $plaintext_1$ ⊕ $plaintext_2$. Because it's XORed twice with the same key, the double XOR becomes the identity function and the key is simply factored out.

If the attacker learns any bits of the plaintext of either message, they can recover those corresponding bits of plaintext from the other cyphertext message, plus they can recover those bits of the key as well.

So it falls to you to determine if $cyphertext_1$ or $cyphertext_2$ have any knowable information in them. It's completely irrelevant if the plaintext data is ASCII, binary, or EBCDIC. If an attacker can discover or guess what any piece of the data is, it's vulnerable.

This is the classic weakness with the Vernam cypher, and is what enabled the Venona decryption of Soviet secrets. And it's why it's no longer a one-time pad cypher if you use either the plaintext or the key more than one time.

John Deters
  • 3,778
  • 16
  • 29
0

When people say never use twice the same key to encrypt two different messages, they mean never use the same keystream. Here, if your keystream generation is truly random, then it is ok. If your message is quite short, there is a little chance that you will produce the same keystream but that does not matter.

What matters is that you do NOT forge the keystream in the same manner two times. This must be taken into account if you use pseudo-random generators. Supplying a PRNG the same seed for two different messages will induce a security flaw.

Rerito
  • 237
  • 2
  • 7