Shannon's definition of perfect secrecy requires that a ciphertext reveals absolutely nothing about the plaintext — formally, the posterior distribution over plaintexts given the ciphertext equals the prior. The one-time pad (XOR with a truly random key as long as the message) achieves this, but Shannon proved any perfectly secret scheme requires keys at least as long as messages. This impossibility result motivates computational security: since information-theoretic perfection demands impractical key lengths, modern cryptography settles for security against computationally bounded adversaries.
After studying classical ciphers and their failures, a natural question arises: is it possible to build a cipher that is provably unbreakable, not just "hard to break with known techniques"? Claude Shannon answered this definitively in 1949. He defined perfect secrecy: an encryption scheme has perfect secrecy if, for every plaintext distribution, the ciphertext is statistically independent of the plaintext. Formally, Pr[M = m | C = c] = Pr[M = m] for all messages m and ciphertexts c. Observing the ciphertext gives the adversary zero additional information about which message was sent — no matter how much computational power they have.
The one-time pad achieves perfect secrecy. To encrypt a message, XOR each bit with the corresponding bit of a truly random key that is at least as long as the message and never reused. To decrypt, XOR the ciphertext with the same key. For any ciphertext c and any plaintext m of the same length, there exists exactly one key k = m XOR c that maps m to c. If the key is uniformly random, every plaintext is equally likely to have produced any given ciphertext. The scheme is simple, elegant, and provably unbreakable — but it has a devastating practical limitation.
Shannon proved that perfect secrecy requires the key to be at least as long as the message. The proof is clean: if the key space is smaller than the message space, then for some ciphertext c, the set of plaintexts reachable by decrypting c with all possible keys does not cover the full message space. Any plaintext outside this set has posterior probability zero — the adversary knows it was not sent, violating perfect secrecy. This means that to send a 1 GB file with perfect secrecy, you need a 1 GB key that was securely shared in advance and will never be reused. The key distribution problem is at least as hard as the original message delivery problem, making the one-time pad impractical for most applications.
This impossibility result is the intellectual foundation for all of modern cryptography. Since unconditional security demands impractical key lengths, the field pivots to computational security: schemes where breaking the encryption is not information-theoretically impossible but is computationally infeasible for any adversary running in reasonable (polynomial) time. A 256-bit AES key can encrypt terabytes of data not because it achieves perfect secrecy — Shannon's theorem says it cannot — but because no known efficient algorithm can distinguish AES output from random noise. The tradeoff is explicit: weaker theoretical guarantee (security against bounded adversaries rather than all adversaries) in exchange for practical key sizes. Every modern cipher lives in this tradeoff space, and understanding why perfect secrecy forces it is essential to understanding why computational assumptions pervade cryptographic design.