### About Crib Dragging

The one-time pad is perfectly secure
encryption technique, assuming that these three conditions are satisfied:

• The key(pad) is delivered securely without interception.

• **The key(pad) is used only once. ***

• The key(pad) is truley random.

A crib drag attack takes advantage of the vulnerability of reusing a pad.

#### The One-Time Pad

Similar to the caesar cipher, by using modular addition we combine the key and message together, but
instead of shifting by just one number, we shift each message_{i} by key_{i} then modulus 26.

Caesar cipher - Message: **HELLO**, Key: **5**

Original Message | H | E | L | L | O |
---|---|---|---|---|---|

Message to Int | (7+5) Mod 26 | (4+5) Mod 26 | (11+5) Mod 26 | (11+5) Mod 26 | (14+5) Mod 26 |

(Message_{i} + 5) Mod 26 |
12 | 9 | 16 | 16 | 19 |

Encrypted Message | M | J | Q | Q | T |

With the caesar cipher encryption technique we see that we just shifted each letter in the message(HELLO) to the right by the key(5 spaces), this resulted in the final message "MJQQT". This method is very unsecure because we can brute force the encypted message with a worst case of 26(the max amount of shifts possible). This type of mapping is considered one-to-one mapping because each letter is mapped to exactly one other letter (e.g. "L" always transforms to "Q"). Therefore, once we have the key(5), we can always assume that an encrypted message containing Q always refers to L. This is not the case for One-Time Pads, we will see that below.

One-Time Pad - Message:

**HELLO**, Key:

**MYKEY**

Original Message | H | E | L | L | O |
---|---|---|---|---|---|

Message to Int | (7+12) Mod 26 | (4+24) Mod 26 | (11+10) Mod 26 | (11+4) Mod 26 | (14+24) Mod 26 |

(Message_{i} + key_{i}) Mod 26 |
19 | 2 | 21 | 15 | 12 |

Encrypted Message | T | C | V | P | M |

Key | M | Y | K | E | Y |
---|---|---|---|---|---|

Int | 12 | 24 | 10 | 4 | 24 |

With a one-time pad we see that each letter in the message is shifted by a new value. The
complexity of a one-time pad is 26^{n}, but this is not what makes a one time pad so secure, even if
we brute force all possiblities, we still do not know which key is correct. For example:
If we receive the message "HMM" that has been encrypted by a one-time pad, the worst case is 26^{3} possiblities.
So we brute force every combination, but which result is the decrypted message? This will result in every combination of
three letters including: "HEY", "CAT", "BYE". We cannot possiblity know what the original message is without the key.

#### Crib Dragging

For computers it is faster to employ the XOR operation for one-time pads. For this example, we will be using strings
that are converted to HEX.

Assume we have two messages: "Hello World!" and "Easy 2 Crack", we are going to ecrypt them with the key "secretkey123".
The first thing we are going to do is convert them from ASCII to HEX format.

**Message 1 ASCII**: Hello World!

**Message 2 ASCII**: Easy 2 Crack

**Key ASCII**: secretkey123

**Message 1 HEX**: 48656c6c6f20576f726c6421

**Message 2 HEX**: 45617379203220437261636b

**Key HEX**: 7365637265746b6579313233

Then we can encrypt each HEX string with the key by using an XOR operation.

**Message 1 ⊕ Key**: 48656c6c6f20576f726c6421 ⊕ 7365637265746b6579313233 = Cipher 1

**Message 2 ⊕ Key**: 45617379203220437261636b ⊕ 7365637265746b6579313233 = Cipher 2

**Encrypted Message 1(Cipher 1)**: 3b000f1e0a543c0a0b5d5612

**Encrypted Message 2(Cipher 2)**: 3604100b45464b260b505158

Now, for future reference, we can XOR Cipher 1 and Cipher 2 together.

**Cipher 1 ⊕ Cipher 2**: 0d041f154f12772c000d074a

Let us assume that Alice is sending the messages Cipher 1 and Cipher 2 to Bob, but Eve has intercepted them,
how can Eve decrypt the messages? Well if the messages were both encrypted with seperate random one-time pads
then it would be impossible for Eve to decrypt the messages, but what if Eve knows that Alice and Bob have been
reusing their one-time pad? This is where crib dragging comes in.

Eve can attempt to guess words(Crib Words) to drag along the XOR'd messages. For example:
If Eve guesses "Hello" as their Crib Word, first Eve will want to convert this to HEX.
Hello then becomes: 48656c6c6f, now Eve can "drag" this word across the XOR'd messages
XORing it with them.

**0d041f154f**12772c000d074a

**48656c6c6f**

_____________

**4561737920**

If Eve now converts the result 4561737920 to ASCII, Eve will see that the result ended up being "Easy ".
This is a good result, and is probably the correct answer(We already know the answer, but Eve doesn't), this is because "Easy " is a readable
word, usually if your crib word fails it will give you gibberish. Since "Easy " is probably the start Cipher 2 now Eve can continue guessing until the messages are decrypted.