One-Time Pad Examples

Consequences of key reuse in a one-time pad

An important property of a one-time pad is that keys should be used only once. We now demonstrate why this is the case. To keep things really simple, we’ll use the Caesar cipher one-time pad to encrypt single-letter plaintexts.

Suppose two plaintext letters, $P_1$ and $P_2$, have been encrypted using the same one-time pad key $K$ (in other words, key $K$ has been used twice) to produce two ciphertext letters, $C_1$ and $C_2$. This means an attacker knows that both $C_1$ and $C_2$ have arisen by shifting $P_1$ and $P_2$ the same number of positions. Thus, the attacker learns that the number of letters between $C_1$ and $C_2$ is the same as the number of letters between $P_1$ and $P_2$. This doesn’t immediately tell the attacker what either $P_1$ or $P_2$ is, but it’s certainly information the attacker did not have before.

We can make this statement more precise by using the mathematical description of the Caesar cipher, which is the following:

$$C_1 = P_1 + K \, mod \, 26$$

$$C_2 = P_2 + K \, mod \, 26$$

Since an attacker can see C₁ and C₂, the attacker can subtract C₁ from C₂ to get the following:

$$C_2 - C_1 = (P_2 + K) - (P_1 + K) \, mod \, 26$$

$$= P_2 - P_1 \, mod \, 26$$

This can be seen in the code given below: