I want to show you an example of the kinds of things that go wrong
when people attempt to use one-time pads in practice.
This is a story that is very important to the history of computing
as well as the history of the world.
It's how the Allies at Bletchley Park were able to break the Lorenz cipher,
which was a cipher used by the Nazis to communicate between the capitals of the cities of Europe.
[Vernam's "One-Time" Pad (1919)]
The story goes back at least to the 1919 patent that Gilbert Vernam,
who was an engineering working at Bell Labs, got on a one-time pad system.
It shouldn't really be called a one-time pad.
It was a re-use pad system.
The idea behind this is somewhat clear from the patent,
especially if we rotate it so we can see it more clearly.
One thing you can see is that there are five wires going into it.
This is the output from reading a tape that encodes the message.
The key was also on a paper tape.
The encoding used just five bits. This was the Baudot code.
With five bits we can encode 32 different symbols.
That's enough for the alphabet and a few punctuation marks.
You can see the letters were encoded.
There's the strip down the middle that was used to align the tape.
There are five bits to encode each letter.
Managing paper tapes like this was difficult,
and the keys needed to be distributed on paper tapes.
If the keys were constructed in a perfectly random way
and you had enough key that you never needed to reuse it,
this would actually be a perfect cipher. This would be a perfectly good one-time pad.
The problem is distributing large paper tapes is pretty difficult,
especially if you're trying to do this in war time.
The machine that was built based around the same ideas, the Lorenz Cipher Machine,
where instead of having a paper tape with the key you had a machine that would
attempt to produce a good sequence of key bits.
Of course, it's impossible for a machine to produce a perfectly random sequence.
The structure of the machine determines properties of the sequence that's produced.
The machine would generate a key sequence based on its configuration.
That configuration is the initial settings of all the rotors and other parameters
that we'll talk about soon.
If there are two machines that start in the same configuration,
say one in Berlin and one in Paris,
then they produce the same key.
Their encryption is just the message XOR'd with the key that produces the ciphertext
that's sent over radio wireless, received at the other end,
which puts it into a machine starting with the same configuration.
That means that ciphertext XOR'd with the key generated by this machine,
starting from the same configuration will decrypt to receive the message.
The machine was designed to produce a large number of possible sequences.
There are a lot of complex operations, which we'll talk about a little next,
but the key would not repeat for 10^19 letters.
Given that this number was larger than the amount of text written by humans,
at least at the time, this lead the Nazis using it to believe that it provided
the highest security they needed.
They also were confident that because these machines operated in capitals--
they weren't like the enigma machines, which operated in the field--
that they never lost one of these machines.
The Allies never actually had access to the actual machine
to try to figure out how it worked.
