I am working on a project that is using a bit-commitment concept to authenticate information.
I need to select a combination of objects securely from a secure hash, then distribute that hash later. Then a client knows that only the authenticated server selected that combination of objects before distribution of the hash the combination derived from.
In other words, I need to select a combination of objects deterministically from a cryptographic key.
I think that adapting this would be a good idea as follows.
Let x be a hash, i.e., an l-bit integer (l>128) that comes from a secure hash function or prf.
I must select M objects from a set of N.
And let S be the set of objects selected.
I assert that $log_2 C(M,N) > 128$.
initialize set S to empty
for J := N-M + 1 to N do
T := (x mod J) + 1 \\ this line is changed from the link above from RandInt(1, J)
if T is not in S then
insert T in S
else
insert J in S
Main questions:
If given the combination of M objects from the set N, can someone invert the above algorithm to derive the hash.
If so, does anyone know of a secure way to deterministically select a combination of objects from a hash?
I need to select a combination of objects deterministically from a cryptographic key in such a way that one can only use brute force to determine the cryptographic key used to derive the combination of M objects among N. To invert the above, one would need to solve a bunch of modular arithmetic problems. Otherwise, I would think that a one-to-one function that can take in an integer and get the combination would work also. This function also needs to be efficient.
Thanks
