On the Security and Composability of the One Time Pad

On the Security and Composability of the One Time Pad

Motivated by a potentially flawed deployment of the one time pad in a recent quantum cryptographic application securing a bank transfer, we show how to implement a statistically secure system for message passing, that is, a channel with negligible failure rate secure against unbounded adversaries, using a one time pad based cryptosystem. We prove the security of our system in the framework Introduction It is well known that the one time pad (OTP) is perfectly concealing, i.e. that given an arbitrary ciphertext where M denotes the message space. Therefore one time pad based encryption is the obvious choice when dealing with unbounded adversaries. However, the one time pad on its own does not suffice to implement secure message passing, as it is malleable in the sense that plaintext bits can be flipped by flipping the corresponding ciphertext bit. Recently, a bank transfer of EUR 3000 was secured by quantum cryptography , i. e., a quantum key agreement scheme was used to establish a shared secret and a one time pad encrypted money transfer form was sent. However, in the experiment the integrity of the message was not secured which can have devastating consequences ): Say, the bank transfer form itself contains no authentication mechanism and there is a known position where the amount of money is specified in digits. Then an adversary can flip bits at these positions. Such a change cannot be noticed at the bank and the resulting cleartext would look like the original message, but showing a different amount of money. Hence the security of a bank transfer as described in cannot be concluded from the security of the (authenticated!) quantum key agreement protocol alone.

Free download research paper



Minimalist Cryptography for Low Cost RFID Tags