Unconditionally Secure

This article is part of the Quantum Snake Oil Dictionary — a series examining terms used in quantum technology marketing. The series is divided into Red Flag Terms (terms with no established technical meaning that almost always signal hype or fraud) and Misused Terms (legitimate concepts routinely stripped of context in marketing). This entry is a Misused Term.

“Unconditionally Secure”

What the term actually means. In information theory and cryptography, “unconditionally secure” (also called “information-theoretically secure”) means that a system’s security does not depend on any assumption about the computational power of the adversary. Even an attacker with unlimited computing resources, classical or quantum, cannot break the system.

This is a real and important category. The one-time pad is unconditionally secure: Shannon proved in 1949 that if the key is truly random, at least as long as the message, and used only once, no amount of computation can recover the plaintext from the ciphertext. QKD protocols like BB84 and E91 provide unconditionally secure key distribution, in the sense that their security follows from the laws of quantum mechanics rather than from the assumed difficulty of a mathematical problem.

By contrast, AES, RSA, and the NIST post-quantum algorithms are “computationally secure,” meaning their security depends on the assumption that certain mathematical problems are too hard to solve efficiently. This is a weaker guarantee in theory, though in practice AES-256 is not going to be brute-forced by anyone.

What the term becomes in marketing. A vendor says their product provides “unconditionally secure communication.” The listener hears: “this product is absolutely secure under all circumstances.” That is not what the term means, and the gap between the technical definition and the marketing interpretation is where the danger lies.

The Assumptions That Marketing Strips Away

Every “unconditionally secure” result in cryptography comes with qualifying assumptions. When these assumptions are removed from the marketing claim, the claim becomes something the physics never supported.

For the one-time pad: the key must be truly random, at least as long as the message, never reused, and securely distributed. Violate any one of these conditions and the unconditional security guarantee vanishes. Products claiming “unconditional security” based on OTP principles while using short, reusable, or pseudo-random keys are claiming a guarantee their system does not provide. Shannon’s proof is iron, but it applies only when its conditions are met exactly.

For QKD: the unconditional security proof applies to the idealized protocol with perfect hardware. As documented in the Unhackable Quantum Encryption entry, real QKD hardware has been attacked successfully through side channels (detector blinding, Trojan horse attacks, time-shift attacks) that exist in the gap between the idealized model and the physical device. The protocol is unconditionally secure; the implementation running on real hardware in a real environment with real adversaries is conditionally secure, with the conditions being that the hardware matches the theoretical model closely enough.

For both: the authenticated classical channel required by QKD must itself be secured, typically using pre-shared secrets or post-quantum digital signatures. The security of this channel does depend on computational assumptions. Unconditional security of one component does not make the entire system unconditionally secure.

The Practical Consequence

When a CISO hears “unconditionally secure” without these qualifications, they may make procurement decisions based on a guarantee that does not apply to the deployed system. They may underinvest in side-channel testing, hardware validation, and redundant security layers because they believe the physics makes these unnecessary. They may not plan for the possibility that a vulnerability in the implementation (not the protocol) could compromise the system.

This is the opposite of what good security practice demands. Every security system, including QKD, should be deployed with defense in depth, ongoing monitoring, and the assumption that vulnerabilities exist and will be found.

Questions to Ask a Vendor

“Unconditionally secure under which assumptions?” This is the question the marketing is designed to make unnecessary. Ask it anyway. The answer should include a description of the threat model, the hardware assumptions, and the conditions under which the security guarantee holds.

“How does your implementation address the gap between the idealized protocol and the physical hardware?” A vendor who has thought seriously about this will describe their countermeasures against known side-channel attacks and their hardware validation process. A vendor who has not will restate the theoretical result without addressing the implementation.

“Is the entire communication system unconditionally secure, or just the key distribution component?” QKD provides unconditionally secure key distribution. The symmetric encryption that uses those keys (typically AES) is computationally secure. The authentication of the classical channel is computationally secure. The total system security is bounded by its weakest component, not its strongest.

The Bottom Line

“Unconditionally secure” is a real and valuable concept in cryptography. It describes a specific, well-defined category of security guarantee. The problem is not the term; it is what happens when the qualifying assumptions are left out of the marketing brochure. A system that is unconditionally secure under specific conditions is not unconditionally secure in general, and a buyer who does not understand the conditions is a buyer who has been misled.