Homepage
Crypto
Index
Enigma
Hagelin
Fialka
Siemens
Philips
Nema
Racal
Motorola
STK
Transvertex
Gretag
HELL
Telsy
TST
AT&T
Tadiran
USA
USSR
UK
Voice
Hand
Mixers
Phones
Spy sets
Burst encoders
Intercept
Covert
Radio
PC
Telex
Agencies
Manufacturers
Donate
Kits
Shop
News
Events
Wanted
Contact
Links
Logo (click for homepage)
One-Time Pad (OTP)
The unbreakable code

Although every cipher, based on a mechanical or mathematical system of permutations, can in theory be broken, there is one encryption method that is truely unbreakable. It is the so-called One Time Key (OTK). In the past it was often implemented as a notepad full of random numbers and is therefore commonly called One-Time Pad (OTP). It also exists as One Time Tape (OTT).
 
The image on the right shows a typical OTP booklet as it was used by spies of the former USSR (Russia) during the 1960s. It consists of a stack of very thin small pages, each with a series of random 5-digit numbers on them. Each page was destroyed immediately after use.

OTPs like this, were often used in combination with Russian spy radio sets like the R-353, often in relation to the number stations on the short wave band. The one shown here is from the internal collection of the AIVD [1] and was on display during the exhibition Tijdrekken in 2011.
  
Courtesy AIVD Netherlands [1]

The theory behind the OTP is that the encryption-key has at least the same length as the message (the plaintext) and consists of truely random numbers. Each letter of the plaintext is 'mixed' with one element from the OTP. This results in a ciphertext that has no relation with the plaintext when the key is unknown. At the receiving end, the same OTP is used to retrieve the original plaintext. For this to work, the following rules are mandatory:
 
  • The OTP should consist of truely random numbers (noise).
  • Precisely two copies of the OTP should exist.
  • The OTP should only be used once.
  • Both copies of the OTP are destroyed immediately after use.
Only if the above rules are strictly obeyed, the OTP is absolutely safe. Adding numbers to the plaintext manually, is a time-consuming task. It is therefore sometimes thought that OTPs are no longer considered practical. However, with modern computer technology, the entire task of mixing and unmixing plaintext with the key, can easily be automated (see below).
 
The Russian OTP booklet is normally sealed when released Opening the OTP The OTP (open) Russian OTP booklet Close-up of an OTP Close-up detail of an OTP Transport bag Taking the OTP booklet from the transport bag

 
OTP distribution
The OTP shown above, dates back to the days of the 1960s, when the Cold War was at its height. Eastern Block spies, and in particular spies from East-Germany, often used OTPs for their messages, as it was absolutely safe and could not be broken by the western intelligence agencies.
 
The major problem with OTPs however, is their distribution. A unique set of OTP booklets needs to be issued and distributed to each individual spy or agent abroad. As the OTP was destroyed immediately after use, sufficient and timely supply of new OTPs had to be guaranteed.

OTPs were often smuggled into the country by using concealments. An example of such a concealment is shown in the image on the right. This tavel kit was used by an East-German agent who was cought in The Netherlands during the 1960s. The OTP was confiscated by the BVD 1.
  
Courtesy AIVD Netherlands [1]

The travel kit contains the usual items that a typical traveller would carry in those days for personal maintenance: a comb, a brush, a mirror, parfume, a nail cutter, shaving gear, etc.

The travel kit also contains a secret storage compartment however, that can be accessed by removing the nail cutter and its holder. Applying the right pressure and shifting the holder in the right direction, reveals an area in which the OTP is hidden. The OTP itself, is stored inside the flat orange transport bag show here.
  
Courtesy AIVD Netherlands [1]

By pulling a rope that is attached to the transport bag, the OTP is released from its concealment. The storage compartment would not be noticed during normal checks at customs. Even on the (rather limited) X-Ray machines of those days, the OTP would not be visible, as the bottom of the travel kit and the lid of the concealment area are both made of metal. Further images below. The OTP and the travel kit shown on this page were kindly supplied by the AIVD (Netherlands) [1].
 
  1. BVD is the abbreviation of Binnenlandse Veiligheidsdienst (Internal Security Service), the former name of the Dutch General Intelligence and Security Service. In 2002, the service was renamed to AIVD.
Carrying the travel kit Travel kit (zipper open) Opening the travel kit Contents of the travel kit Contents of the travel kit Opening the secret storage compartment Pulling the OTP-bag out of its concealment Taking the OTP bag out of concealment

 
OTP variations
OTP systems come in many forms and flavours. The Russian OTP shown above, contains only numbers. It requires the letters of a message to be converted into numbers, before applying the OTP. It is also possible however, to use an OTP based on letters.
 
An example of such a letter-based OTP is shown in the image on the right. It's a stack of approx. 30 pages that are stapled together. The cover at the left, contains a folded alphabet table that is used in the translation process.

Some OTPs are so small that they can easily be hidden inside a small object. More examples and detailed photographs below. Some OTPs are so small that they can be fitted inside a slide frame.

All OTP photos in this section are courtesy Detlev Vreisleben (Germany) [2] and © Crypto Museum.
  
Letter-based OTP, courtesy Detlev Vreisleben [2]

 
Letter-based OTP with folded-out alphabet table Letter-based OTP Miniature OTP in slide frame Close-up of miniature OTP Miniature OTP in slide frame Long miniature OTP Long miniature OTP (close-up) Long miniature OTP

 
One-Time Tape (OTT)
The use of OTPs in the military has always been very popular, especially after the introduction of digital telegraph equipment, also known as Teleprinters or Telex. Such machines use a 5-bit digital code to identify each character, and punched paper tape to store the messages.

By recording truely random data (noise) on a paper tape, one could easily create a key tape. The Vernam Principle was then used to 'mix' each plaintext character with a (random) character from the key tape. As mixing consists of a simple XOR-operation (modulo-2 addition), the same key tape is mixed with the ciphertext at the receiving end, in order to recover the plaintext again.
 
The image on the right shows a key-tape generator, produced by the Austrian company Mils Electronic. In order to guarantee that both key tapes are identical, they are punched simultaneously by the paper puncher on the right. Click for a larger view.

When used with punched paper tape, the OTP is often referred to as One-Time Tape (OTT) and the machine is commonly called a Mixer. A good example of a mixer is the ETCRRM that was used for many years on the Washington-Moscow teleprinter hotline during the Cold War.
  

Another good example of a Mixer, that was also used on the Washington-Moscow Hotline, is the Siemens M-190. Over the years, a variety of mixer machines have been developed and produced world-wide by various manufacturers. They were generally used at the top level of a command chain, for messages that had to remain secret indefinitely. The are generally unclassified.

 Mixer machines on this website
 
OTT distribution
Like the standard manual OTP cipher, OTT systems suffer from the same key distribution problem. Especially in areas where communication takes place on a large scale, such as in the Army, one has to ensure that a sufficient supply of new key tapes is available at all times.
 
Although this may seem a simple requirement, it often caused major distribution problems with Army units in remote locations and aboard ships. Key distribution would be seriously hampered, or indeed be completely impossible, in the event of a war, e.g. when operating behind enemy lines.

Key-tape shortages have led to several security incidents and compromises over the years. Some operators used a previous key-tape again, or used it in reverse direction, whilst others took a piece of (unused) key-tape of, say, one metre in length, and taped it together as a loop.
  

For this reason, most Armies abandonned the use of OTT machines and replaced them by cipher machines with a built-in key generator. Such key generators generally consisted of a (pseudo) random number generator (PRNG) that was seeded by a much shorter KEY. Good examples of such machines are the Philips Ecolex X, the Philips Aroflex and the KL-51 (RACE). Although such machines are often advertised as a more practical implementation of the OTP, they do not meet the requirements of an OTP and are never absolutely safe. They are just much more practicle.

Nevertheless, OTT machines remained in service for many years, for messages that had to remain secret indefinitely, such as at the highest level at NATO, with embassies and on the Washington-Moscow Hotline. Today, the principle of the OTP/OTT can easily be implemented with computers.
 
References
  1. AIVD, One-Time Pad and OTP concealment
    Dutch General Intelligence and Security Service. October 2010.

  2. Detlev Vreisleben, Personal collection of One-Time Pads
    Photographed by Crypto Museum. Köln (Germany), 20 March 2010.

  3. Wikipedia, One-time pad
    Retrieved January 2013.

  4. Dirk Rijmenants, Secure Communications with the One Time Pad Cipher
    Paper (English) 2009-2012. Version 027, 6 December 2012.

Further information

Any links shown in red are currently unavailable. If you like this website, why not make a donation?
Copyright 2009-2013, Paul Reuvers & Marc Simons. Last changed: Tuesday, 29 January 2013 - 11:05 CET
Click for homepage