XOR cipher

The XOR cipher is the most elementary form of symmetric stream cipher. It applies the exclusive-OR operation (often written ⊕) bit by bit between the plaintext and a key. Despite its apparent simplicity, it is the foundational building block of all modern symmetric cryptography: AES, ChaCha20 and most current stream ciphers end their pipeline with a XOR between a pseudo-random stream and the message.

Principle

The XOR operation

Exclusive-OR between two bits is defined as:

0 ⊕ 0 = 0
0 ⊕ 1 = 1
1 ⊕ 0 = 1
1 ⊕ 1 = 0

In other words, it equals 1 if and only if the two bits differ. This operation has two decisive properties for cryptography:

1. Involutive: a ⊕ b ⊕ b = a. Encryption and decryption are the same operation.
2. Balanced: if the key is uniformly random, each bit of the ciphertext is 0 or 1 with probability 1/2 — independently of the plaintext.

Applied to text

For a plaintext of n bytes and a key of m bytes, the ciphertext is:

cipher[i] = plain[i] ⊕ key[i mod m]    for i = 0, 1, …, n-1

If the key is shorter than the plaintext, it is cyclically repeated.

Example

Plaintext: CIPHE (5 ASCII bytes = 5 × 8 = 40 bits) Key: LOCK (4 bytes, repeated)

Plaintext:   C        I        P        H        E
ASCII    :  0x43     0x49     0x50     0x48     0x45
Binary   :  01000011 01001001 01010000 01001000 01000101

Key      :   L        O        C        K        L
ASCII    :  0x4C     0x4F     0x43     0x4B     0x4C
Binary   :  01001100 01001111 01000011 01001011 01001100

XOR      :  00001111 00000110 00010011 00000011 00001001
Hex      :  0x0F     0x06     0x13     0x03     0x09

Ciphertext (hex): 0F 06 13 03 09 — completely illegible by eye, yet a single operation reconstructs it.

Strengths and weaknesses

Strengths

• Maximum speed — one CPU instruction (XOR reg1, reg2) per byte.
• Lossless: involutive, exactly reversible.
• Provably perfect with a truly random key of the same length as the message (One-Time Pad): absolute security proven by Shannon in 1949.

Weaknesses

• With a short, repeating key, the cipher is trivially breakable:
  1. Guess the key length m (coincidences, Kasiski examination, Friedman index).
  2. Split the ciphertext into m sub-sequences taken every m positions.
  3. Each sub-sequence is then encrypted with a single key byte, reducible to a byte-wise Vigenère or byte-level frequency analysis.
• Key reuse: two plaintexts P1 and P2 encrypted under the same key K yield C1 ⊕ C2 = P1 ⊕ P2 — the key cancels out, and the attacker recovers the XOR of two plaintexts, exploitable through cribs.
• No authentication: an attacker can predictably modify the plaintext: flipping a bit of the ciphertext flips the same bit of the plaintext, with no detection.

XOR in modern cryptography

• One-Time Pad (Vernam, 1917) — XOR with a truly random key, used exactly once, at least as long as the message. Proven unbreakable by Shannon.
• Modern stream ciphers (RC4, ChaCha20, Salsa20) — generate a pseudo-random bit stream from a short key, then XOR with the plaintext.
• AES in CTR mode — generates a stream via counter encryption, then XORs with the plaintext at the end.
• Side-channel masking — XOR between sensitive data and noise to defeat side-channel attacks.

Classical attack toolkit

• Index of coincidence — detects the key length of a cyclic XOR cipher.
• Known cribs — if a plaintext fragment is known (HTTP/1.1, <html>…), the matching key bytes can be extracted directly.
• Byte-wise frequency analysis — once the ciphertext is split into key-aligned columns, each column is a monoalphabetic Vigenère.

In CipherChronicle

The XOR cipher is the conceptual bridge between classical and modern cryptography. Companion grids can introduce bitwise manipulation (in hex), then slide towards the One-Time Pad — which is exactly the same operation, but with a random, disposable key.