Shannon Impossibility, Revisited

  • Yevgeniy Dodis
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 7412)


In this note we revisit the famous result of Shannon [Sha49] stating that any encryption scheme with perfect security against computationally unbounded attackers must have a secret key as long as the message. This result motivated the introduction of modern encryption schemes, which are secure only against a computationally bounded attacker, and allow some small (negligible) advantage to such an attacker. It is a well known folklore that both such relaxations — limiting the power of the attacker and allowing for some small advantage — are necessary to overcome Shannon’s result. To our surprise, we could not find a clean and well documented proof of this folklore belief. (In fact, two proofs are required, each showing that only one of the two relaxations above is not sufficient.) Most proofs we saw either made some limiting assumptions (e.g., encryption is deterministic), or proved a much more complicated statement (e.g., beating Shannon’s bound implies the existence of one-way functions [IL89].)


Mutual Information Encryption Scheme Shannon Entropy Message Space Conditional Mutual Information 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. [BTV12]
    Bellare, M., Tessaro, S., Vardy, A.: Semantic Security for the Wiretap Channel. In: Safavi-Naini, R. (ed.) CRYPTO 2012. LNCS, vol. 7417, pp. 294–311. Springer, Heidelberg (2012); Earlier version available at Cryptology ePrint Archive: Report 2012/015Google Scholar
  2. [CT06]
    Cover, T.M., Thomas, J.A.: Elements of information theory, 2nd edn. Wiley (2006)Google Scholar
  3. [GM84]
    Goldwasser, S., Micali, S.: Probabilistic encryption. In: JCSS, vol. 28(2), pp. 270–299 (1984)Google Scholar
  4. [IL89]
    Impagliazzo, R., Luby, M.: One-way Functions are Essential for Complexity Based Cryptography. In: FOCS 1989, pp. 230–235 (1989)Google Scholar
  5. [IO11]
    Iwamoto, M., Ohta, K.: Security Notions for Information Theoretically Secure Encryptions. In: ISIT 2011 (2011),
  6. [Sha49]
    Shannon, C.: Communication Theory of Secrecy systems. Bell Systems Technical J. 28, 656–715 (1949); Note: The material in this paper appeared originally in a confidential report ‘A Mathematical Theory of Cryptography’, which has now been declassified (September 1, 1945)MathSciNetzbMATHGoogle Scholar
  7. [Wol98]
    Wolf, S.: Unconditional Security in Cryptography. In: Damgård, I. (ed.) EEF School 1998. LNCS, vol. 1561, pp. 217–250. Springer, Heidelberg (1999)CrossRefGoogle Scholar

Copyright information

© Springer-Verlag Berlin Heidelberg 2012

Authors and Affiliations

  • Yevgeniy Dodis
    • 1
  1. 1.New York UniversityUSA

Personalised recommendations