A one-time pad (OTP) is a cryptographic method that uses a random, secret key of the same length as the message. The key is used only once and then discarded. When properly implemented, it provides perfect secrecy, making the ciphertext unbreakable.
Free members can view the YouTube video below:
The biggest problem with this scheme is that you must generate the encryption and decryption pads together and one pad must be sent with the person who will receive the messages. But what if we used a random image as the key to generate the encryption scheme?
As long as both the sender and receiver know where to go everyday to get the latest image, they have an unbreakable and portable encryption scheme.
Shift cyphers have been around since Roman times. For example, if I wanted to encrypt the word “HELLO” with a shift of 5, I would take my alphabet.
And "shift” it 5 spaces so A→F, B→G, C→H and so on. This is a quick way of encrypting something, but it is easily broken.
A one-time pad uses random numbers generated on two pads - one for the sender and once for the receiver. The message is encrypted with one pad, and decrypted by the receiver with the other pad.
A real one time pad is below.
So in order for a one-time pad to work it must obey 4 criteria:
The key must be truly random.
The key must be at least as long as the message.
The key must be used only once.
The key must not be intercepted.
Images on the internet are random, and the pixels contained within those images are random as well. The data from a picture could be used to encrypt and decrypt messages as long as the source of the images is agreed upon beforehand.
This means that:
The receiver does not have to travel with the key
Messages can be of a very long length. a 2MB picture can hold 2 million bytes of text or roughly 2,000 pages of data.
The key can change every day or more often if the account often posts images.
Here is how it would work.
#1. Take an image and inspect the bytes. In this case, I’m using the first 5 bytes after the PNG IDAT identifier of a picture from musical artist Lizzo’s instagram to encrypt the word “HELLO.” Those bytes are in Hexidecimal DE, D3, 36, 8D and 11.
Which translate to the integers: 222, 211, 54, 141 and 11.
Since the ASCII character table is only has 128 spaces (including 0), we need to use a math operation called “MOD” or modulus which gives us the remainder or signed remainder of a division.
This keeps numbers under 128.
222 MOD 128 is 94
211 MOD 128 is 83
54 MOD 128 is 54
141 MOD 128 is 13
11 MOD 128 is 11
Now we need to shift all of those letters the appropriate spaces, looping around when we hit the end, so
H becomes %
E becomes the control character CAN
L becomes the control character NULL
L becomes the control character CR
O becomes Z.
Now the message can be sent.
Decryption uses the same image, and the same process, but instead of adding to the ASCII table, we go in the other direction and subtract.
Note that this is a simple example and does not prevent an adversary from observing what the receiver is downloading. The key also remains online essentially forever, which could be a problem if use is discovered and the adversary attempts a brute force attack using all possible pictures from a known set.
The system also doesn’t account for the fact that randomness isn’t that great among adjacent pixels in an image, so it might be better to divide the image by the number of characters in a message and encrypt using a pixel ever X number of pixels.
The code can be found on my GitHub.
