> Hundreds of Megabytes? That’s a big number to you?

If you only have a hundred MB of data to send… a hundred MB of key is sufficient to use as a one-time pad.

Until digitisation the military literally did encryption over radios using physical pads - everyone carried a big one-time-pad (just a few tens of KB though). It was done as a lookup table rather than an XOR though.

The pad system used by the military predigitisation[0] was a set of keys to input into a keystream generator rather than a strict one time pad style system, except for very specific and limited espionage use cases. And it wouldn't be one time, it'd be on the order of a daily key rotation with key reuse (with maybe a few chosen per day depending on classification level).

[0] I'm assuming we mean computerized here. Old school cipher machines of the type of the ENIGMA and M-209 were arguably digital machines, just base ~26.

> I'm assuming we mean computerized here

No, pre common man-pack digital radios, so as recently as just prior to this century. They used paper one-time pads, with a big list of table indices for substitution. You still get them for use when you have no digital crypto for whatever reason.

That's not quite what I'm seeing, instead that what I believe you're talking about (Morse code over open air with a Diana cipher backed by one time pads) were pretty much exclusively used by special forces in Vietnam. The issues with key distribution inherent in one time pads otherwise got in the way of cross team cooperation too much since each pad would only exist in two places (the spec ops team, and a major base close by, but not a FOB in case it was overrun).

They might have taught that use case to radio operator MOSs, but it wasn't actually deployed in the general case it seems.

> That's not quite what I'm seeing ... it wasn't actually deployed in the general case

I'm was literally trained in the British variant of technique I'm describing. There's a wikipedia article about it, and it's referenced from this cryptography wiki's one-time-pad page. Other countries used similar systems.

https://en.wikipedia.org/wiki/BATCO

https://cryptography.fandom.com/wiki/One-time_pad

So if I'm understanding BATCO correctly, there's an average key reuse by a single sender after 13 messages because of the how the traffic key rotation selects a row? That, combined with the sense I'm getting that the cipher sheets were distributed widely (auth tables imply multiple senders using the same cipher sheet at the same time) seems to imply broad reuse of key rows, making it a pad, but not a one time pad. Do my assumptions filing in the blanks line up?

I'll give it that's it's definitely way better than DRYAD, which is pretty universally not considered a OTP because of the much greater key reuse (like how auth uses the same cipher tables as encrypt, leaking tables). So it boils down to the practical use case on whether it falls into OTP.

Yes entire radio net is moving through the shared pad together - so you when you send you consume a bit of the pad, and when someone sends to you they use the next bit of the pad, then you use the next, etc.

A new row per message means you don't re-use between messages (message is something like a sentence).

Each message should be short enough that you don't re-use (a 22-symbol message is already crazy), and you are not allowed to re-use if that means re-using a target symbol, but yes you might slightly re-use within messages if you're being sloppy.

In reality you don't get through the pad very quickly due to the 'compression' of a dictionary for typical parts of messages.

(This is all public info, not disclosing anything here.)