building a true RNG
David Wagner
daw at cs.berkeley.edu
Thu Aug 1 20:28:43 EDT 2002
> David Wagner <daw at cs.berkeley.edu> writes:
> > I don't know of any good cryptographic hash function that comes with
> > a proof that all outputs are possible. However, it might not be too
> > hard to come up with plausible examples. For example, if we apply the
> > Luby-Rackoff construction (i.e., 3 rounds of a Feistel cipher), with
> > ideal hash functions in each round, does this have the desired properties?
> > It might.
>
> This seems to define a block cipher with no key, which is collision
> free but not one-way. Am I misunderstanding what you're proposing?
You understood it perfectly. Good point.
I didn't notice that problem. Harrumph.
Thanks for catching my oversight!
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list