Integrity with One-Time Pads It seems clear to me most historical uses of one-time pads have assumed a reasonably reliable medium and also relied upon human interpretation. An agent could compensate for small errors, or determine meaninglessness resulting from interference. A computer requires a well-defined algorithm for this. True message integrity requires sending multiple copies; anything else is an approximation. Sending multiple copies is equivalent to sending a single larger message which contains them; since this can only increase certainty as it increases the copies, it's obvious no perfect solution seems to exist. One solution is attempting to reduce the size of the copy to but a summary to check against. Use of cryptographic hash checksum functions is common for it. Unfortunately, this only works in practice. I loathe the idea of using a complicated and poorly-understood mechanism with one-time pads; another reason for my dislike is how it can't reasonably be done by-hand, whereas one-time pad decoding can. Sending multiple copies of a message is vulnerable to identical tampering of each copy, however. As bits, the likelihood of toggling a lone bit identically across copies is low, but not extremely; the idea I'd was scrambling the copies and comparing the counts of distinct units. My first thought was this scrambling should be random, but I find it most important units not share indentical positions. I've no rigorous proof, but don't believe a random scrambling for those copies be necessary, or even necessarily desirable. That one-time pad already obscures. A simple algorithm is drawing positions from a bag, while ensuring no unit takes an indentical position, and then using these substitutions. Consider sending the output of a video recorder using such a system, with every pixel being black or white, for simplicity. When considered as a message of bits, I realized no additional protection is provided against tampering; the image could instead be divided into blocks, or individual scanlines; it's unlikely any individual unit will be identical, and the count of units is small compared to the possibilities. Units can thus be compared between message copies as a reasonable tamper protection. A disadvantage of this scheme is it can't be applied as mindlessly as the one-time pad. It benefits from an analysis that converts the message to a large domain used sparsely. Additional schemes such as also mirroring or otherwise scrambling the individual units increase certainty, and are required. Shifting the copies with a variable-length padding is a simple solution which is likely also better. Another disadvantage of this scheme is requiring more intelligence of the sender, but this is minor. I've noticed it's needed to confuse each scrambled copy of the first message, because otherwise it's very easy to flip all bits in one position, across all copies. A unary scrambling function for each unit protects against this. For a message of letters, a function mapping a letter to some other not itself suffices. For the video recorder example, it would suffice to shift all scanlines over some. This arguably removes the need to scramble the copies at all, but I believe it wouldn't hurt either. This scheme can't protect against an enemy flipping all bits of the message, but this is also simple to correct, and the polarity can be accurately signalled within the message. Lastly, the scheme has partial recovery made simple, as it will likely be easy to determine which units have been tampered.