How can I detect that a key has been reused in one-time-pad encryptions?

Question

I have 20 OTP ciphertexts which I know were encrypted with only 19 distinct keys, so 1 key has been reused. Also only two different messages, with the same length, were encrypted.

I know that if I xor two ciphertexts together , if they share the same key, i'll eliminate the key. So I did, with all of them. But now I can't manage to discover which pair is the one who shares the key.

Can someone help me and tell me how to distinguish the pair that shares the key from the others?

Answer 1

XOR the ciphertext together to eliminate the key as you suggest. The result will be two plain texts XOR-ed together.

Now it becomes a matter of detecting a pattern within this data. It is possible to do this by examining the encoding. ASCII letters always have a certain bit pattern, e.g. 'A' is 41 in hexadecimals or 0100 0001 in binary and 'a' is 61 in hexadecimals or 0110 0001. So if XOR'ed together you will get something like 0010 0000. Notice the high number of bits set to zero. Also note that two ASCII encoded letters XOR-ed together will start with two zero valued bits.

Finally, text uses a lot of spaces, which are encoded using the value 20 in hexadecimal or 0010 0000 in binary. When XOR-ed with any letter it will return a different case, but the result will still be a letter. When XOR-ed with itself it will become a 0000 0000 binary value (just like any character encoding XOR-ed with itself).

With enough ciphertexts it is possible to get the plain text and the key; with just 2 ciphertext this is probably not attainable. That's probably the next assignment.

Answer 2

One idea is to eliminate the key as you describe using XOR and then XOR the result with something that one of the plainttexts is likely to contain and examine the output.