Q
Manage Learn to apply best practices and optimize your operations.

# A simple substitution cipher vs. one-time pad software

## Both a simple subsitution cipher and one-time pad software have data encryption benefits despite their differences.

Why is a simple substitution cipher a bad choice for one-time padding?
I'm not entirely sure I understand your question, so let's look at what's meant by a simple substitution cipher and then what's meant by a one-time pad or one-time pad software.

In encryption, a substitution cipher replaces units of plaintext with ciphertext according to a regular system. The recipient of the ciphertext can decipher it by performing an inverse substitution. The unit can be anything from a single letter, letters or a mixture of both. Although the plaintext units themselves are altered, they remain in the same sequence in the ciphertext. (This contrasts with a transposition cipher where the units are left unchanged, but their order is rearranged.)

A simple substitution cipher operates on single letters. Using the example below, we can turn the word BADGE into WQRUT in ciphertext:

 A B C D E F G H I J . . . Q W E R T Y U I O P . . .

The disadvantage of this method is that with any message of reasonable length, fifty letters or more, frequency analysis can be used to deduce the meaning of the most common symbols, allowing a cryptanalyst to build partial words and progressively break the message.

Now, a one-time pad is similar to a substitution cipher, but the plaintext letters are combined not substituted, and it has been proven to be mathematically unbreakable. The recipient of the ciphertext requires a copy of the one-time pad to reverse the process. There are many different ways to apply one-time pads. Here's an example using letters for the one-time pad key:

 Plaintext B A D G E 1 0 3 6 4 OTP Key Q W E R T 16 22 4 17 19 Result 17 22 7 23 23 Ciphertext R W H X X

Using the example above, you take the first letter in the plaintext message and add it to the first random letter from the one-time pad. This number is then converted to the corresponding letter of the alphabet, with the alphabet wrapping around to the beginning if the addition results in a number beyond 26. Using this one-time pad, the word BADGE becomes RWHXX.

Because each one-time pad has a different key, the ciphertext of the word BADGE in this case will be different every time. In the above example, you can also see that frequency analysis is impossible as X occurs for both the letter G and E. With a simple substitution cipher, the word BADGE will always become WQRUT.

The drawbacks with the one-time pad are:
• The key has to be as long as the plaintext, thus leaking some information about the message.
• The key has to be genuinely random, which is hard to achieve for large keys.
• The key can only be used once and must be kept entirely secret from all except the sender and receiver, creating a distribution problem.
If these problems are not overcome, particularly the randomness of the key, the one-time pad is no longer unbreakable. Even if it is theoretically secure, it may be insecure in practice.
This was last published in February 2009

## Content

Find more PRO+ content and other member only offers, here.

#### Have a question for an expert?

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

#### Start the conversation

Send me notifications when other members comment.

## SearchCloudSecurity

• ### Cloudflare Access takes on VPNs with reverse proxy approach

Cloudflare takes inspiration from Google's BeyondCorp with a new service called Cloudflare Access, which aims to replace ...

• ### TLS 1.3: What it means for enterprise cloud use

The latest draft version of TLS 1.3 is out, and it will likely affect enterprises that use cloud services. Expert Ed Moyle ...

• ### The biggest cloud security threats, according to the CSA

The Cloud Security Alliance reported what it found to be the biggest cloud security threats. Expert Rob Shapland looks at how ...

## SearchNetworking

• ### ThousandEyes-Juniper pact focuses on hybrid WANs

ThousandEyes and Juniper boost visibility for hybrid WANs; IDC records sharp rise in cloud spending; and a vendor group issues ...

• ### ExtremeLocation latest addition to Extreme wireless portfolio

Extreme Networks is targeting retailers with a new set of services, called ExtremeLocation. The latest technology adds ...

• ### Take network configuration management tools to the next level

Script management systems and intent-based networking are driving the future of network configuration management tools, shifting ...

## SearchCIO

• ### 'Patient journey' propels hospital's digital transformation

The chief innovation officer at Boston Children's Hospital explains how digital technologies are changing the 'patient journey' ...

• ### Wayfair's chief architect talks AI-driven innovation, impactful IT

Wayfair sells home furnishings, but under the covers, it's a tech juggernaut. Chief Architect Ben Clark explains how AI-driven ...

• ### Synthetic data could ease the burden of training data for AI models

Sometimes it's better to manufacture training data for machine learning models than it is to collect it.

## SearchEnterpriseDesktop

• ### Ten Windows 10 Fall Creators Update features to know

Microsoft introduced some significant changes to Windows 10 in the Fall Creators Update. The My People app, for example, lets ...

• ### Guard the line with Windows Defender features

The Windows 10 Fall Creators Update took Windows 10 security up a notch by adding advanced features to Windows Defender, ...

• ### Ready to master virtualization-based security in Windows 10?

Put your knowledge of virtualization-based security in Windows 10 on the line with this quiz covering the ins and outs of ...

## SearchCloudComputing

• ### Gauge your knowledge of cloud providers' AI technologies

As enterprise interest grows, major cloud providers continue to unveil machine learning and AI services. See how much you know ...

• ### Google Cloud Dedicated Interconnect offers VPN alternative

Google's Dedicated Interconnect enables an enterprise to privately connect its data center to the public cloud. Here's a ...

• ### Meltdown-Spectre bugs hit cloud usage less than first feared

IT shops expected their cloud usage to flag due to recent chip bugs, but most environments survived the patches unscathed.

## ComputerWeekly.com

• ### Will banking regulations create a new Big Bang?

In this week's Computer Weekly, we look at two important new financial services regulations, PSD2 and open banking, which promise...

• ### NVMe: The flash storage standard in search of a form factor

NVMe can unleash flash by doing away with the built-for-disk SCSI protocol. But so far there’s no consensus between suppliers ...

• ### Spectre: How reverse-engineering a microprocessor revealed a fundamental flaw

Researchers have published their work on Spectre, a flaw that affects every modern CPU. We find out what went wrong from one of ...

Close