Shannon Impossibility, Revisited

In this note we revisit the famous result of Shannon [Sha49] stating that any encryption scheme with perfect security against computationally unbounded attackers must have a secret key as long as the message. This result motivated the introduction of modern encryption schemes, which are secure only against a computationally bounded attacker, and allow some small (negligible) advantage to such an attacker. It is a well known folklore that both such relaxations -- limiting the power of the attacker and allowing for some small advantage -- are necessary to overcome Shannon's result. To our surprise, we could not find a clean and well documented proof of this folklore belief. (In fact, two proofs are required, each showing that only one of the two relaxations above is not sufficient.) Most proofs we saw either made some limiting assumptions (e.g., encryption is deterministic), or proved a much more complicated statement (e.g., beating Shannon's bound implies the existence of one-way functions [IL89].)

[1]  Stefan Wolf,et al.  Unconditional Security in Cryptography , 1998, Lectures on Data Security.

[2]  Alexander Vardy,et al.  Semantic Security for the Wiretap Channel , 2012, CRYPTO.

[3]  Russell Impagliazzo,et al.  One-way functions are essential for complexity based cryptography , 1989, 30th Annual Symposium on Foundations of Computer Science.

[4]  Mitsugu Iwamoto,et al.  Security notions for information theoretically secure encryptions , 2011, 2011 IEEE International Symposium on Information Theory Proceedings.

[5]  Silvio Micali,et al.  Probabilistic Encryption , 1984, J. Comput. Syst. Sci..

[6]  Thomas M. Cover,et al.  Elements of Information Theory: Cover/Elements of Information Theory, Second Edition , 2005 .

[7]  Ivan Damgård,et al.  Lectures on Data Security , 2003, Lecture Notes in Computer Science.

[8]  Thomas M. Cover,et al.  Elements of Information Theory , 2005 .

[9]  Claude E. Shannon,et al.  Communication theory of secrecy systems , 1949, Bell Syst. Tech. J..