building a true RNG
Amir Herzberg
amir at herzberg.name
Wed Jul 31 12:15:12 EDT 2002
At 20:10 30/07/2002, James A. Donald wrote:
> --
>On 30 Jul 2002 at 17:02, Amir Herzberg wrote:
> > I found that when trying to explain and define hash functions
> > and their properties, I didn't find a satisfactory definition
> > for the `randomness` properties.
>
>Randomness is of course indefinable. A random oracle is however
>definable.
I'm not sure what you mean by `randomness` being undefinable, but yes, I'm
familiar with the standard definitions of the random oracle
assumption/method. And I already agreed (I think with David Wagner) that it
seems that when analyzing under the random oracle methodology, a call to
the random oracle extracts the randomness from the physical (imperfect)
source of entropy (one of us actually need to spend few minutes to confirm
this proof is indeed as simple as it seems).
But that's not the question, I think. What we really want is some
assumption which we can test SHA-1, or a new `hash` function (possibly with
a public key) against, and which is sufficient to securely extract randomness.
This assumption cannot be the `random oracle` since clearly SHA-1 (and any
other given function) is _not_ a random oracle...
--------------------------------------------------------------------------------------------------------------------------------
Amir Herzberg
See http://amir.herzberg.name/book.html for draft chapters from
`Introduction to Cryptography,
Secure Communication and Commerce`, and link to lectures. Comments
appreciated.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list