The Many-Time Pad: Theme and Variations

The man-time pad is a method of subverting the security controls of a system to obtain data that is not directly accessible(e.g., because the data is confidential, classified, or otherwise deemed sensitive). It is the antithesis of the one-time pad, the only theoretically unbreakable cipher, in two respects: 1) whereas the one-time pad is a method of protection,the many-time pad is a method of attack; and 2) whereas the one-time pad is used just once, the many-time pad is reusable. A1so, whereas the interpretation of "pad" m the one-time pad comes from a "pad of paper", its interpretation in the many-time pad comes from "stuffing". What makes the many-time pad attack interesting is that it arises in three different contexts: cryptographic systems, where digital signatures can be forged or messages decrypted; statistical databases, where trackers can be used to obtain confidential data; and programming systems, where Trojan Horses can be planted in programs to leak sensitive input data, We shall first describe the basic structure of the attack and countermeasures for foiling it. We shall then show how these three seemingly unrelated security threats are variations of a common theme.