At 20:10 30/07/2002, James A. Donald wrote: > -- >On 30 Jul 2002 at 17:02, Amir Herzberg wrote: > > I found that when trying to explain and define hash functions > > and their properties, I didn't find a satisfactory definition > > for the `randomness` properties. > >Randomness is of course indefinable. A random oracle is however >definable.
I'm not sure what you mean by `randomness` being undefinable, but yes, I'm familiar with the standard definitions of the random oracle assumption/method. And I already agreed (I think with David Wagner) that it seems that when analyzing under the random oracle methodology, a call to the random oracle extracts the randomness from the physical (imperfect) source of entropy (one of us actually need to spend few minutes to confirm this proof is indeed as simple as it seems). But that's not the question, I think. What we really want is some assumption which we can test SHA-1, or a new `hash` function (possibly with a public key) against, and which is sufficient to securely extract randomness. This assumption cannot be the `random oracle` since clearly SHA-1 (and any other given function) is _not_ a random oracle... -------------------------------------------------------------------------------------------------------------------------------- Amir Herzberg See http://amir.herzberg.name/book.html for draft chapters from `Introduction to Cryptography, Secure Communication and Commerce`, and link to lectures. Comments appreciated. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]