Click for homepage
One-Time Pad   OTP
The unbreakable code

The One-Time Pad, or OTP is an encryption technique in which each character of the plaintext is combined with a character from a random key stream. Originally described in 1882 by banker Frank Miller (USA), it was re-invented in 1917 by Gilbert Vernam and Joseph Mauborgne. When applied correctly, the OTP provides a truely unbreakable cipher. It is named after the sheets of paper (pads) on which the key stream was usually printed. It also exists as One Time Tape (OTT).

The image on the right shows a typical OTP booklet as it was used by agents of the former Soviet Union (USSR) during the 1960s. It consists of a stack of small very thin pages, each with a series of random 5-digit numbers on them. Each page was destroyed immediately after use.

OTPs like this, were commonly used for sending coded messages via a Russian spy radio set such as the R-353, often in relation to the mysterious Numbers Stations on the short wave radio bands. The OTP booklet shown here is from the internal collection of the Dutch Intelligence Agency AIVD.
Courtesy AIVD Netherlands [1]

In this section, we shows a selection of OTP systems from a variety of sources and countries. Although the exact operating procedure varies between OTP systems, we will try to give examples whenever possible. Real OTP booklets are extremely rare as they were normally destroyed after use. The ones that did survive are generally in the hands of the intelligence and law enforcement agencies that used or confiscated them. Click any of the thumbnails below for further details.

OTP systems on this website
Small OTP booklet used by the USSR and the DDR during the Cold War Red and blue OTP booklets used by Czechoslovakia during the Cold War
One-Time Tape (OTT), the teleprinter variant of the OTP
The theory behind the OTP is that the encryption key has at least the same length as the actual message (i.e. the plaintext) and consists of truely random numbers. Each letter of the plaintext is 'added' to one element from the OTP using modulo-addition. This results in a ciphertext that has no relation with the plaintext when the key is unknown. At the receiving end, the same OTP is used to retrieve the original plaintext. For this to work, the following rules are mandatory:

  1. The OTP should consist of truely random characters (noise).
  2. The OTP (i.e. the key) should have the same length as the plaintext (or longer).
  3. Only two copies of the OTP should exist.
  4. The OTP should be used only once.
  5. Both copies of the OTP are destroyed immediately after use.
Only if the above rules are strictly obeyed, the OTP is absolutely safe. Combining numbers with the plaintext manually, is a time-consuming task. It is therefore sometimes thought that OTPs are no longer practical. With modern computer technology however, the entire task of coding and decoding, can easily be automated, just like it was done in the past on teleprinter systems, but you should bear in mind that in practice there is no such thing as a secure personal computer.

Although it may sound strange, manual OTP ciphers are still being used today (2015) for sending secret messages to agents (spies) via the Numbers Stations, or One-Way Voice Links (OWVL), that you may have heard on the short-wave radio bands. For a detailed description of the One-Time Pad Cipher and its history, complete with numerous examples, we would like to recommend the excellent paper Secure Communications with the One Time Pad Cipher, by Dirk Rijmenants [4].

 Read now (off-site)

The major problem with OTPs, is their distribution. A unique set of OTP booklets needs to be issued and distributed to each individual spy or agent abroad. As the OTP was destroyed immediately after use, sufficient and timely supply of new OTPs had to be guaranteed.

OTPs were often smuggled into the country by using concealments like the one shown in the image on the right. In this case a common travel kit is cleverly converted into a concealment device by the East-German secret service.

 More information
Courtesy AIVD Netherlands [1]

Another popular method for distributing and hiding OTP booklets, was by printing them at very small size and hiding them inside common objects like ballpoints, photoframes and, as shown in the image on the right, inside a walnut.

The walnut concealment was very popular with KGB agents in Western Europe for many years, until it was discovered by the West-Germans.

 Walnut concealment
 Other concealments
Walnut concealment device with two OTP booklets

OTP systems come in many forms and flavours. The Russian OTP shown above, contains only numbers. It requires the letters of a message to be converted into numbers, before applying the OTP. It is also possible however, to use an OTP based on letters.

An example of such a letter-based OTP is shown in the image on the right. It's a stack of approx. 30 pages that are stapled together. The cover at the left, contains a folded alphabet table that is used in the translation process.

Some OTPs are so small that they can easily be hidden inside a small object. More examples and detailed photographs below. Some OTPs are so small that they can be fitted inside a slide frame.

All OTP photos in this section are courtesy Detlev Vreisleben (Germany) [2] and © Crypto Museum.
Letter-based OTP, courtesy Detlev Vreisleben [2]

OTP booklets, such as the one shown above, have been captured during the Cold War by Western intelligence agencies on a number of occassions. One documented example is the capture of a Dutch man, who acted as an East-German agent in The Netherlands, in 1969. When he was finally exposed, the Dutch intelligence agency BVD (now: AIVD) found a partly used OTP booklet in his home, along with a fully operational R-353 spy radio set, a burst encoder and cassettes [1][2].

Complete R-353 with burst encoder and OTP cipher booklet

 More about the R-353 radio

Letter-based OTP with folded-out alphabet table Letter-based OTP Miniature OTP in slide frame Close-up of miniature OTP Miniature OTP in slide frame Long miniature OTP Long miniature OTP (close-up) Long miniature OTP
  1. AIVD, One-Time Pad and OTP concealment
    Dutch General Intelligence and Security Service. October 2010.

  2. Detlev Vreisleben, Personal collection of One-Time Pads
    Photographed by Crypto Museum. Köln (Germany), 20 March 2010.

  3. Wikipedia, One-time pad
    Retrieved January 2013.

  4. Dirk Rijmenants, Secure Communications with the One Time Pad Cipher
    Paper (English) 2009-2014. Version 6.2, 18 December 2014.
Further information
Any links shown in red are currently unavailable. If you like the information on this website, why not make a donation?
Crypto Museum. Created: Friday 28 August 2015. Last changed: Friday, 30 December 2016 - 09:27 CET.
Click for homepage