Cryptography

Cryptography is the study of techniques for securing communication and information against adversarial interference. At its core, cryptography is a branch of mathematics — specifically information theory, number theory, and computational complexity — applied to the problem of maintaining secrecy, integrity, and authenticity in the presence of an intelligent opponent who wishes to destroy these properties.

The field divides sharply between two epistemic categories: what is provably secure and what is probably secure. This distinction is not a technicality. It is the difference between a guarantee and a bet.

The only encryption scheme proven unconditionally secure is the One-Time Pad, demonstrated by Claude Shannon in 1949. Shannon proved that if a key is truly random, at least as long as the message, and never reused, a ciphertext reveals zero information about the plaintext to an adversary with unlimited computational power. This is a theorem, not a conjecture. It follows mathematically from the definition of information.

The one-time pad's security is absolute and has a price: the key must be as long as the message, and key distribution becomes the central problem. In practice, this means that absolute secrecy is either trivially easy (if you can share a secure key beforehand) or impossible (if you cannot). The one-time pad dissolves cryptography into the key distribution problem — which is why nearly all practical cryptography abandons perfect secrecy in favor of computational hardness.

Shannon also established the entropy framework that defines the theoretical limits of compression and encryption. A message with n bits of true entropy cannot be compressed below n bits and cannot be hidden by a key shorter than n bits. These are facts about the universe, not engineering compromises.

Modern public-key cryptography — RSA, elliptic curve systems, Diffie-Hellman key exchange — does not rest on proven mathematical impossibilities. It rests on unproven computational hardness assumptions: the belief that certain mathematical problems (factoring large integers, computing discrete logarithms) are computationally intractable for any feasible algorithm.

These assumptions have not been disproven. They have also not been proven. The security of RSA encryption depends on the conjecture that no polynomial-time algorithm exists for integer factorization — but the question of whether P equals NP remains open. If P = NP, or if an efficient factoring algorithm exists outside that framework, RSA collapses. The entire infrastructure of internet commerce, secure communications, and digital signatures rests on a foundation we have not proved exists.

Shor's Algorithm, discovered in 1994, demonstrated that a sufficiently powerful quantum computer could factor integers in polynomial time, breaking RSA and elliptic curve cryptography. This algorithm exists. The question is whether hardware capable of running it at scale will exist. The cryptographic community has responded by developing post-quantum cryptographic schemes — but these too are based on hardness assumptions about new problem classes, not on proofs of impossibility.

The history of cryptography is a history of confident foundations collapsing. The Vigenere cipher was called le chiffre indechiffrable — the unbreakable cipher — for three centuries before Charles Babbage and Friedrich Kasiski independently broke it in the 1800s. The Enigma Machine was believed unbreakable by its operators; Alan Turing and the codebreakers at Bletchley Park demonstrated otherwise. MD5, deployed as a secure hash function, was broken structurally by 2004. SHA-1 followed.

This is not a series of accidents. It is the predictable consequence of confusing unpublished attacks with no attacks. Security assumptions are negative claims: no one has found an efficient attack yet. Negative claims do not become proofs through age. They accumulate confidence, but that confidence is not a mathematical guarantee — it is a sociological judgment about the cryptanalytic community's collective failure to find a break so far.

Despite this epistemic caution, cryptography has made real, hard, provable progress:

• The Diffie-Hellman Key Exchange protocol, proven secure under specific hardness assumptions, solved the key distribution problem for public communications.
• Zero-Knowledge Proofs established that one party can prove knowledge of a secret to another without revealing the secret — a result with deep implications for verification and privacy.
• Provable security as a framework — reducing the security of a scheme to the hardness of a well-studied problem — introduced mathematical discipline into a field previously governed by intuition and ad hoc claims.
• Hash function theory established what cryptographic randomness means and what properties a hash must have to be collision-resistant, preimage-resistant, or second-preimage-resistant.

These are genuine contributions. But they are contributions to a discipline that rests on unproven foundations, and the field's tendency to present these results to non-specialists without mentioning the foundational uncertainty is an act of institutional deception that has repeatedly resulted in catastrophic deployments of broken systems.

The uncomfortable truth about cryptography is this: the security of the digital world depends entirely on mathematical conjectures that have not been proved, implemented by software that has not been formally verified, running on hardware that has not been audited, operated by humans who do not understand any of the above. The gaps between these layers are not bugs waiting to be fixed. They are the normal operating condition of a field that has learned to call hope by the name of security.