Statistical security parameter -> information theoretically secure

If a cryptographic protocol has a computational security parameter and a statistical security parameter, does this mean it is only computationally secure instead of information-theoretically secure?

I am wondering because this answer says that statistical indistinguishability is when the adversary is computationally unbounded: https://crypto.stackexchange.com/a/11790 . That would imply that the presence of a statistical security parameter means that a protocol is information-theoretically secure. Is that true?

Thank you!

And apart from that how do I find out whether a protocol is information-theoretically secure if it is not explicitly stated?

In interactive protocols (like MPC) you will often see a combination of computational and statistical security parameters used together.

• Computational security parameter: tunes the hardness of some attack that depends on the adversary's running time. For example, a protocol uses a pseudorandom function, and breaking that pseudorandom function will break the protocol. The key size of the pseudorandom function is governed by the protocol's computational security parameter. When you look closely at the adversary's formal advantage, and you see a term of the form $T/2^\kappa$ or $q^2/2^\kappa$ where $T$ or $q$ is related to the adversary's computational effort, then $\kappa$ is a computational security parameter.

• Statistical security parameter: tunes the hardness of some attack where the adversary's running time is irrelevant. Usually this is because there is some event that happens only once in the protocol, and the adversary has only one chance to succeed at the attack. For example, one party generates a commitment to a string, and the adversary breaks the protocol only if it can exactly guess the contents of that string before it is revealed. The length of the string needs to be governed by the protocol's statistical security parameter. When you examine the adversary's advantage and see a term of the form $c/2^\lambda$ for a constant $c$ (independent of the adversary's computational effort), then $\lambda$ is a statistical security parameter.

A concrete example containing both kinds of security parameters is cut-and-choose protocols for garbled circuits (I very roughly sketch the protocol of Lindell here).

• Alice is supposed to generate $\lambda$ independent garblings of a circuit. A garbled circuit can either be generated correctly or incorrectly. Given the "seed" which produced the garbled circuit, it is easy to check whether the circuit was generated correctly or not.
• Bob tosses a fair coin for each of the $\lambda$ circuits. If the coin is heads, he challenges Alice to prove that the circuit was generated correctly (by revealing its "seed"). If the coin is tails, the circuit is used later on for usual garbled circuit stuff.

Because of some clever mechanisms in the rest of the protocol, Alice can succeed in cheating only by making all "checked" circuits correct and all "unchecked" circuits incorrect. In other words, she can succeed only if she exactly predicts all $\lambda$ of Bob's coin tosses before they happen (with probability $1/2^\lambda$). Hence $\lambda$ is a statistical security parameter of the protocol.

To answer your question: just because a protocol contains a statistical security parameter, it doesn't mean the entire protocol is information-theoretically secure. If it contains a computational security parameter at all, then the entire protocol achieves computational security, if can be proven so.

Implications of differentiating computational vs statistical security parameters: In this example and others, the statistical security parameter can be much smaller (leading to a concretely more efficient protocol). In practice it is typical to set the statistical security parameter to be 40, which bounds all "bad one-shot events" to probability $1/2^{40}$. In the cut-and-choose example, this means Alice sends only 40 garbled circuits instead of, say, 128. Meanwhile, the protocol still uses PRFs and other things, which need computational security parameter 128.