The practical implementation of information-theoretic security has historically been limited by key management challenges. One-time pads require:

• Keys as long as the messages being encrypted
• Truly random key generation
• Secure key distribution
• Strict one-time use of each key portion

These requirements made OTP impractical for most applications, relegating it to high-security government and military communications where the operational overhead could be justified.

Secret sharing schemes, introduced by Shamir and Blakley in 1979, provided another approach to information-theoretic security. These schemes split a secret into multiple shares such that a threshold number of shares is required to reconstruct the secret, with fewer shares providing zero information about the secret. This enabled distributed key management with information-theoretic guarantees.

KERI's Approach

KERI leverages information-theoretic security principles at the foundational level of its architecture, specifically in establishing the primary root-of-trust for autonomic identifiers. The entropy used for creating the private keys that control an AID must meet information-theoretic security standards to ensure the system's overall security guarantees hold.

Cryptographic Strength Standard

KERI adopts 128 bits of entropy as the practical standard for information-theoretic security. This provides 2^128 possible keys—a number so astronomically large that brute force attacks become physically impossible within any reasonable timeframe. As documented in the source materials, even with 1 million supercomputers each performing 1 quadrillion (10^15) trials per second, exhausting the 128-bit keyspace would require approximately 8.6 billion years.

This 128-bit standard applies to:

• Seeds: The initial entropy used to generate key pairs through hierarchically deterministic algorithms
• Salts: Random data used in cryptographic operations to prevent rainbow table attacks
• Private keys: The secret components of asymmetric key pairs that control AIDs

Pre-Rotation and Information-Theoretic Protection

KERI's revolutionary pre-rotation mechanism provides information-theoretic security for key rotation operations. In traditional key management systems, rotation authority resides in currently exposed keys, creating vulnerability if those keys are compromised. KERI solves this through:

Cryptographic hiding of pre-rotated keys: Each establishment event includes a cryptographic digest (commitment) to the next set of rotation keys, but these keys themselves remain unexposed and stored securely offline. An attacker who compromises current signing keys gains no information about the pre-rotated keys beyond their digest.

One-time use property: Pre-rotated keys are used exactly once—to sign the next rotation event. This minimizes the exposure window and ensures that even if a key is compromised during its brief exposure, it cannot be used to affect future rotations since the next pre-rotation commitment was already made.

Post-quantum resistance: Because pre-rotated keys are cryptographically hidden (only their digest is public), they provide protection against future quantum computing attacks. Even if quantum computers can break the current signing keys, they cannot determine the pre-rotated keys from their digests, maintaining the integrity of the rotation chain.

Seed Generation and Recovery

KERI's approach to seed management emphasizes achieving information-theoretic security while addressing practical usability challenges. The SeedQuest concept (introduced in related work) demonstrates how high-entropy seeds can be generated and recovered through gamified mnemonic systems that leverage human cognitive abilities for spatial-temporal-visual-auditory memory.

The system achieves 128-bit entropy through:

• Structured randomness: Game-based generation that produces cryptographically strong entropy while being memorable
• Elaborative encoding: Leveraging human memory's strength with dramatic, interesting experiences rather than random character strings
• Hybrid recovery methods: Combining mnemonic techniques with optional physical or secret-sharing backups

XORA: XOR-Based Accumulator

The XORA (Exclusive Or Accumulator) design demonstrates KERI's commitment to information-theoretic security in credential privacy mechanisms. XORA uses the mathematical properties of XOR operations to create accumulators with perfect security properties:

XOR as information-theoretic operation: When a message is XORed with a truly random key of equal length, the result is perfectly secure—the ciphertext provides zero information about either the message or the key. This is the same principle underlying one-time pads.

Blinding for selective disclosure: XORA enables selective disclosure in ACDCs by using XOR-based blinding of attribute values. Each selectively disclosable attribute is blinded with a high-entropy random value, and the blinded result is included in the credential's cryptographic commitment. Later disclosure reveals both the original value and the blinding factor, allowing verification while maintaining information-theoretic privacy for undisclosed attributes.

Quantum-resistant privacy: Because XOR-based blinding with sufficient entropy provides information-theoretic security, the privacy guarantees remain valid even against quantum adversaries. No amount of quantum computing power can extract information about blinded attributes without the blinding factors.

Practical Implications

Security Guarantees

Information-theoretic security provides the strongest possible security guarantees for KERI's foundational layer:

Future-proof protection: Security does not depend on assumptions about computational hardness that might be invalidated by algorithmic advances or quantum computing. The security is mathematically provable and permanent.

Verifiable security: Unlike computational security where "secure" means "we believe it's hard to break," information-theoretic security means "it is mathematically proven impossible to break without the key."

Simplified security analysis: Security proofs for information-theoretically secure systems are often simpler and more rigorous than those for computationally secure systems, as they don't require assumptions about adversary capabilities beyond information-theoretic limits.

Implementation Requirements

Achieving information-theoretic security in practice requires careful attention to:

Entropy sources: The system must use cryptographically strong pseudo-random number generators (CSPRNGs) or true random number generators to ensure sufficient entropy. Weak entropy sources undermine information-theoretic security guarantees.

Key management: Private keys and seeds must be protected with security measures commensurate with their information-theoretic strength. This typically means:

• Hardware security modules (HSMs) for high-value keys
• Trusted execution environments (TEEs) for secure key operations
• Air-gapped storage for pre-rotated keys
• Multi-party computation for distributed key management

Operational security: Information-theoretic security of keys is meaningless if operational security is weak. Side-channel attacks, social engineering, and physical security breaches can compromise keys regardless of their cryptographic strength.

Trade-offs and Considerations

Performance: Information-theoretically secure operations (like one-time pads) can be computationally efficient, but key management overhead may be significant. KERI balances this by using information-theoretic security for foundational elements (seeds, pre-rotated keys) while using efficient computational cryptography for routine operations.

Usability: High-entropy seeds are difficult for humans to remember and manage. KERI addresses this through:

• Hierarchically deterministic key derivation (generate many keys from one seed)
• Mnemonic encoding systems (SeedQuest)
• Hybrid recovery mechanisms (combining multiple approaches)

Key size requirements: Information-theoretic security often requires larger keys than computational security. However, 128-bit keys (16 bytes) remain practical for most applications, and KERI's use of CESR encoding ensures efficient representation.

Use Cases

Information-theoretic security is particularly valuable for:

Long-term secrets: Keys that must remain secure for decades benefit from information-theoretic security, as computational assumptions may not hold over such timescales.

High-value identities: Root identities for organizations, governments, or critical infrastructure justify the operational overhead of information-theoretic key management.

Regulatory compliance: Some regulatory frameworks require provable security guarantees that only information-theoretic security can provide.

Post-quantum preparation: Organizations preparing for the quantum computing era can use information-theoretic security for critical secrets, ensuring protection regardless of quantum computing advances.

Limitations

Information-theoretic security does not protect against:

Implementation vulnerabilities: Software bugs, side-channel attacks, and hardware vulnerabilities can compromise keys regardless of their theoretical security.

Operational failures: Human error, social engineering, and procedural failures remain attack vectors.

Endpoint security: If the device using the keys is compromised, information-theoretic security of the keys themselves provides no protection.

KERI's architecture recognizes these limitations and provides complementary security mechanisms including duplicity detection, witness consensus, and watcher networks to create defense-in-depth beyond the information-theoretic security of individual keys.