XOR encryption attack vector

Question

Lets say the key is a string of length 10, perfectly random.
We use the key to xor a large quantity of perfectly random length 10 strings.
Can the key be recovered if the encrypted strings are compromised?

Answer 1

If two cyphertexts which use the same key are XOR'ed together then all key information is removed, and it is possible to recover information about the plaintexts. If you plaintexts are random, then that will not be much, but some will be recoverable. If the plaintexts are meaningful then a lot more information will be recoverable.

C1 = P1 XOR K

C2 = P2 XOR K

C1 XOR C2 = (P1 XOR K) XOR (P2 XOR K) = P1 XOR P2

That is why the One Time Pad must be a One Time Pad. Using the same random key twice makes it breakable. Google "Venona" for a real life example.

Answer 2

Yes!

The strings might be random but they will still follow some form of character encoding (ascii, utf, ebcdic, etc...) and so only certain bytes will be valid.

An attacker can loop through possible keys discounting the ones that result in plaintext that is not valid ascii(or w/e). This can be done one key-character at a time and so it's not 26^10, but 26*10 (for a 26 character alphabet).

This is an unsafe encryption scheme.

Answer 3

It sounds like a one time pad, except for the fact that you said that the same key would be used for a large quantity of strings. Now the strings would also be perfectly random, but are their content known in unencrypted form?

Answer 4

No.

If the input data are completely random, then applying a completely random key via XOR doesn't produce any meaningful patterns. The result is still random, and no information can be gleaned from randomness.

The reason XOR isn't used as an encryption mechanism is generally known-plaintext attacks, which do not apply against a random corpus.