Quiz Entry - updated: 2026.07.14
What is the difference between information-theoretic security and computational security?
Information-theoretic (perfect) security holds even against adversaries with unlimited computing power. Computational security only holds against resource-bounded adversaries.
| Information-Theoretic | Computational | |
|---|---|---|
| Attacker resources | Unlimited (infinite time, memory, processing) | Bounded (very large, but finite) |
| Also called | Perfect security | Practical security |
| Example | One-Time Pad (OTP) | AES-256, RSA |
| Can it be broken in theory? | No — even with infinite resources | Yes — given enough time, but impractical |
The two security questions:
- What information does the attacker have? (Kerckhoff: everything except the key, plus potentially more)
- What computing resources does the attacker have? (Unbounded → perfect security; bounded → computational security)
Fun fact: With "outrageous resources" (all energy from the sun for all time, entire Earth as a hard disk), you could brute-force a key space of about 157 bits. This is the physical limit of brute force in our universe.
Go deeper:
Information-theoretic security (Wikipedia) — unconditional vs conditional security, formally.
One-time pad (Wikipedia) — the canonical perfectly-secure cipher.