Information-theoretic security provides secrecy guarantees that hold against adversaries with unlimited computational power, unlike computational security (which assumes hard problems remain hard). Shannon proved that perfect secrecy — I(M; C) = 0, where M is the message and C is the ciphertext — requires the key to be at least as long as the message (the one-time pad achieves this bound). Wyner's wiretap channel extends this to noisy channels: when the eavesdropper has a degraded channel compared to the legitimate receiver, positive secrecy rates are achievable without any shared key. Information-theoretic security is unconditional — it cannot be broken by future algorithmic advances, quantum computers, or increased computing power.
Most modern cryptography is computationally secure: AES, RSA, and elliptic curve cryptography rely on the assumption that certain problems (factoring, discrete logarithm) are computationally hard. If someone proved P = NP or built a sufficiently powerful quantum computer, these systems would break. Information-theoretic security eliminates this risk entirely by proving that the ciphertext contains zero information about the message, regardless of the adversary's capabilities.
Shannon formalized this in 1949. Perfect secrecy means I(M; C) = 0: the ciphertext C is statistically independent of the message M. Observing C does not change the adversary's beliefs about M at all — not even by one bit. Shannon proved that this requires H(K) >= H(M): the key must have at least as much entropy as the message. The one-time pad achieves this bound: C = M XOR K, where K is a uniformly random key the same length as M. Each ciphertext is equally likely under any message, providing perfect secrecy. But the key can never be reused (reuse leaks information via C_1 XOR C_2 = M_1 XOR M_2), making key management the central challenge.
Wyner's wiretap channel (1975) showed that physical-layer noise can provide secrecy without any key. If the sender communicates over a noisy channel to a legitimate receiver, and an eavesdropper observes a degraded version, the sender can encode messages so that the eavesdropper learns nothing while the legitimate receiver decodes correctly. The secrecy capacity C_s is the difference between the main channel capacity and the eavesdropper's channel capacity. The coding scheme uses stochastic encoding: the sender adds deliberate randomness that creates confusion for the eavesdropper but can be resolved by the legitimate receiver.
The modern relevance of information-theoretic security is growing. Quantum key distribution (QKD) provides information-theoretically secure key exchange using quantum physics. Physical-layer security extends the wiretap channel to practical wireless scenarios (fading, MIMO, cooperative jamming). Secret sharing and secure multi-party computation use information-theoretic tools to distribute secrets and compute functions without revealing private inputs. As quantum computing threatens computational security assumptions, unconditional security guarantees become increasingly valuable for applications where long-term secrecy is required — government communications, medical records, financial data with decades-long sensitivity.
No topics depend on this one yet.