This isn't the first time I've seen someone on HN act like one-time pads are the solution to all of the problems of cryptography.
It's like people read that OTPs are the only encryption method that has been proven to be completely unbreakable (when used correctly) and stop reading there, and then completely miss all the things OTPs don't solve (ie, guaranteeing authenticity), not to mention their massive glaring limitation: How do you transfer the encryption key?
Is quantum computing relevant to symmetric encryption like OTP? GP was talking about asymmetric encryption. My limited understanding is that quantum computing is a threat to asymmetric encryption.
There's also the question of, if you can distribute a key which is at least the same size as your message over a secure channel - why not just distribute your message over that channel in the first place?
Because with QKD you can distribute a random key knowing that there were no observers but you cannot distribute a message with the same guarantees. Specifically, any given bit exchanged might be observed, but that is detectable so the bit can be discarded.
I read some years ago about a non quantum technique to achieve the same based on (I think) noise in a coupled electronic system. I wonder if that has been tested further.
One-time pads are obviously not a serious widespread cryptography proposal.
But the question of, "Why not just send the message instead of the pad" is pretty straightforward: when you have the opportunity to safely deliver the pad, you don't know what the message will be. When you do know what the message will be, you don't have the opportunity to safely deliver the pad.
The difference between one-time pad and stream cipher is provable, absolute secrecy, and really good secrecy. If don't care about that, there is zero point to one-time pad.
Also, it isn't just a "chunk", for one-time pad it has to be the same length as the messages. Which is fine if just short messages but a lot harder if lots of data.
If can exchange lots of data, better off using them as keys for stream cipher.
Doing some armchair navel gazing cryptanalysis, but isn't that only true if you assume the OTP has access to true randomness? What if the attacker breaks your CSPRNG? Or what if the universe is deterministic and therefore a true RNG is impossible?
Similarly relaxing in my armchair, a deterministic universe is compatible with a CSPRNG as long as the information required to recover it's internal state is too diffuse to recover, or is outside the light cone of your adversary.
Eg, rolling a dice is deterministic, and I imagine an algorithm exists that could recover the value of a dice throw from a recording of the sound of it rolling and it's initial position. But once that sound has turned into heat, and that heat has conducted itself about the walls and into the air, I don't think it's possible to recover the sound.
I'm not sure physics really does say that. Physicists seem to believe that information is never lost - but that doesn't mean the information can be retrieved. If it's in a fragile state, then the act of measuring it might change it. Eg an electron has both a position and a momentum, but that doesn't mean you can measure it's velocity.
When you burn a document, all the matter might be transferred into the smoke, but you've rendered it into a stream of particles which is small enough to be effected by Brownian motion. Reversing the process (figuring out the initial position of each soot particle) involves knowing the position and momentum of the air molecules impacting the soot particles. In principle, you could take the current position and momentum of those particles and extrapolate backwards - but you can't actually measure that, not even in theory.
But quantum computing can put the ciphertext in a quantum superposition between solved and unsolved state. Only problem to remain will be simple matter of determining what the plaintext is to be.
