Perfect Secrecy

This article is part of the Quantum Snake Oil Dictionary — a series examining terms used in quantum technology marketing. The series is divided into Red Flag Terms (terms with no established technical meaning that almost always signal hype or fraud) and Misused Terms (legitimate concepts routinely stripped of context in marketing). This entry is a Misused Term.

“Perfect Secrecy”

What the term actually means. Claude Shannon proved in 1949 that a cryptographic system achieves “perfect secrecy” if and only if the ciphertext reveals absolutely no information about the plaintext, regardless of the attacker’s computational power. He also proved the conditions required: the key must be at least as long as the message, chosen uniformly at random, and never reused.

The one-time pad (OTP) is the only known cipher that satisfies these conditions. When used correctly, it is provably unbreakable in the strongest possible sense. This is not an empirical observation or a computational assumption; it is a theorem with a formal mathematical proof.

Shannon also proved the converse: perfect secrecy requires keys at least as long as the message. This means that any system claiming perfect secrecy with shorter keys, reusable keys, or deterministically generated keys is not achieving perfect secrecy. This is not a matter of engineering difficulty or technological progress. It is a mathematical impossibility that no future invention can change.

What the term becomes in marketing. Products periodically appear claiming “perfect secrecy” or “Shannon-grade security” while using keys shorter than the message, reusable key material, or pseudo-random key generation. These claims directly contradict Shannon’s theorem. They are not approximations or trade-offs; they are mathematically false.

Why This Keeps Happening

The one-time pad’s impracticality is the engine that drives these claims. OTP requires as much key material as message data, and the key must be securely distributed and never reused. For anything beyond very low-volume communication, this is operationally prohibitive. The entire history of modern cryptography is essentially the search for practical ciphers that provide security “good enough” without requiring OTP-length keys.

This creates a market opportunity for anyone who claims to have solved the key-length problem while preserving perfect secrecy. The claim is immediately attractive to buyers who understand that perfect secrecy is the theoretical gold standard but do not know that Shannon proved its requirements are inescapable.

Common approaches in these products include using pseudo-random number generators to “stretch” a short key into a longer one (which makes the security computational, not information-theoretic), using key recycling with claimed “entropy refreshing” (which reuses key material and violates the single-use requirement), and using proprietary algorithms that assert novel mathematical properties without peer review (which returns to the fundamental problem of proprietary algorithms discussed throughout this series).

The QKD Connection

QKD enters this picture because it can, in principle, solve the key distribution problem for OTP. If two parties can use QKD to generate and distribute key material as fast as they need to encrypt messages, they can run a genuine one-time pad with genuine perfect secrecy. Some QKD vendors position their systems this way.

The caveat: QKD key generation rates are currently far below the data rates of modern communication systems. A typical commercial QKD system generates key material at kilobits per second over metropolitan distances. Modern data links operate at gigabits per second. The gap between key generation rate and data rate means that in practice, even QKD-equipped systems use the quantum-generated keys to seed conventional symmetric ciphers (AES), not to run a true one-time pad. The result is computationally secure communication with quantum-distributed keys, which is a real and useful thing, but it is not perfect secrecy.

Questions to Ask a Vendor

“Is your key at least as long as the message, and is it used only once?” If the answer to both is yes, the system may genuinely implement a one-time pad. If either answer is no, the system does not achieve perfect secrecy, regardless of what the marketing says. Shannon’s theorem is not negotiable.

“How is the key generated?” True randomness (hardware random number generator, ideally a QRNG) is required. Pseudo-random key generation, however sophisticated, makes the system computationally secure, not information-theoretically secure.

“At what rate can your system generate and distribute key material?” If the key generation rate is lower than the data rate (which it almost certainly is for QKD-based systems), the system is using key material to seed a conventional cipher, not to run a true OTP. This is fine, but it is not perfect secrecy.

The Bottom Line

Perfect secrecy is one of the most precisely defined concepts in all of cryptography. Shannon’s theorem specifies exactly what it requires and proves that those requirements cannot be relaxed. Products claiming perfect secrecy while violating Shannon’s conditions are not offering a new kind of security; they are contradicting a mathematical proof. Ask about the key length, the key reuse policy, and the key generation method. The answers will tell you immediately whether the claim holds.