Quantum Computing for Cybersecurity Professionals

Part 2: The Classical Bit You Don’t Know Yet

(Updated: July 2026)

This is Part 2 of Quantum Computing for Cybersecurity Professionals, an 11-part series that builds quantum computing from the ground up for security and IT professionals who know classical crypto but have no physics background. No lies-to-children, no hype, every claim checkable with arithmetic. Read the full series online or download the free ebook.

Right now, in a hardware security module you will never see, bit number 17 of somebody’s 256-bit master key sits in silicon. No human knows its value. The vendor doesn’t. The administrators who ran the key ceremony don’t. The auditor who signed off on the ceremony certainly doesn’t. And yet you would stake your career on one claim about that bit: it has a value. A definite one. It is a 0 or it is a 1, and your not knowing which changes nothing inside the chip.

This article is about that conviction. The plan is to take the beliefs you already hold about classical bits you haven’t looked at, write them down precisely, and prove the most consequential one. Nothing here is exotic, and everything here is true. If you’ve read Part 1, you know where this is heading; if you haven’t, this part stands on its own. Either way, you will leave holding four beliefs in writing, and I want you to keep the receipt. Part 4 intends to collect.

The classical bit and the numbers in your head

Start with what “256 bits of entropy” actually asserts. It is a claim about attackers, and no claim at all about the key. The key is a fixed string; every bit of it has been definite since the moment the RNG output settled. Entropy measures how little you know, which is why the same key can carry 256 bits of entropy for the outside world and zero for the HSM that holds it.

That observation generalizes into the first belief. To describe a bit you haven’t seen, you write down a pair of numbers: the probability it’s 0 and the probability it’s 1. Sure of a zero: (1, 0). Completely ignorant: (1/2, 1/2), the pair I’ll call a fair coin from here on. The numbers are non-negative and they sum to one, because something has to be true. And the pair lives in your head rather than in the hardware. The admin who watched the RNG log holds (1, 0) about the very same bit you hold (1/2, 1/2) about, and neither of you is wrong. The bit has a value; observers have probabilities.

Belief 1: a classical bit always has a definite value. Probability pairs describe observers, and different observers can hold different pairs about the same bit.

What operations do to your numbers

You rarely leave bits alone, so the second belief covers operations, and it splits cleanly in two.

Deterministic operations move values around without touching your ignorance. NOT a bit you hold at (1/2, 1/2) and you now hold (1/2, 1/2). The labels swapped; your knowledge didn’t. XOR with a constant you know: same story, which is the two-line version of why obfuscation is not encryption, a sentence your team has said in code review at least once.

Randomized operations are the interesting ones. Take the simplest: flip the bit with probability q, leave it alone otherwise. Your new pair is a weighted average of your old one, and the arithmetic box below holds the two lines that say so. What matters in prose is the shape of the rule: without looking at the bit, every operation you can perform turns your pair into an average over where the bit could have gone. Averages of non-negative numbers pile up. Nothing in the rule ever subtracts.

Belief 2: operating on an unseen bit updates your pair by averaging. Contributions add; nothing cancels.

THE ARITHMETIC: Run the update rule yourself.

A pair is $$(p_0, p_1)$$ with $$p_0 + p_1 = 1$$. The operation “flip with probability $$q$$” updates it to:$$p_0′ = (1-q)\,p_0 + q\,p_1 \qquad p_1′ = q\,p_0 + (1-q)\,p_1$$

Set $$q = 1/2$$, the fairest possible randomizer, and start from certainty, $$(1, 0)$$. You get $$p_0′ = (1/2)(1) + (1/2)(0) = 1/2$$: one application takes certainty to the fair coin $$(1/2, 1/2)$$. Apply it again: $$p_0” = (1/2)(1/2) + (1/2)(1/2) = 1/2$$. Still the fair coin. A third pass changes nothing, and neither does a thousandth.

The general version takes two lines. Any operation R acts on your pair by weighting what it does to each definite input: the output is $$p_0 \cdot R(0) + p_1 \cdot R(1)$$. If R turns each definite input into the fair coin, so that $$R(0) = R(1) = (1/2, 1/2)$$, the output is $$(p_0 + p_1)(1/2, 1/2) = (1/2, 1/2)$$ for every possible starting pair. R’s output carries no trace of its input. Feeding R’s output back into R just hands it another pair, and every pair comes out as the fair coin.

One family of operations does manufacture certainty, and it needs ruling out as a loophole. Overwrite the bit with 0 and your pair becomes (1, 0) no matter what it was. Certainty achieved, the boring way: by destroying the input. (Incident responders who arrive after the wipe know this form of certainty well.) An overwrite never turns a definite input into a fair coin, so it never has anything to un-mix. The loophole worth worrying about is different, and it’s next.

Mixing is a one-way street

Suppose a process turns each definite input into a fair coin. By that very fact, its output does not depend on its input; the arithmetic box shows the dependence washing out in one line. So running the process twice buys you nothing. The second run receives a fair coin, ignores it the way it ignores everything, and emits a fair coin. Certainty in, coin out, coin forever after. Could some cleverer randomizing gadget escape this? No. The argument used nothing about the gadget except that both definite inputs come out uniform, and any escape would need a negative number somewhere to cancel a contribution, which probabilities do not offer.

Your profession already pays for this fact in several currencies. Hashing a weak password adds no entropy to it; the ignorance you can extract is capped by the ignorance you put in. Whitening the output of a broken RNG dresses the problem without fixing it, which is why NIST’s SP 800-90B insists on assessing the raw noise source: conditioning functions can spread entropy around, and they cannot create it. Mixing moves ignorance. Only a genuine source makes more of it.

Belief 3: a recordless process that turns each definite input into a fair coin cannot be run again to recover certainty. Averaged-away information stays away.

That word “recordless” is doing real work, and the sharpest readers already have their objection loaded.

FOR THE RECORD: The one-time-pad objection.

XOR a message bit with a uniformly random pad bit and, to any attacker, the result is a perfect fair coin; Shannon’s perfect secrecy, which vendors love to abuse, rests on exactly that. Yet XOR the same pad bit in again and the message returns. Randomization, undone. Doesn’t that contradict Belief 3?

It does not, and the reason is the belief’s most important word. The pad is a record. The XOR never destroyed the message’s information; it moved it into the correlation between ciphertext and pad, and whoever holds the record can steer a second application to run the mixing in reverse. Belief 3 constrains processes that keep no record anywhere: fresh randomness, used once, then gone. Un-mixing is possible exactly when, and only where, the randomness was remembered.

Hold on to that word, recordless. Part 4 exhibits a device that un-mixes with no record in existence, which classical probability flatly forbids, and the same bookkeeping question, who kept a record of what, resurfaces in Part 10 as the reason quantum computers demand such extravagant engineering.

WHERE THIS BREAKS: This model’s scheduled fracture.

For classical bits, it doesn’t break. The picture above is exactly right, the information age is built on it, and you could retire on Beliefs 1 through 4. The reason this series spends a whole part on it is different: every rule here leaned, quietly, on the numbers in your pair being non-negative. Averages of non-negative numbers only fill in; they never cancel out. The next part introduces numbers that describe uncertainty yet can go negative, and Part 4 shows you a real device that those numbers describe and this model cannot. When the crack appears, it will run through the non-negativity you just relied on.

Looking without touching

The last belief covers the act your whole discipline is named for: observation.

Read the bit and your pair jumps to (1, 0) or (0, 1). The bit itself never moves. Nothing about reading disturbs classical information, and nothing about copying does either; a forensic image taken behind a write blocker is bit-perfect, repeatable, and invisible to the disk. The same holds on the wire. A passive tap produces a flawless copy while the endpoints exchange packets in blissful ignorance, which is why lawful intercept works, why harvest now, decrypt later is the patient attacker’s rational strategy, and why your IDS hunts for an interceptor’s side effects: the interception itself emits nothing to find.

Belief 4: reading a classical bit updates your numbers and never the bit. Copying is free, perfect, and silent.

There exists information for which every clause of Belief 4 fails, information that reading changes and that cannot be copied at all. The next part introduces it, and one commercial technology you met in Part 1’s disambiguation sidebar, QKD, sells exactly the difference: on a quantum link, the tap is the disturbance. For today, though, the classical picture stands in full. The bit never notices.

ATTACKER’S-EYE VIEW: Why passive attacks are silent.

Every silent attack in your threat model is silent because of Beliefs 1 through 4. Packet capture and disk imaging work at scale and without a trace because classical information copies perfectly and reads without disturbing (Belief 4). Recorded ciphertext keeps its value indefinitely because the definite plaintext behind it is going nowhere (Belief 1). And the defender’s side of the ledger is written by Belief 3: no computation, however large, un-mixes a properly generated key, so brute force is never a reversal of your mixing, only an enumeration of the attacker’s ignorance.

Which is why real attackers hunt the record instead. Seeds, RNG states, pads, key ceremonies: the places where randomness was remembered. When Debian’s OpenSSL package shipped with a crippled entropy source in 2008, SSH and TLS keys across the internet became enumerable overnight. Nobody un-mixed anything; the mixing had drawn from a pool of a few tens of thousands of possibilities, and attackers simply listed them. The lesson generalizes. Against classical cryptography done right, the paths to certainty run through records and side channels, never through reversing randomness. Hold that map in mind. The information in the next part redraws it.

What to remember

A classical bit always has a definite value; probability pairs like (1/2, 1/2) measure an observer’s ignorance, and different observers can hold different pairs about the same bit. Operations on unseen bits update those pairs by averaging, and averages of non-negative numbers add without ever cancelling. A recordless process that turns definite inputs into fair coins cannot be run again to recover certainty; the one-time pad escapes only because the pad is the record. Reading a classical bit changes your numbers and never the bit, which is why copying is silent and passive attacks are undetectable in principle. All four beliefs are true, provable, and now on the record, and Part 4 will break exactly one of them in front of you.

Next, in Part 3, “Quantum Amplitudes: The One New Rule”: we change a single assumption in everything above. The numbers describing your uncertainty will be allowed to go negative. That one permission, handled honestly, is the entire difference between the machine on your desk and the machine this series is about.

Marin Ivezic

I am the Founder of Applied Quantum (AppliedQuantum.com), a research-driven consulting firm empowering organizations to seize quantum opportunities and proactively defend against quantum threats. A former quantum entrepreneur, I’ve previously served as a Fortune Global 500 CISO, CTO, Big 4 partner, and leader at Accenture and IBM. Throughout my career, I’ve specialized in managing emerging tech risks, building and leading innovation labs focused on quantum security, AI security, and cyber-kinetic risks for global corporations, governments, and defense agencies. I regularly share insights on quantum technologies and emerging-tech cybersecurity at PostQuantum.com.