The strongest notion of cryptographic secrecy is known as perfect secrecy or information-theoretic secrecy. A cryptography system has perfect secrecy if the ciphertext gives no information about either the plaintext or the key. This definition is clear qualitatively, but it does require a definition of “information” to make it precise. The notion of perfect secrecy and its method of achievement is in contrast to most notions of secrecy and the methods of its achievement that are discussed in this book. These latter methods are perfectly insecure from the point of view of perfect secrecy, but instead protect the information behind a wall of computational intractability.

The notion of perfect secrecy is due to Shannon, who sought to give a formal and broad foundation for the subject of cryptography. He studied the deep question of when a cryptography system is provably secure. He espoused the principle that perfect secrecy means that the ciphertext gives no information; neither information about the plaintext nor information about the key. To quantify this principle, he referred to his formal definition of the term “information.” The Shannon formulation rests on the methods and terminology of probability theory. This requires that each message x has a prior probability, denoted p(x), of being chosen as the transmitted message. After the ciphertext y is observed by an adversary, the probability that x was the transmitted message is then given by the conditional probability p(x∣y).