Quiz Entry - updated: 2026.07.14
Why does a provably secure cryptosystem not guarantee security in practice? Explain using the light switch analogy.
"An implementation of a theoretically secure cryptosystem need not be secure in practice" — because mathematical proofs don't cover implementation details like side channels, timing, or physical leakage.
The light switch puzzle (Prof. Rolf Oppliger):
- Two rooms: one with 3 light switches (A, B, C), the other with 3 light bulbs (1, 2, 3)
- The wiring between switches and bulbs is unknown
- The adversary can enter each room only once
- Theorist (mathematician): Provably impossible to solve — one visit per room gives insufficient information
- Practitioner (physicist): Turn on switch A for 10 minutes (bulb gets hot), turn it off, turn on switch B, walk to the bulb room. Hot bulb = A, lit bulb = B, cold/dark bulb = C. Solved.
The lesson for cryptography:
- The theoretical proof assumed the adversary could only observe on/off state (the mathematical model)
- The practical adversary observed temperature — a side channel not in the model
- Similarly, a cryptographic proof may guarantee security against mathematical attacks, but the implementation may leak information through power consumption, timing, electromagnetic emissions, or other physical phenomena
This is why implementation attacks are so dangerous: They operate entirely outside the security model that the mathematical proof covers.
Go deeper:
Side-channel attack (Wikipedia) — why a proof's model can miss the real-world leak.