Can a one-time-pad provide legal immunity - (make data inadmissible) -?

Question

IMPORTANT NOTE: This question is quite niche, I am not sure if this stack is the most relevant place, please inform me if there is a better place for it.

To explain the question: I am asking if, a one-time-pad encryption system (brief explanation here: https://www.youtube.com/watch?v=2_w9l9visH8 ) can make any information encrypted with said system immune to prosecution – in the event that the prosecutors were to find, or believe to have*, the original key/one-time-pad that was actually used.

*The point being, the one-time-pad is not only ‘unbreakable’ - provided the security procedures/rules are kept to (no key re-use, keep key private), but given the maths – given the nature of why it is unbreakable, it is also impossible to actually know/prove beyond all doubt that you ever have the right key.

i.e: Given the nature of a one-time-pad system/its fundamental design, by itself it is impossible to determine whether or not the key is ‘correct/incorrect’. It is simply inputted and, implementing the algorithm/system, an output is given.

Given this, that it is impossible to actually prove the key is ‘correct’, if the authorities/prosecution were to ‘find’ said ‘correct key’, they cannot actually prove that the key is the correct one, therefore they cannot actually prove that the output provided by using said key is actually the original plaintext that was encrypted.

My point being: Though I assume, from previous legal cases around the world regarding infosec, that this would make any ‘evidence’ - obtained by ‘decrypting’ said data with this ‘correct key’ that any prosecution/authorities should obtain – inadmissible as they cannot actually prove said evidence ever existed, I am asking here if this is the case?

Sorry for the lengthy explanation, it is a rather niche question, I shall clarify it with an example for what I intend to actually ask; example: Say the authorities/prosecution obtain what they say is the ‘one-time-pad’ (though of course, as we know there is no irrefutable way to actually prove said claim) Said one-time-pad is then used to produce plaintext which results in incriminating material being discovered.

Is said material considered admissible evidence, given that: With some clever, (though not actually that difficult to perform) maths some geeks could quite happily engineer a ‘one-time-pad’ to produce an output of said incriminating plaintext. Regardless of this, there is no way to actually prove said key is the correct key, and so creates the situation which allows for above abuse.

I realise this may seem a very strange, obscure, niche question, but I find it interesting & I have not been able to find any real (public) history of any case where this has been so.
Before you endeavour to answer, I must add some information: I realise that even if the material is inadmissible, as it may have been created by the prosecution/authorities or otherwise, they could use this material that they believe to be correct/accurate to find other evidence – I realise this and it is not the question. Further to the above, I realise that said material could be so circumstantual a prosecution may argue it evident, i.e. the plaintext produced (with the ‘correct’ key the prosecution provides) contains an image with metadata – nevertheless this is covered under the same circumstance as the above, as of course this could have been engineered. I believe this question to be ‘on-topic’ and important/relevant as I do not believe it has been asked before here on stack-exchange, nor adequately answered/explored elsewhere. I also realise that the likelihood of authorities performing said ‘exploit’ is less likely than other exploits being performed, nevertheless the overarching point is the plaintext cannot ever actually be proved to be the actual plaintext. Anyway, I have already said that – my point here was that regardless if the authorities do not perform such exploit, it is a very real possibility that should material claimed to be plaintext ever be considered evidence, that other parties such as the prosecution (who will most likely have had access to examine/read/copy the hard drive for their own independent examination) would be able to perform such attack. Such attack would not be necessarily complex, though I’m not saying it would be in any means easy (or computationally cheap), I am just saying it is entirely possible, and again the overarching point being it is impossible to prove the key is ever said key.

And yes, I realise that a good prosecution could provide such circumstantual evidence, though in my belief circumstantual, such as: Data y was stored by/accessed by defendant, we can prove this (though not actually prove its the key), we believe this is the key (because of a,b,c,) and hence this is the plaintext of the defendants hard drive, which is therefore incriminating.

MY PRIOR RESEARCH: Of course without the key it is impossible to actually ‘decrypt’ said data (provided no key reuse), I know that authorities/prosecution wouldn’t be able to ‘decrypt’ the hard drive if they didn’t have the key. The point is, again to reiterate, that the very mathematical nature of this predicament further creates/also is the predicament that it is impossible to prove the data produced is actually the ‘original’ plaintext. Hence, given that the authorities cannot actually ‘decrypt’ the data without the key that is used, I would like to know if it is legally valid for them to say that they have done so in any case?

I am asking this as I have researched and have not found any cases that are public, neither in the scenario/principle described, nor have I even found any that actually involve unbreakable ‘one-time-pad’ encryption. I ask this as again, if it were to be legally valid then it would enable anybody to perform some clever calculations to effectively invent incriminating evidence.

https://www.schneier.com/blog/archives/2007/10/uk_police_can_n.html The comments section of this page provides interesting discussion on the topic, of which is scarce generally. The comments seem to support the idea that any one-time-pad encryption scheme properly implemented makes all ‘evidence’ produced from said data inadmissable.

https://ifca.ai/pub/fc97/r4.pdf “In 1995, it was finally divulged that the Rosenbergs, while attempting to use “one-time pad” encryption,infra, were careless in doing so, and didn’t really use a one-time pad after all. This enabled the government to develop evidence that assisted in their conviction.” The above quote from the linked paper also suggests that anything properly encrypted with a one-time-pad scheme is merely data, and that no admissible evidence can be produced.

So yes, a long question, maybe repetitive & lengthy, but I hope you can read through this as it is important to clarify.

A further DISCLAIMER: Please focus on the question, it is already long enough, I don’t wish to write an entire text on the questions I am not asking. As a final clarification, the question above has been asked clearly, however niche you may think it there are valid concerns (as are shared by those in the comments linked). I realise that you could just have the key tortured out of you by a malicious entity, this is not the question nor it is relevant, this is long enough now so I conclude.

Answer 1

As the question mentions, and as the answer by leaustinwile explains in some detail, it is impossible to prove by cryptanalysis that a given decoding of a communication encrypted via a one-time-pad (OTP or pad) is correct. That does not mean that there is no way to prove such a decryption accurate to the satisfaction of a court of law.

If the storage or transmission of the pad is compromised, analysts may have and know that they have the correct text of the pad. If use of this pad results in a valid, plausible clear-text, as opposed to random gibberish, that would be significant corroboration. For while it is true that a false pad can be intentionally created to have any decryption result desired, this would not be plausible unless the users of the OTP knew that their pad was being sought, knew how it was being compromised, and intentionally substituted a fake pad without the investigators discovering this.

If a party to the encryption cooperates and delivers a copy of the actual pad, then it is just a question of the credibility of that witness -- no different really than if such a person had retained a copy of the cleartext before it was encrypted or after it was decrypted.

If the method for generating pads was compromised, and the recovered pads resulted in plausible cleartexts for many messages, that might well be plausible evidence.

In short, if a credible witness or expert claims to have the correct pad, the testimony would probably be admissible, although subject to challenge and rebuttal. There would not be an absolute rule against such evidence, but it would have to meet the same "reasonable doubt" standard (if in a criminal case) or other relevant standard (in a civil case) as any other evidence or testimony.

Answer 2

If it was for a criminal case, the jury would have to decide if they believed the person who claimed he/she cracked the code.

Really, any evidence is interpreted by the jury if it is regarding facts.

1) An issue of fact, not law. A question of fact is resolved by a trier of fact, i.e. a jury or, at a bench trial, a judge, weighing the strength of evidence and credibility of witnesses. Conversely, a question of law is always resolved by a judge. https://www.law.cornell.edu/wex/question_of_fact

Answer 3

Well, in this case, it is interesting to note one fact about the one-time pad. The key and the ciphertext are interchangable and indistinguishable. So rather then thinking about it as encryption, it is better to think of it as spliting in two. If the prosecution finds both pieces and can tie them to you, then they have a good evidence against you. Both parts belonged to you and they give a sensible output, hence you probably wrote it.

This is similar to the prosecution just finding a plaintext file. The file could be edited or created by anyone, but because it is on your computer, it may be used against you, especially if the computer is password protected. In the end, it is up to the jury to decide if you wrote it.

On the other hand, if the prosecution only finds one piece, it is indeed useless as evidence.

Answer 4

That's an interesting question. Because of the way OTPs work, you can supply an carefully selected arbitrary key to get any output you desire. See below for explanation.

XOR is a commutative algorithm. Meaning that:

Now if you supply a K(2) to the same CT you will now get something like:

Meaning that because the selected key directly influences the message decryption at the byte level, you can select a key by computing:

K(2) will now decrypt the original ciphertext into the arbitrarily selected message. So to answer your question, if all properties of the OTP are maintained correctly, it should be inadmissible because there's no way to prove that the K(2) == K(1). Consequentially, there's no way to prove the integrity of the message.