building a true RNG

Amir Herzberg amir at herzberg.name
Wed Jul 31 12:15:12 EDT 2002


At 20:10 30/07/2002, James A. Donald wrote:
>     --
>On 30 Jul 2002 at 17:02, Amir Herzberg wrote:
> > I found that when trying to explain and define hash functions
> > and their properties, I didn't find a satisfactory definition
> > for the `randomness` properties.
>
>Randomness is of course indefinable.  A random oracle is however
>definable.

I'm not sure what you mean by `randomness` being undefinable, but yes, I'm 
familiar with the standard definitions of the random oracle 
assumption/method. And I already agreed (I think with David Wagner) that it 
seems that when analyzing under the random oracle methodology, a call to 
the random oracle extracts the randomness from the physical (imperfect) 
source of entropy (one of us actually need to spend few minutes to confirm 
this proof is indeed as simple as it seems).

But that's not the question, I think. What we really want is some 
assumption which we can test SHA-1, or a new `hash` function (possibly with 
a public key) against, and which is sufficient to securely extract randomness.

This assumption cannot be the `random oracle` since clearly SHA-1 (and any 
other given function) is _not_ a random oracle...

--------------------------------------------------------------------------------------------------------------------------------
Amir Herzberg
See http://amir.herzberg.name/book.html for draft chapters from 
`Introduction to Cryptography,
Secure Communication and Commerce`, and link to lectures. Comments 
appreciated.


---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com



More information about the cryptography mailing list