Q

# A simple substitution cipher vs. one-time pad software

## Both a simple subsitution cipher and one-time pad software have data encryption benefits despite their differences.

Why is a simple substitution cipher a bad choice for one-time padding?
I'm not entirely sure I understand your question, so let's look at what's meant by a simple substitution cipher and then what's meant by a one-time pad or one-time pad software.

In encryption, a substitution cipher replaces units of plaintext with ciphertext according to a regular system. The recipient of the ciphertext can decipher it by performing an inverse substitution. The unit can be anything from a single letter, letters or a mixture of both. Although the plaintext units themselves are altered, they remain in the same sequence in the ciphertext. (This contrasts with a transposition cipher where the units are left unchanged, but their order is rearranged.)

A simple substitution cipher operates on single letters. Using the example below, we can turn the word BADGE into WQRUT in ciphertext:

 A B C D E F G H I J . . . Q W E R T Y U I O P . . .

The disadvantage of this method is that with any message of reasonable length, fifty letters or more, frequency analysis can be used to deduce the meaning of the most common symbols, allowing a cryptanalyst to build partial words and progressively break the message.

Now, a one-time pad is similar to a substitution cipher, but the plaintext letters are combined not substituted, and it has been proven to be mathematically unbreakable. The recipient of the ciphertext requires a copy of the one-time pad to reverse the process. There are many different ways to apply one-time pads. Here's an example using letters for the one-time pad key:

 Plaintext B A D G E 1 0 3 6 4 OTP Key Q W E R T 16 22 4 17 19 Result 17 22 7 23 23 Ciphertext R W H X X

Using the example above, you take the first letter in the plaintext message and add it to the first random letter from the one-time pad. This number is then converted to the corresponding letter of the alphabet, with the alphabet wrapping around to the beginning if the addition results in a number beyond 26. Using this one-time pad, the word BADGE becomes RWHXX.

Because each one-time pad has a different key, the ciphertext of the word BADGE in this case will be different every time. In the above example, you can also see that frequency analysis is impossible as X occurs for both the letter G and E. With a simple substitution cipher, the word BADGE will always become WQRUT.

The drawbacks with the one-time pad are:
• The key has to be as long as the plaintext, thus leaking some information about the message.
• The key has to be genuinely random, which is hard to achieve for large keys.
• The key can only be used once and must be kept entirely secret from all except the sender and receiver, creating a distribution problem.
If these problems are not overcome, particularly the randomness of the key, the one-time pad is no longer unbreakable. Even if it is theoretically secure, it may be insecure in practice.
This was last published in February 2009

## Content

Find more PRO+ content and other member only offers, here.

#### Have a question for an expert?

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

#### Start the conversation

Send me notifications when other members comment.

## SearchCloudSecurity

• ### Ownership of cloud risks gets lost in many cloud computing scenarios

CISOs ensure that cloud services comply with IT security and risk management policies. But who has executive oversight of ...

• ### Cloud incident response: What enterprises need to include in a plan

A cloud incident response plan can be difficult to assemble. Expert Rob Shapland discusses the basics of what to include in a ...

## SearchNetworking

• ### From Sonnet 18 to SD-WAN technology: An unlikely networking career

From teaching Shakespeare's Sonnet 18 to taking on a major SD-WAN technology deployment: Senior engineer Phil Gervasi shares the ...

• ### Integrate UC platform with business-critical SaaS for competitive edge

By one current estimate, the average business operates across six different clouds. With many software-as-a-service platforms ...

• ### Advanced machine learning lends a helping hand to network security

Advanced machine learning can help distinguish between false alarms and real network threats, creating valuable time for IT ...

## SearchCIO

• ### Record-busting online holiday sales and the rise of the omnishopper

Record online holiday sales foretell the arrival of conversational commerce, digital humanism and the omnishopper. Also: AWS all ...

• ### Will AR and VR tech revolutionize digital business management?

In this issue of CIO Decisions, we explore how virtual reality and augmented reality technologies could quickly become integral ...

• ### AR, VR tech poised to revolutionize digital business management

We've all seen footage of astronauts being trained for space travel in virtual environments, and many of us were sucked into the ...

## SearchConsumerization

• ### Android, Windows tablets from HP take aim at business users

HP released a new line of tablets targeting business users. The HP Pro Slate 8 and Pro Slate 12 run Android and cost \$449 and ...

• ### Microsoft to lay off 18,000, Nokia X moves to Windows Phone

Microsoft will lay off 18,000 people over the next year while the Nokia X line of Android smartphones, which was unveiled earlier...

• ### Microsoft Surface Pro 3 vs. Microsoft Surface Pro 2

Surface Pro 2 and Surface Pro 3 are different enough that Microsoft is keeping both on the market as competing products. Which ...

## SearchEnterpriseDesktop

If admins notice any issues with tasks running on Windows, they can turn to NirSoft's TaskSchedulerView to pinpoint the culprit ...

• ### Four ways to squeeze more juice into the Windows 7 lifecycle

Windows 7 is not dead. There are many reasons IT keeps it around. To make the OS perform well, admins must modernize it and make ...

• ### Close Windows security gaps with third-party software patching

Hackers target third-party software on Windows workstations because they know the patches are often out of date. Admins can ...

## SearchCloudComputing

• ### Multicloud computing bliss not yet a reality for all IT shops

Experts predict that multicloud computing will be a top enterprise trend in 2017, but some cloud users question whether the ...

• ### Perform a PaaS pricing comparison for public cloud

When choosing a platform, enterprises need to focus on features and prices for Azure, Google and AWS. Take a look under the hood ...

• ### Cloud orchestration tools become a must-have for hybrid IT

Some IT shops try to force-fit legacy orchestration tools to cloud -- but that can backfire. Instead, evaluate new orchestration ...

## ComputerWeekly

• ### Security Think Tank: Cyber security must be recognised as a fundamental component of business

How can information security professionals help organisations to understand the cyber risks across increasingly digital ...

• ### The myth of email as proof of communication

Increasingly, there is a need for organisations to be able to prove the content of communications between themselves and other ...

• ### Security veteran urges firms to prioritise spear phishing defence

UK firms should prioritise defence against spear phishing as a key component of cyber attacks, according to security veteran ...

Close