If you offer someone an algorithm that is impossible to break in a trillion, trillion years, and another algorithm that is in principle impossible to break, but the former algorithm is twice as efficient, then every company on the entirety of planet earth will choose the former. Some companies who pay a lot of money for bandwidth, maybe. “Any company”? Not a chance. Internet is cheap and companies routinely waste money in much more frivolous ways. And for stuff which sells on its security, e.g. messengers like Signal, the advertising value of “our encryption is mathematically unbreakable” would be well worth it. And plenty of individual nerds would opt into it just out of principle, being fully willing to cut their bandwidth in half for fuzzy feelings. Not even to mention military applications. You don’t see such things in reality, because this is, unless I misunderstand something truly massive, impossible. You can’t do unbreakable encryption over the network because you can’t securely share the pad key. Yet, even in this time before people knew DHKE could be potentially broken by quantum computers, nobody used DHKE to exchange keys for one-time pads. Well yes, because that’d be incorrect - by sharing one-time-pad keys with DHKE you’re reducing the security to that of DHKE, so you might as well drop the one-time-pad part and use an ordinary encryption algorithm instead.