Skip main navigation

The One-Time Pad

In this step, you will learn about the strongest encryption scheme, the one-time pad (or OTP), as implemented by the Vernam cipher. You will also find out how its ‘perfect security’ can be compromised.

In this step, you will learn about the strongest encryption scheme, the one-time pad (or OTP), as implemented by the Vernam cipher. You will also find out how its ‘perfect security’ can be compromised.

The One-Time Pad

A one-time pad refers to a system where the sender and receiver both have an identical copy of a pad of pages. Each page contains a different key, usually in the form of a very long random sequence of numbers or letters. Every time a message is sent, a new page from the pad is used and is then carefully discarded by the sender and receiver as it must never be used again. The key in a one-time pad cipher must be as long as the plaintext.

A one-time pad, the image shows a hand holding a tiny notepad with writing across it. There are multiple pages visible.

The Vernam Cipher

To explore how this cipher works, I will use an implementation devised by Gilbert Vernam in the early 1900s.

Imagine that you and I each have a copy of a one-time pad. Today I want to send you the following message:


The message is 24 characters long and the first 24 characters of the top page in the one-time pad are:


To encrypt the message, each letter of the plaintext is taken and encoded as a binary number. Vernam’s system used 5-bit Baudot codes, but we will use 7-bit standard ASCII codes. The ASCII code for the letter M is 77, which is 01001101 in binary. E is 01000101 and T is 01010100.

The first word — “MEET” — in binary is:

1001101 1000101 1000101 1010100

Now I will get the first four letters of the key and encode these characters in the same way:

1000111 1010010 1010111 1000110

Each binary digit of the plaintext must be combined with its equivalent binary digit from the key using a logical XOR operation. To carry out this operation, the values of the two bits are compared; if they are the same (i.e. both 0 or 1) then XOR returns 0, and if they are different, XOR returns 1. This logic can be shown in a truth table as follows:

bit1 bit2 bit1 XOR bit2
0 0 0
0 1 1
1 0 1
1 1 0

You can find out more about XOR and truth tables in our course How Computers Work, which is accessible for teachers in England through Teach Computing and for everyone else directly through FutureLearn.

This is the XOR process for the first letter of the first word of my secret message:

plaintext (M) 1 0 0 1 1 0 1
key (G) 1 0 0 0 1 1 1
ciphertext 0 0 0 1 0 1 0

And now here is the XOR process for the whole first word:

message M E E T
plaintext 1001101 1000101 1000101 1010100
key 1000111 1010010 1010111 1000110
ciphertext 0001010 0010111 0010010 0010010

I would send these binary sequences along with the ciphertext for the rest of the message, encrypted using the same technique.

When you receive the message, the process is reversed.

  1. Take the key (remember that the sender and receiver have an identical copy of the pad) and extract the first four letters and convert them to binary.
  2. XOR each pair of bits to reveal the binary ASCII codes.
  3. Finally, convert the ASCII codes back into character form to reveal the secret message.
ciphertext 0001010 0010111 0010010 0010010
key 1000111 1010010 1010111 1000110
plaintext 1001101 1000101 1000101 1010100
message M E E T

Is this really perfectly secure?

In theory, yes! Because every character of the plaintext is encrypted with a different character from the key, the Vernam cipher preserves no patterns. A brute-force attack on our secret message would reveal every possible permutation of 24 characters. Some of these would be nonsense but hundreds would make sense and the eavesdropper would have no idea which was the actual message.

It has been proved that the cipher is perfectly secure so long as the following are also true:

  • The key must be completely random
  • The key must be at least as long as the plaintext
  • The key must be kept completely secret
  • The key must be used once only and then destroyed

However, two of these conditions are very tricky to satisfy:

  • Why does the keystream have to be completely random for the encryption scheme to be secure?
  • How would you generate a random set of characters?

Using the Vernam Cipher

  • Why don’t you try to encrypt your own message using the Vernam cipher?
This article is from the free online

Introduction to Encryption and Cryptography

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education