Editing One-time pad (section)

==History==
[[Frank Miller (cryptography)|Frank Miller]] in 1882 was the first to describe the one-time pad system for securing telegraphy.<ref name="BELLOVIN1"/><ref name=bio>{{cite news |author=John Markoff |title=Codebook Shows an Encryption Form Dates Back to Telegraphs |url=https://www.nytimes.com/2011/07/26/science/26code.html?ref=science |newspaper=[[The New York Times]] |date=July 25, 2011 |access-date=2011-07-26 |url-status = live|archive-url=https://web.archive.org/web/20130521201312/http://www.nytimes.com/2011/07/26/science/26code.html?ref=science |archive-date=May 21, 2013 |author-link=John Markoff }}</ref>

The next one-time pad system was electrical. In 1917, [[Gilbert Vernam]] (of [[AT&T Corporation]]) invented<ref>{{Cite journal|last1=Peng|first1=Weiping|last2=Cui|first2=Shuang|last3=Song|first3=Cheng|date=2021-01-20|editor-last=Raja|editor-first=Gulistan|title=One-time-pad cipher algorithm based on confusion mapping and DNA storage technology|journal=PLOS ONE|language=en|volume=16|issue=1|pages=e0245506|doi=10.1371/journal.pone.0245506|issn=1932-6203|pmc=7817086|pmid=33471849|bibcode=2021PLoSO..1645506P|doi-access=free}}</ref> and later patented in 1919 ({{US patent|1310719}}) a cipher based on [[teleprinter]] technology. Each character in a message was electrically combined with a character on a [[Punched tape|punched paper tape]] key. [[Joseph Mauborgne]] (then a [[Captain (U.S. Army)|captain]] in the [[U.S. Army]] and later chief of the [[Signal Corps (United States Army)|Signal Corps]]) recognized that the character sequence on the key tape could be completely random and that, if so, cryptanalysis would be more difficult. Together they invented the first one-time tape system.<ref name="kahn">{{cite book| last=Kahn| first=David| title=The Codebreakers| publisher=[[Macmillan Publishers (United States)|Macmillan]]| year=1967| isbn=978-0-684-83130-5| pages=398 ff |author-link=David Kahn (writer)| title-link=The Codebreakers}}</ref>

The next development was the paper pad system. Diplomats had long used codes and ciphers for confidentiality and to minimize [[Telegraphy|telegraph]] costs. For the codes, words and phrases were converted to groups of numbers (typically 4 or 5 digits) using a dictionary-like [[codebook]]. For added security, secret numbers could be combined with (usually modular addition) each code group before transmission, with the secret numbers being changed periodically (this was called [[superencryption]]). In the early 1920s, three German cryptographers (Werner Kunze, Rudolf Schauffler, and Erich Langlotz), who were involved in breaking such systems, realized that they could never be broken if a separate randomly chosen additive number was used for every code group. They had duplicate paper pads printed with lines of random number groups. Each page had a serial number and eight lines. Each line had six 5-digit numbers. A page would be used as a work sheet to encode a message and then destroyed. The [[serial number]] of the page would be sent with the encoded message. The recipient would reverse the procedure and then destroy his copy of the page. The German foreign office put this system into operation by 1923.<ref name="kahn"/>

A separate notion was the use of a one-time pad of letters to encode plaintext directly as in the example below. [[Leo Marks]] describes inventing such a system for the British [[Special Operations Executive]] during [[World War II|World War&nbsp;II]], though he suspected at the time that it was already known in the highly compartmentalized world of cryptography, as for instance at [[Bletchley Park]].<ref name="marks">{{cite book| last=Marks| first=Leo| title=Between Silk and Cyanide: a Codemaker's Story, 1941–1945| publisher=HarperCollins| year=1998| isbn=978-0-684-86780-9| url=https://archive.org/details/betweensilkcyani00leom}}</ref>

The final discovery was made by information theorist [[Claude Shannon]] in the 1940s who recognized and proved the theoretical significance of the one-time pad system. Shannon delivered his results in a classified report in 1945 and published them openly in 1949.<ref name="shannon" /> At the same time, Soviet information theorist [[Vladimir Kotelnikov]] had independently proved the absolute security of the one-time pad; his results were delivered in 1941 in a report that apparently remains classified.<ref name="kotelnikov">{{cite journal|author=Sergei N Molotkov (Institute of Solid-State Physics, Russian Academy of Sciences, Chernogolovka, Moscow region, Russian Federation)|date=22 February 2006|title=Quantum cryptography and V A Kotel'nikov's one-time key and sampling theorems|url=http://www.turpion.org/php/paper.phtml?journal_id=pu&paper_id=6050|journal=Physics-Uspekhi|volume=49|issue=7|pages=750–761|bibcode=2006PhyU...49..750M|doi=10.1070/PU2006v049n07ABEH006050|s2cid=118764598|access-date=2009-05-03|archive-date=2008-12-10|archive-url=https://web.archive.org/web/20081210092826/http://www.turpion.org/php/paper.phtml?journal_id=pu&paper_id=6050|url-status=dead|url-access=subscription}} PACS numbers: 01.10.Fv, 03.67.Dd, 89.70.+c<!-- S. N. Molotkov, “Quantum cryptography and V. A. Kotel’nikov’s one-time key and sampling theorems,” PHYS-USP '''49''', 750-761 (2006), article available to journal subscribers in&nbsp;English [http://www.turpion.org/php/paper.phtml?journal_id=pu&paper_id=6050] --> and openly in Russian [http://www.ufn.ru/ru/articles/2006/7/k/ Квантовая криптография и теоремы В.А. Котельникова об одноразовых ключах и об отсчетах. УФН]</ref>

There also exists a quantum analogue of the one time pad, which can be used to exchange [[quantum state]]s along a one-way [[quantum channel]] with perfect secrecy, which is sometimes used in quantum computing. It can be shown that a shared secret of at least 2n classical bits is required to exchange an n-qubit quantum state along a one-way quantum channel (by analogue with the result that a key of n bits is required to exchange an n bit message with perfect secrecy). A scheme proposed in 2000 achieves this bound. One way to implement this quantum one-time pad is by dividing the 2n bit key into n pairs of bits. To encrypt the state, for each pair of bits i in the key, one would apply an X gate to qubit i of the state if and only if the first bit of the pair is 1, and apply a Z gate to qubit i of the state if and only if the second bit of the pair is 1. Decryption involves applying this transformation again, since X and Z are their own inverses. This can be shown to be perfectly secret in a quantum setting.<ref>{{cite arXiv |last1=Mosca |first1=Michele |last2=Tapp |first2=Alain |last3=de Wolf |first3=Ronald |date=2000-03-27 |title=Private Quantum Channels and the Cost of Randomizing Quantum Information |eprint=quant-ph/0003101 }}</ref>