Is the One-Time Pad the Only System Providing Shannon’s Perfect Secrecy?

First, let us start with the requirements (paragraph 1 & 2) and the "why" (paragraph 3). The motivation and goals of the system are outlined in paragraph 4 below.

Two parties share a single, randomly generated permutation of the hexadecimal alphabet {0,…,F}. This permutation is created once, exchanged securely, and must remain secret. This requirement is fundamental and cannot be relaxed. While the shared secret may be replaced, any replacement must be exchanged under the same strict conditions.

The shared permutation serves as an invariant root secret. It is not consumed or altered during operation, but is used to encrypt a per message PIN selected by the sender; upon receipt, this PIN is re-interpreted according to the positions defined by the shared permutation, thereby determining the message-specific transformation applied in the encryption process, while revealing no usable information in the absence of the shared permutation.

Our interest is in exploring whether One-Time-Pad equivalent behavior, specifically non-repetition and information theoretic opacity to an external observer can be achieved using primitives other than a linearly consumed random keystream. A shared permutation of {0,…,F} has an entropy of log2(16!), approximately 45.25 bits.

The role of the shared permutation in our system is frequently misunderstood. It is not intended to function as consumed key material in the Shannon sense. Instead, each permutation defines a distinct effective alphabet. While the physical symbol set remains {0,…,F}, a change in permutation induces a different bijective mapping between symbols and their operational meaning. From the perspective of an external observer, successive encryptions therefore operate over different alphabets, despite using the same symbols.

In this construction, the ciphertext represents a variable position, not a value. Recovering the plaintext therefore requires identifying the exact position and the correct positional context rather than evaluating an algebraic expression.

An external observer faces three independent uncertainties. First, the selection of the correct permutation (one choice out of more than 20 trillion possible permutations of the hexadecimal alphabet). Second, the resolution of each variable ciphertext symbol across two different permutations. Third, the independent uncertainties, one of which arises from the unknown position of the transposed character, which may originate from any of the 16 positions. This is not a problem of mathematical inversion but one of combinatorial search. Without knowledge of the shared permutation and traversal state, no analytic shortcut exists; exhaustive enumeration is the only available strategy.

We therefore pose the following question to readers. Assume an external party selects two unknown permutations from the more than 20 trillion possible permutations of the hexadecimal alphabet. A single ciphertext character is a variable index that simultaneously encodes two transposed characters, point S in the first permutation and point E in the second permutation. How, in your view, can this be solved without prior knowledge of the shared permutation and traversal state, given that only a single index refers to both points? If a solution is proposed, the assumptions it relies on should be stated explicitly.

The title we have chosen is not accidental. It reflects the historical causality encountered while searching for an answer, leading back to the One-Time Pad, not causality in the sense of mechanism, but in the sense of why. To illustrate the construction, we now give an example by encrypting the text “HELLO ” (including the space character), represented as hexadecimal symbols: H (48), E (45), L (4C), L (4C), O (4F), space (20).

In the followig example, the starting point (Point S) is determined by the sender-selected PIN, which identifies a position within the shared permutation rather than a symbol value.

Example:

The arithmetic notation shown here is used solely to illustrate the positional relationship between points within a permutation and the interval code; no numerical computation is performed during encryption, which consists only of table lookups and permutation traversal.

The six ciphertext symbols shown above need not correspond to a plaintext of fixed or even bounded length. Depending on the permutation in use and the number of transformation cycles applied, the same ciphertext may result from one loop, multiple loops, or a longer sequence of symbol interactions.

For an external observer, this introduces an additional uncertainty beyond symbol identity and mapping. The number of transformation cycles that produced the ciphertext is itself unknown. No finite upper bound on the original plaintext length can be inferred from the ciphertext alone.

Consequently, any decryption attempt that assumes an upper bound greater than one yields multiple, equally consistent reconstructions. Varying the assumed number of cycles produces different plaintext candidates, all compatible with the observed ciphertext.

How can an adversary justify any assumed upper bound on the original plaintext when the number of transformation cycles is not observable from the ciphertext? If such a bound is proposed, the assumptions it relies on, including the direction and extent of permutation traversal, should be stated explicitly.

Historically, cryptography has often been viewed as a costly necessity. However, it need not be regarded this way, as it can serve purposes beyond mere protection.