Advanced Encryption Standard or One-Time Pads?

Xenoxide

Xenoxide

Xenoxide

Associate
Joined
13 Oct 2004
Posts
1,243
Here's a theoretical question for those knowledgeable on encryption cyphers...which is more secure, AES or one-time pads?

Let's pretend the following:

1. Both implementations are as perfect as can be.
2. The systems the implementations are running on are protected from side-channel attacks.
3. There's no chance of a brute force attack in the time that the information is still useful.
4. The AES password would be rated Secure on most password strength meters (Say...14 characters long, upper and lowercase letters, numbers, symbols, completely random selection)
5. The OTP pad is the same length as the data to be encrypted and is randomly selected.
6. When I say random, I mean 100% random (Pretend it's possible for a second), not computationally random.
7. Both the AES password and the OTP pad are 100% protected from anyone being able to gain access from them. It's completely impossible.

Which is more secure? I've looked over the design/description documents for Rijndael (AES) and one-time-pad's, and from what I can see, going by the guidelines above, both are as secure as each other. But can someone who is any good at maths give a second opinion?

AES description: http://en.wikipedia.org/wiki/Advanced_Encryption_Standard
One-time pads: http://en.wikipedia.org/wiki/One-time_pad
 
I'm by no means an expert in either, or in cryptography in general, but given your assumptions, I'd say that OTP is more secure.

My reasoning: any plaintext can be produced from any data with the correct key. Given your assumptions, it's impossible to know whether the plaintext you've got is the right one. In other words, it's possible to generate any plaintext (as long as it's the same length as the ciphertext) with the right key.

For example, given a sequence of data the exact length of Lord of the Rings, with the right key, you can "decrypt" it to Lord of the Rings, or in fact whatever you want.

You can think of the OTP as a function with two parameters: the data and the key. Its strength lies in the fact that
  • it is a single function; the same process is used for encryption and decryption, and
  • that the domain of the data, the domain of the key, and the codomain of the function, are identical.
 
Last edited:
Given your assumptions, I believe the OTP is unbreakable (this can be mathematically proven). I don't know enough about AES to make the same claim.

EDIT: It seems you can brute force AES, so OTP wins, I guess.
 
Last edited:
I am no expert in cryptography either but this what I think,

Xenoxide said:
6. When I say random, I mean 100% random (Pretend it's possible for a second), not computationally random.
Click to expand...

Theoretically this alone means the OTP would be unbreakable.

AES on the otherhand it is feasible that a weakness could be found in the algorithm in future. Though right now its pretty dam safe :-)

There is also the case of side channel attacks due to physical implementations of the cryptosystem not down to weaknesses in the algorithm for example,
http://cr.yp.to/antiforgery/cachetiming-20050414.pdf
http://www.wisdom.weizmann.ac.il/~tromer/papers/cache.pdf

This pretty much sums it up,

"We have one criticism of AES: we don't quite trust the security...What concerns us the most about AES is its simple algebraic structure....No other block cipher we know of has such a simple algebraic representation. We have no idea whether this leads to an attack or not, but not knowing is reason enough to be skeptical about the use of AES." (Practical Cryptography, 2003, pp56-57)
 
You must log in or register to reply here.
Back
Top Bottom