One Uncrackable Cipher Is the One-Time Pad

The most secure cipher is available and, at least in the U.S., legal; but you probably don’t have the logistics to support it with enough security for high-value content.


Only major nations with significant wealth can implement it, in general, and even an official of the Soviet Union admitted to taking a shortcut with it, a shortcut that could have irrecoverably altered the secret content. An alteration of that type would not have been revealed except for the fact that some alteration could have occurred, but no one would have known where or how much unless the original and resulting plaintexts could have been compared, and that itself would have introduced another security risk, the risk in transporting plaintext in parallel from the site of encryption to the site of decryption or an equivalent, the transport probably an unacceptable risk, so they wouldn’t have tried transporting it, and they would never have known what was lost.

This is the one-time pad. The basic system is easy to describe and carry out. It’s mainly everything else that gets complicated.

Basic Method

The basics of the one-time pad are this: You select the character set you want to support. This likely includes the alphabet in both lower and upper case, numerals, punctuation marks, special characters, spaces, and paragraph endings. You write it on a sheet of paper, every character of the set with a space next to each character. What you have written will be the plaintext characters. They will be the characters you will have in the plaintext message before it is encrypted. Then, on that same sheet, you write a randomly-scrambled set of all the same characters, one random character in each space next to a plaintext character. For example, the plaintext “A” might have a “T” next to it, the “T” being the result of random scrambling; the “B” might have an “L” next to it, the “C” an “A” next to it, and so on. If you make only that one sheet and then use it to encipher a long message, and often a not-so-long message, even an amateur cryptanalyst can crack it (unless the message is extremely brief), because the analysis can count the frequency with which certain characters and strings appear in the message and compare that to the known frequencies in typical texts in the likely-original language. So you have to defeat that line of attack before it can decipher anything. When you finish filling up that sheet, do it again, except that you make a new randomly-scrambled character set. So, on the second sheet, maybe the “A” gets an “f”, the “B” a “J”, and the “C” gets a comma next to it (the comma in ciphertext does not mean what a comma usually means but is just a character that hides a plaintext character). You make every sheet unique. You make lots of these unique sheets. (An optional step is to pretend they’re fun to make.) You put them together, the sheets also in random order, into a pad. You make two identical pads (by hand, because someone might have tampered with a Xerox machine and sees what you’re copying). You give one pad to the encrypter (such as a spy) and the other pad to the decrypter (such as the spymaster). The encrypter takes the plaintext message (such as “go there”) and encrypts it, using the pad, one character at a time; copies the random character next to it; and crosses out the character pair on the sheet. So the “g” might become a “q”, the first “o” might become an “l”, the first space might become a “d”, the “t” might become an “r”, the “h” an “h” (statistically, a character could be replaced by itself although only rarely), the first “e” an “m”, and the “r” a “v”. But now the encrypter needs something for the second “e” and that’s already crossed out. So the encrypter takes that entire first sheet, even though most of it has not been used yet, and burns it into ashes. The encrypter then goes to the second sheet in the pad and finds the plaintext “e” and discovers the random character for it is a “p”, copies it, and crosses out that character pair on the second sheet. Changing the sheets makes frequency analysis pointless. The process continues, until the entire plaintext message has been replaced by ciphertext (in this case, “go there” became “qldrhmvp”). The decrypter, who has the identical pad, reverses the process, finding the random “q” and copying the plain “g” next to it and then crossing out the “q”–“g” pair, repeating until a crossed-out pair is encountered and burning that sheet, and continuing with the next sheet in the pad, thereby recovering the entire plaintext (“go there”). Since any character on a sheet in the pad is used only once, the pad is a one-time pad.

A hostile party, given the ciphertext and assuming faultless adherence to this system, is unable to use any math, logic, or social engineering on the ciphertext to recover the plaintext. It may be easy to apply social engineering to people, but not on the ciphertext message alone, and often the hostile party can’t find the two people who have the pads.

One improvement that would speed decryption is for the decrypter’s pad to have each sheet arranged to make finding the random characters faster, like by alphabetizing the random characters (and moving the plaintext characters with them), but rearranging risks introducing errors that get missed.


This is legal in the U.S., but beware that I’m not a lawyer, possession will likely raise an eyebrow, this system’s ciphertext except the very shortest looks suspiciously unreadable, and using it suggests you have a serious secret and maybe you’re a high-value spy or spymaster. Like maybe you’re a threat to national security and someone needs to watch you and maybe arrest you on probable cause, meaning there’s enough evidence to show that you’re probably spying on vital subjects.

The Logistical Nightmare

Logistics, however, get very expensive. For international intelligence work, it likely is too expensive for most nations to use. Making the pads is labor-intensive, so probably the spy and the spymaster do not have the time to do that, so a third person makes the two pads. The maker cannot make a third pad because that would create a vulnerability. Therefore, neither of the two pads can be lost or damaged to the point of being even partly illegible. It may be impractical or dangerous (to the spy) for a spymaster to travel somewhere to tell the spy to cancel a pad because the decrypter’s matching pad is lost or damaged, so extra care against any loss or damage is vital. Transporting the two pads internationally means going through another nation, often a hostile nation. Even if the other nation is friendly, a hostile nation may have a representative there. Even if a pad is transported in a diplomatic pouch, which by law generally may not be opened in transit, most nations cannot afford to send a diplomatic courier to accompany the pouch from sender to recipient to make sure it’s not opened in between. The diplomatic pouch may simply be mailed in the regular mail stream, where someone, perhaps having been bribed or blackmailed, can take it out temporarily so someone can examine its contents, then put it back. (That’s been done. So has photographing contents in a sealed envelope using very bright through-lighting and very shallow depth of field.) That would allow a hostile party to photocopy the pad and notice who’s to receive it. The photocopy would allow hostile decryption. If no one detects the tampering with the mail, the decrypter may never suspect that a hostile party already decrypted the message.

Many other vulnerabilities exist. The pad maker has to be essentially unreachable by hostile parties. A threat to kill or pay someone or bust their kneecaps is often effective. The making of the pads is faster when done on a computer, but the computer could be a target of a hostile party. Randomness may seem easy, but human brains insist on order, so human beings are lousy at randomizing unless they have help, and a bunch of dice (many more than two per toss) would help but a computer is faster than dice, so the pad maker and the funder have problems no matter what choice they make.

The Soviet Union worked with a group of spies in England known as the Cambridge Five. A Soviet diplomat posted to London was in charge of their intelligence work and decrypted their messages using the one-time pad system. In his book, My Five Cambridge Friends, he wrote that spaces were not encrypted. I think the spaces were omitted, but either way there was likely a problem, although he didn’t mention it. If spaces were omitted, usually a letter might belong to either the word before or the word after, so the decrypter would have to use editorial judgment to decide that and would usually be right, but not always. (An inexact example was in the Peanuts comic strip, where a child is composing a letter to a movie reviewer and writes, “You are an ucklehead.”) A decryption error by misplacement of a space usually has the greatest risk with very short messages, since longer text, especially of normal literature, speech, or thoughts, tends to include redundancy that helps readers correct the error; by one estimate in the academic discipline of linguistics, normal English is 75% redundant, but very short messages have little or no redundancy, thus a high risk of misunderstanding. If the spaces were not omitted but not encrypted, then someone with the ciphertext message would know the length of every word, and that’s a valuable clue, especially in some contexts. In common English text, on average about every seventh character is a space. The slowness of applying the one-time pad means that the spy is at more risk of being caught if there’s more to transmit, since that means there’s more to encrypt, which requires more time to encrypt (maybe 17% more time) and bigger pads, which, even on thin paper, are harder to hide (they’re evidence). That risk encourages shorthand, which encourages omitting some details even if they might have been important to the recipient.

Other Uses

Photographs could be encrypted using a one-time pad, but the work is far larger than for text.

Third-party documents could be encrypted the same way, but that could introduce unexpected characters, such as with a quotation in a foreign alphabet. This could require a large pad, omission of problematic content, or the use of plaintext within the ciphertext, and that plaintext could be a clue to the rest of the message.

Puzzles based on the concept of one-time pads exist, but may not be common. Look for redividers. Basically, try to write a multi-word sentence and then move a letter that’s next to a space to the other side of that space so as to produce a new sentence that has a very different meaning, perhaps an opposite meaning, with the meaning different enough that it could be an accidental reason for starting a war. Variations include inserting additional spaces, too few spaces, moving a string of characters next to a space to the other side of that space, and any combination of variations.

Bottom Line

You’re likely better off with a different encryption system. While a one-time pad securely implemented would be forever unbreakable, a competing system that would be unbreakable for a century or two might be good enough for your purposes. Competing systems have some similar risks, such as the computer used to implement one being tampered with, and most users are not willing to implement expensively and inconveniently tight security. Yet, they’re still good enough for the kind of information most people want to hide, which doesn’t attract skilled high-priced attention.