Why Secrets Stay Secret: The One-Time Pad

The Code That Cannot Be Broken

Most encryption systems depend on computational hardness. RSA relies on the difficulty of factoring large numbers. AES depends on the complexity of its substitution-permutation network. Break them with enough computing power or a clever algorithm, and the ciphertext surrenders its secrets. These systems offer computational security—protection measured in CPU cycles and algorithmic complexity.

The one-time pad stands apart. Give an adversary unlimited computational power, infinite time, quantum computers, whatever they want—they still cannot break it. This is not because the problem is hard. It is because the problem is mathematically impossible. Information is the resolution of uncertainty, and the one-time pad preserves maximum uncertainty perfectly. The ciphertext provides zero information about the plaintext. This is perfect secrecy.

So why doesn’t everyone use it?

Perfect Security’s Perfect Price

The one-time pad achieves perfect secrecy through a deceptively simple operation: message ⊕ random key = ciphertext. Take your plaintext, XOR it with a truly random key of equal length, produce the ciphertext. Reverse the operation with the same key, recover the plaintext. Elementary.

But that “truly random key of equal length” conceals immense practical difficulties. The key must be genuinely random—not pseudorandom from an algorithm, but derived from physical entropy sources. The key must be exactly as long as the message. Encrypt a gigabyte, distribute a gigabyte of key material. The key must never be reused. Use any portion twice, and statistical patterns emerge that destroy perfect secrecy completely.

Most critically, both sender and receiver need identical copies of this random key, distributed through a secure channel. If you have a secure channel for the key, you could just send the message through that channel. This is the fundamental paradox: perfect encryption requires perfect key distribution.

When Infinite Computing Doesn’t Help

In September 1945, I proved why the one-time pad works. Perfect secrecy occurs when the message space, key space, and ciphertext space have equal size. For a 20-letter message, there are 26²⁰ possible messages, 26²⁰ possible keys, and 26²⁰ possible ciphertexts. Any observed ciphertext could have been produced by any plaintext with the appropriate key.

This means observing the ciphertext changes nothing about the probability distribution over possible plaintexts. Mathematically: H(M|C) = H(M). The entropy of the message given the ciphertext equals the entropy of the message alone. Zero information gain. Every possible message remains equally likely.

Other encryption systems rely on computational assumptions. RSA assumes factoring is hard. If quantum computers or better algorithms break that assumption, the security vanishes. The one-time pad makes no computational assumptions. It is information-theoretically secure. The mathematics guarantees that no amount of ciphertext analysis, regardless of method or resources, reveals anything about the plaintext.

Security Costs Information

Perfect security exists. The one-time pad proves it. But perfect security requires key entropy greater than or equal to message entropy: H(K) ≥ H(M). There are no shortcuts. You cannot get more security than you put in randomness.

This reveals a fundamental limit in cryptography. Practical systems—RSA, AES, elliptic curve cryptography—accept computational security because they cannot meet the one-time pad’s requirements. They trade information-theoretic guarantees for practical key distribution.

The one-time pad remains reserved for the highest-value secrets: diplomatic communications, intelligence operations, nuclear command and control. Situations where the cost of distributing massive amounts of truly random key material is justified by the absolute security requirement.

Information-theoretic bounds are real. You cannot encrypt more information than you exchange in keys. Perfect secrecy is possible, but it is never free.