LOGBOOK

HELP

Quiz Entry - updated: 2026.07.14

What is the difference between information-theoretic security and computational security?

Information-theoretic (perfect) security holds even against adversaries with unlimited computing power. Computational security only holds against resource-bounded adversaries.

Information-Theoretic Computational
Attacker resources Unlimited (infinite time, memory, processing) Bounded (very large, but finite)
Also called Perfect security Practical security
Example One-Time Pad (OTP) AES-256, RSA
Can it be broken in theory? No — even with infinite resources Yes — given enough time, but impractical

The two security questions:

  1. What information does the attacker have? (Kerckhoff: everything except the key, plus potentially more)
  2. What computing resources does the attacker have? (Unbounded → perfect security; bounded → computational security)

Fun fact: With "outrageous resources" (all energy from the sun for all time, entire Earth as a hard disk), you could brute-force a key space of about 157 bits. This is the physical limit of brute force in our universe.

Go deeper:

From Quiz: KRYPTOG / Cryptanalysis | Updated: Jul 14, 2026