One-time pad vs Vigenère — why one is breakable and the other is not
| Vernam cipher (One-Time Pad) | Vigenère cipher | |
|---|---|---|
| Family | Polyalphabetic | Polyalphabetic |
| Difficulty | Advanced | Intermediate |
| Era | 1917, Gilbert Vernam | 1553, published 1586, Blaise de Vigenère |
| Inventor | Gilbert Vernam (perfected by Joseph Mauborgne) | Giovan Battista Bellaso (popularized by Blaise de Vigenère) |
The one-time pad (Vernam, 1917) and Vigenère (1586) run rigorously the same algorithm: each plaintext letter is shifted by a key letter. Yet Claude Shannon proved in 1949 that the one-time pad is mathematically unbreakable — an absolute guarantee, not a “probably resistant”. Vigenère, by contrast, falls in a few hours.
How can two “identical” ciphers yield opposite results? The answer comes down to three conditions.
The three conditions that make a one-time pad
For Vigenère to become a one-time pad, its key must check three boxes:
- As long as the message. No repetition, ever. If the key is 20 letters and the message 100, you don’t have a one-time pad — you have a Vigenère.
- Perfectly random. Each letter drawn independently, uniform distribution. Not a word, not a phrase, not a Fibonacci sequence, not a public-domain text. Real physical randomness (thermal noise, radioactive decay).
- Used only once. Reusing a one-time pad on a second message destroys it instantly (cf. operation VENONA where the NSA broke Soviet messages enciphered with carelessly reused pads).
If any of the three fails, you’re doing Vigenère, whatever name you give your procedure.
Why honouring the three conditions makes it unbreakable
With a perfectly random key as long as the message, every possible plaintext is as likely as any other. The ciphertext “ABCDE” can be deciphered as “HELLO”, “WORLD”, “ENEMY”, “NOPED”… with a fitting key. The attacker, even with infinite computing power, cannot tell the right one from the wrong ones. This is Shannon’s concept of perfect secrecy.
Vigenère fails condition 1: with a short, repeating key, statistical traces leak into the ciphertext (the Kasiski test detects repetitions, the index of coincidence confirms the length). Once the length is known, the ciphertext slices into L monoalphabetic sub-messages and falls to frequency analysis.
The practical cost of the one-time pad
Unbreakability has a price: you must transmit the key securely before the message, and the key is as big as the message. If you could transmit the key securely, you could transmit the message itself the same way — hence the circularity.
That’s why the one-time pad remained the preserve of diplomats and spies with pre-distributed pads (the famous physical “one-time pads” of the Cold War), and why civilian industry switched to short-key ciphers with computational resistance (AES, RSA, ChaCha20).
When to use which
- Pedagogical demonstration of “perfect secrecy” → one-time pad, on short messages (10-20 characters) with a coin-flipped key.
- Community puzzle, web riddle, cryptanalysis exercise → Vigenère. Its breakability is precisely what makes the challenge interesting.
- Real long-term secret communication → neither in civilian practice. Modern encryption (AES, ChaCha20) with a shared key established via Diffie-Hellman.