Vernam 密码(一次性密码本)在线编码器和解码器

Vernam 密码(又称一次性密码本)是唯一经数学证明无法破解的加密方法。它通过 XOR 或模加法将明文与等长的真随机密钥组合。使用此免费工具以完美保密性加密和解密消息——无需注册。

结果
0 字符

加密模式

Options

Visualization

安全警告

  • 密钥必须是真正随机的(不能是单词或规律)
  • 永远不要重复使用密钥——使用一次后销毁
  • 密钥长度必须等于或超过消息长度
  • 使用后立即销毁密钥

正确使用时提供完美保密性

Security Level
Perfect
When used correctly
Invented
1917
Gilbert Vernam
Proven By
Shannon
1949 proof
Key Constraint
One-Time
Never reuse

Perfect Secrecy

The only cipher proven to provide perfect secrecy - mathematically unbreakable when used correctly. Each possible plaintext is equally likely given the ciphertext.

Information Theory

Based on Claude Shannon's groundbreaking work in information theory. The cipher provides no information about the plaintext beyond its length.

Practical Limitations

Requires secure key distribution equal to message length, making it impractical for most communications despite its theoretical perfection.

Critical Security Requirements

Key Requirements

  • • Must be truly random (cryptographically secure)
  • • Must be exactly as long as the message
  • • Must be used only once (never reused)
  • • Must be kept completely secret

Distribution Challenges

  • • Secure key exchange required
  • • Key must be as long as all messages
  • • Synchronization between parties needed
  • • Key storage must be secure

Historical Applications

Moscow-Washington Hotline

During the Cold War, the direct communication line between the superpowers used one-time pad encryption for the most critical diplomatic messages.

Intelligence Services

Spy agencies have used one-time pads for decades, including the famous "numbers stations" that broadcast encrypted messages to field agents.

Military Communications

High-security military communications still use OTP variants for the most sensitive operations where perfect secrecy is required.

Banking & Finance

Some high-value financial transactions use OTP-like systems for authentication and securing critical banking communications.

Shannon's Mathematical Proof

In 1949, Claude Shannon proved that the one-time pad provides **perfect secrecy** - a precise mathematical concept meaning that the ciphertext reveals no information about the plaintext beyond its length.

Perfect Secrecy Definition

For every plaintext message M and every ciphertext C of the same length, the probability that M encrypted equals C is exactly the same, regardless of M. This means an attacker gains no information about the message content.

Key Insights

  • • Entropy of key ≥ Entropy of message
  • • Random key eliminates all patterns
  • • Each key bit used exactly once
  • • Information-theoretic security

Mathematical Properties

  • • H(M|C) = H(M) (no information leak)
  • • Uniform distribution over ciphertexts
  • • Computational independence
  • • Unconditional security proof

Why Perfect Security Isn't Practical

Key Management Problems

  • • Key length equals total message length
  • • Secure distribution as hard as secure communication
  • • Key synchronization between parties
  • • Secure storage requirements
  • • Key generation computational cost

Operational Challenges

  • • No error correction possible
  • • Key material consumption rate
  • • Human error in key handling
  • • Scalability limitations
  • • Authentication problem remains

The Paradox: To securely distribute a one-time pad key, you need a secure communication channel - but if you have that, why not just send the message through it?

Learn More About Perfect Secrecy

The Vernam cipher represents the pinnacle of cryptographic achievement - a method proven to be unbreakable when properly implemented. While impractical for most applications due to key management challenges, it remains invaluable for understanding fundamental cryptographic principles.

Educational Value

  • • Understanding information theory
  • • Learning entropy and randomness
  • • Exploring theoretical limits of security
  • • Foundation for modern cryptography

Historical Significance

  • • Cold War diplomatic communications
  • • Intelligence agency operations
  • • Mathematical proof of perfect secrecy
  • • Claude Shannon's information theory

Frequently Asked Questions About Vernam Cipher

What is the Vernam cipher?

The Vernam cipher is an encryption method that combines plaintext with a random key of equal length using XOR or modular addition. Invented by Gilbert Vernam at AT&T Bell Labs in 1917, it was originally designed for teleprinter communications. When used with a truly random, single-use key, it becomes the one-time pad — the only cipher mathematically proven to be unbreakable.

Why is the one-time pad unbreakable?

The one-time pad is unbreakable because every possible plaintext is equally likely given any ciphertext. Claude Shannon proved this in his 1949 paper "Communication Theory of Secrecy Systems," calling it "perfect secrecy." Since the key is truly random and as long as the message, no amount of computational power or mathematical analysis can narrow down the original message. Every decryption attempt with a different key produces a plausible but different result.

How does the Vernam cipher work?

The Vernam cipher works by combining each character of the plaintext with the corresponding character of the key using XOR (exclusive OR) or modular addition. To encrypt, each plaintext bit or letter is XORed with the matching key bit or letter. To decrypt, the same XOR operation is applied to the ciphertext with the same key, since XOR is its own inverse. For example, plaintext 'A' (01000001) XOR key 'K' (01001011) produces ciphertext (00001010), and XORing that result with the same key returns 'A'.

What are the requirements for a secure one-time pad?

A secure one-time pad requires four strict conditions: (1) the key must be truly random, not pseudorandom or generated by an algorithm; (2) the key must be at least as long as the plaintext message; (3) each key must be used only once and then destroyed; and (4) the key must be kept completely secret and shared only between sender and receiver. If any of these conditions is violated, the cipher loses its perfect secrecy guarantee and may become vulnerable to cryptanalysis.

Who invented the Vernam cipher?

Gilbert Sandford Vernam, an engineer at AT&T Bell Labs, invented the cipher in 1917 for securing teleprinter (teletype) communications. Vernam patented the system in 1919 (U.S. Patent 1,310,719). Joseph Mauborgne, a U.S. Army Signal Corps officer, later contributed the critical insight that the key must be completely random, transforming Vernam's cipher into the true one-time pad. Claude Shannon then provided the mathematical proof of its security in 1949.

Why is the one-time pad impractical for most uses?

The one-time pad is impractical because key management creates enormous logistical challenges. The key must be as long as every message sent, so encrypting a 1 GB file requires securely distributing a 1 GB key in advance. Keys can never be reused, so parties must continuously exchange fresh key material through a secure channel. Generating truly random keys at scale is also difficult. These constraints make the one-time pad viable only for the highest-security communications, such as the Washington–Moscow hotline during the Cold War.

What is the difference between Vernam cipher and XOR encryption?

XOR encryption is the binary operation used in the Vernam cipher, but not all XOR encryption qualifies as a Vernam cipher. A true Vernam cipher (one-time pad) requires a truly random key that is as long as the message and never reused. Many so-called XOR encryption schemes use short, repeating keys or pseudorandom key streams generated by algorithms, which makes them vulnerable to known-plaintext attacks, frequency analysis, and key recovery. The security of the Vernam cipher comes from its key properties, not from the XOR operation itself.

Related Ciphers

Running Key Cipher

Uses a long passage of text (like a book) as the encryption key

Autokey Cipher

Extends a short key using the plaintext itself

Vigenère Cipher

Polyalphabetic cipher that uses a keyword to shift letters

Straddling Checkerboard

Variable-length encoding cipher with built-in compression

You May Also Like

Four-Square CipherMilitary & Intelligence
Beaufort CipherHistorical
Gronsfeld CipherVisual & Encoding
Hill CipherMathematical
Homophonic CipherVisual & Encoding
Browse All 23 Ciphers →

什么是弗纳姆密码?

弗纳姆密码(Vernam Cipher),也称为一次性密码本(OTP),是唯一被数学证明不可破解的加密方法。由 Gilbert Vernam 于1917年在 AT&T 贝尔实验室工作时发明,它将每个明文字符与来自等长真随机密钥的对应字符相结合,使用模加法或 XOR 运算。

当正确实现时,一次性密码本能够实现密码学家所称的完美保密性——Claude Shannon 在其1949年的里程碑式论文《保密系统的通信理论》中正式证明了这一性质。无论现在还是未来,任何计算能力都无法破解正确使用的一次性密码本。

加密原理

弗纳姆密码提供两种操作模式,只要密钥满足所需条件,两者都能产生可证明安全的密文。

维吉尼亚模式(字母加法)

每个字母被转换为数字(A=0, B=1, ... Z=25),与对应的密钥值相加,并以26取模:

加密: C = (P + K) mod 26

解密: P = (C - K) mod 26

示例: 使用密钥"XMCKL"加密"HELLO":

  • H(7) + X(23) = 30 mod 26 = 4 (E)
  • E(4) + M(12) = 16 mod 26 = 16 (Q)
  • L(11) + C(2) = 13 mod 26 = 13 (N)
  • L(11) + K(10) = 21 mod 26 = 21 (V)
  • O(14) + L(11) = 25 mod 26 = 25 (Z)

结果:HELLO 变为 EQNVZ

XOR 模式(二进制运算)

每个字符被转换为二进制,并与密钥逐位进行 XOR 运算。XOR 是自逆运算,即相同操作既可加密也可解密:

明文 'H':  01001000
密钥字节:  10110111
XOR 结果:  11111111  (密文)

密文:      11111111
密钥字节:  10110111
XOR 结果:  01001000  (恢复 'H')

XOR 模式可处理任何二进制数据,而不仅仅是文本,使其成为现代实现中的标准方法。

完美安全性的要求

完美保密性依赖于四个不可妥协的条件。违反其中任何一个都会将密码降级为普通的可破解系统。

要求重要性
真随机密钥伪随机生成器遵循可以被预测或重现的确定性模式
密钥长度 >= 消息长度较短的密钥会强制重复,产生可利用的模式(类似于维吉尼亚密码
仅使用一次重复使用密钥让攻击者可以对两个密文进行 XOR,消除密钥并暴露两个明文
密钥保密如果对手获得密钥,所有安全性立即丧失

弗纳姆密码与维吉尼亚密码对比

弗纳姆密码与维吉尼亚密码共享相同的数学运算——模加法——但在密钥处理方式上存在根本差异。

特性弗纳姆密码(OTP)维吉尼亚密码
密钥长度等于消息长度短关键词,重复使用
密钥材料真随机易记的单词或短语
安全级别完美保密性(已证明)可通过 Kasiski 检验破解
实际用途极其有限历史上广泛使用
密钥重用从不——每个密钥仅使用一次相同关键词无限期重复使用

像"SECRET"(6个字母)这样的维吉尼亚密钥在100个字母的消息中重复超过16次,产生频率分析可以利用的周期性模式。而100个真随机字符的弗纳姆密钥产生的密文完全没有可利用的结构。

历史应用

军事和情报用途

一次性密码本在冷战时期得到广泛使用。特工携带印有随机数字序列的纸质密码本,每页只使用一次后即销毁。1963年建立的华盛顿-莫斯科热线(旨在防止意外核战争)最初依赖一次性密码本加密。

该系统最著名的失败案例发生在二战期间。受战时压力影响,苏联重复使用了部分一次性密码本密钥。美国国家安全局的**文字密码项目(Venona Project)**利用这些重复使用的密钥,在1943年至1980年间解密了数千条苏联情报消息,暴露了主要间谍网络。算法本身从未被破解——只是密钥管理失败了。

现代意义

今天,一次性密码本对大多数通信来说是不切实际的,因为分发与每条消息等长的密钥会产生巨大的后勤挑战。然而,这一原则在**量子密钥分发(QKD)**中得以延续,它使用量子力学通过光纤链路安全分发真随机密钥,从而有效解决了密钥分发问题。

一些情报机构据信仍在最敏感的通信中使用一次性密码本系统,该密码仍是衡量所有其他加密方法的理论标准。

弗纳姆密码与其他加密方法对比

特性弗纳姆(OTP)凯撒密码AES-256RSA
安全基础信息论无(极易破解)计算复杂性计算复杂性
密钥长度与消息等长1个数字(0-25)256位2048+位
抗量子是(可证明)不适用部分
日常实用性

常见问题

弗纳姆密码可以被破解吗?

不能——只要正确使用就不能。Shannon 的证明表明,使用真随机、足够长的单次使用密钥时,对于任何给定密文,每个可能的明文都是同等可能的。攻击者仅从密文中获取零信息。像文字密码项目这样的历史性"破解"之所以成功,是因为密钥被重复使用,而非算法有缺陷。

为什么一次性密码本对日常使用不切实际?

密钥必须与每条消息等长且永不重用。加密1 GB的文件需要通过单独渠道安全分发1 GB的密钥。对于大量通信,这造成了难以维持的后勤问题,这就是为什么现代系统使用AES等计算安全算法的原因。

弗纳姆密码与 XOR 加密有何区别?

XOR 是弗纳姆密码中使用的二进制运算,但并非所有 XOR 加密都符合一次性密码本的标准。许多"XOR加密"工具使用短的重复密钥或算法生成的伪随机流。安全性来自密钥属性——真随机性、足够的长度和单次使用——而非 XOR 运算本身。

谁发明了弗纳姆密码?

Gilbert Sandford Vernam 于1917年在 AT&T 贝尔实验室发明了该密码,用于保护电传打字机通信(美国专利1,310,719,1919年授权)。美国陆军信号兵团的 Joseph Mauborgne 后来贡献了密钥必须完全随机这一关键见解。Claude Shannon 于1949年提供了完美保密性的数学证明。

自动密钥密码与弗纳姆密码相比如何?

自动密钥密码使用短初始密钥,然后通过追加明文字符来扩展它。虽然这消除了维吉尼亚密码的重复密钥弱点,但密钥流并非随机——它依赖于明文本身,使其容易受到统计攻击。弗纳姆密码要求每条消息都有一个完全独立的真随机密钥。

相关工具与资源