What is Information-theoretic security?

Information-theoretic security is a cryptosystem whose security derives purely from information theory; the system cannot be broken even if the adversary has unlimited computing power. The cryptosystem is considered cryptanalytically unbreakable if the adversary does not have enough information to break the encryption.

An encryption protocol with information-theoretic security does not depend for its effectiveness on unproven assumptions about computational hardness. Such a protocol is not vulnerable to future developments in computer power such as quantum computing. An example of an information-theoretically secure cryptosystem is the one-time pad. The concept of information-theoretically secure communication was introduced in 1949 by American mathematician Claude Shannon, the inventor of information theory, who used it to prove that the one-time pad system was secure.^[1] Information-theoretically secure cryptosystems have been used for the most sensitive governmental communications, such as diplomatic cables and high-level military communications, because of the great efforts enemy governments expend toward breaking them.

Perfect security is a special case. For an encryption algorithm, if there is ciphertextproduced that uses it, no information about the plaintext is provided without knowledge of the key. If E is a perfectly secure encryption function, for any fixed message m, there must be, for each ciphertext c, at least one key ksuch that ${\displaystyle c=E_{k}(m)}$. It has been proved that any cipher with the perfect secrecy property must use keys with effectively the same requirements as one-time pad keys.^[1]

It is common for a cryptosystem to leak some information but nevertheless maintain its security properties even against an adversary that has unlimited computational resources. Such a cryptosystem would have information theoretic but not perfect security. The exact definition of security would depend on the cryptosystem in question.

There are a variety of cryptographic tasks for which information-theoretic security is a meaningful and useful requirement. A few of these are:

1. Secret sharing schemes such as Shamir's are information-theoretically secure (and also perfectly secure) in that having less than the requisite number of shares of the secret provides no information about the secret.
2. More generally, secure multiparty computation protocols often have information-theoretic security.
3. Private information retrieval with multiple databases can be achieved with information-theoretic privacy for the user's query.
4. Reductions between cryptographic primitives or tasks can often be achieved information-theoretically. Such reductions are important from a theoretical perspective because they establish that primitive ${\displaystyle \Pi }$ can be realized if primitive ${\displaystyle \Pi '}$ can be realized.
5. Symmetric encryption can be constructed under an information-theoretic notion of security called entropic security, which assumes that the adversary knows almost nothing about the message being sent. The goal here is to hide all functions of the plaintext rather than all information about it.
6. Quantum cryptography is largely part of information-theoretic cryptography.