4,188 reads

Why Is XOR the Perfect Cipher?

by Lane WagnerMay 23rd, 2022

Too Long; Didn't Read

XOR is a simple bitwise operation that allows cryptographers to create strong encryption systems. It is the primary operation in the “add round key” step of AES-256(/cryptography/aes-256-cipher/). It is also used in the DES cipher. XOR, or “exclusive or” operates on binary data. It returns true if both of its inputs are opposites (one false and one true), otherwise, it returns false. The XOR cipher isn’t used in production because it is impractical to use keys that are the same length as the message body.

featured image - Why Is XOR the Perfect Cipher?

If you are getting into cryptography, or just trying to understand the fundamentals, you may have noticed that the exclusive-or (XOR) operation is used quite often, especially in ciphers. XOR is a simple bitwise operation that allows cryptographers to create strong encryption systems, and consequently is a fundamental building block of practically all modern ciphers.

Let’s dive into the details and see what makes XOR so important.

What is XOR (⊕)?

XOR, or “exclusive or” operates on binary data. It returns true if both of its inputs are opposites (one false and one true), otherwise, it returns false.

For example, in Go, the code would be something like:

func exclusiveOr(a bool, b bool) bool {
	return a != b
}

XOR Cipher - The Perfect Cipher

It is interesting to note that if:

The key is the same size as the message
The key is kept secret and generated truly randomly

Then the XOR cipher is certainly impossible to crack. This is known as a one-time pad. However, a simple XOR shouldn’t be used in production due to the key length needing to be too long to be practical.

Cipher Example

For instance, let’s simply encrypt the word “hi” by following these steps:

First, convert “hi” to binary, here is a free tool

01101000 01101001

Next, create a random secret key that has the same length:

01010010 01000101

Then, create an encrypted message by XOR’ing the message and the key:

01101000 01101001 (“hi”) XOR 01010010 01000101 (secret key)

00111010 00101100 (encrypted message)

Finally, decrypt the message by XOR’ing the key with the encrypted message again:

00111010 00101100 (encrypted message) XOR 01010010 01000101 (secret key)

01101000 01101001 (“hi”)

How does it work?

XOR works as a cipher because it is its own inverse.

𝑎 = (𝑎 ⊕ 𝑏) ⊕ 𝑏

And, as we demonstrated in our example:

encrypted = message ⊕ key and message = encrypted ⊕ key

Is XOR used in production ciphers?

The simple XOR cipher isn’t used in production because it is impractical to use keys that are the same length as the message body. However, the XOR is still extremely useful. In fact, it is used in almost all symmetric encryption algorithms.

XOR is the primary operation in the “add round key” step of AES-256. It is also used in the DES cipher.

Also published here.