Practical, scalable alternative session encryption using one-time pads

TL;DR

This paper advocates for practical, scalable use of one-time pads for encryption, emphasizing their advantages over traditional cryptography in the context of modern storage and surveillance capabilities.

Contribution

It challenges myths about one-time pads, provides practical methods for their secure implementation, and demonstrates their feasibility for widespread use.

Findings

One-time pads offer perfect secrecy when properly implemented.

Practical methods for key generation and distribution are achievable at scale.

Existing implementations show promising security and usability.

Abstract

When I was smaller, a five megabyte fixed disk cost $5,000, a 300 bps modem cost hundreds of dollars, and communication links were intercepted by attaching devices to the target subscriber's local loop. From then to now there have been three great implosions: the cost of storage, the cost of bandwidth, and the cost of surveillance. The wake of the first two implosions sheared away most obstacles to using one-time pads to encrypt data in flight, and the final imposition -- I mean implosion -- now makes consideration of one-time pads a practical necessity. So far as assurance of confidentiality is concerned, today's block ciphers and public key cryptosystems flunk the exam. I don't know how to recover an AES key or compute the discrete logarithm of an elliptic curve element, but there exists no proof that another cannot. Moreover, encrypted communications can be recorded and stored for later attack by algorithms and devices yet to be discovered. Equally concerning is that when a significant "break" is discovered for solving either puzzle, the safety of an entire planet's communication and data dissolves like instant pudding. The world is unready to ingest so much pudding. We need balance in our cryptographic diet, and we need that balance now. In this paper, I discredit many myths concerning one-time pads, discuss practical steps to address perceived shortcomings, and shatter the notion that secure generation, distribution, and use of mammoth cryptographic keys cannot be practiced in every home, church, school, and business. I also discuss my own implementations, their capabilities and track record, and where they should lead.