building a true RNG
Paul Crowley
paul at ciphergoth.org
Thu Aug 1 20:13:05 EDT 2002
David Wagner <daw at cs.berkeley.edu> writes:
> I don't know of any good cryptographic hash function that comes with
> a proof that all outputs are possible. However, it might not be too
> hard to come up with plausible examples. For example, if we apply the
> Luby-Rackoff construction (i.e., 3 rounds of a Feistel cipher), with
> ideal hash functions in each round, does this have the desired properties?
> It might.
This seems to define a block cipher with no key, which is collision
free but not one-way. Am I misunderstanding what you're proposing?
--
__ Paul Crowley
\/ o\ sig at paul.ciphergoth.org
/\__/ http://www.ciphergoth.org/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list