Logic Flaw, why cant you use randomness to seed more randomness?

CaffeineAddiction

3/5/24, 4:17 AM

If I have 256 bits of handwavium "perfectly random data" and I hash this 256 bits of data with a secure hash function (possibly sha256) could the resulting hash be considered "perfectly random data" as well? I am assuming no, but don't know why.

What information / keywords would I use to find out more information about this?

Interesting seemingly related topics:

1 + 3

randomness

CaffeineAddiction

3/5/24, 4:21 AM

Some background, I was looking into one-time-pads and am trying to figure out what would prevent you from generating an inf one-time-pad from a random seed.

DannyNiu

3/5/24, 4:27 AM

From [our reading list](https://crypto.meta.stackexchange.com/a/1535/36960).

fgrieu

3/5/24, 10:44 AM

The hashing is expected to loose [0.8272… bit](https://crypto.stackexchange.com/a/24672/555) of the original 256 bits of entropy.

Score:1

Crypto

swineone

3/5/24, 5:02 AM

Suppose you take your 256 bits of handwavium "perfectly random data" and use it to seed a handwavium "perfect cryptographic seed expansion algorithm", such as the SHAKE XOF -- but it really makes no difference which algorithm you choose. You then generate 257 (or in general any $n > 256$) bits of "random data". In principle, if this was really random data, you'd have $2^n$, for $n > 256$, different bit strings.

However, suppose you cycled through all $2^{256}$ bit strings of "only" 256 bits. Evidently one of these would match the 256 bits of handwavium "perfectly random data" mentioned at the beginning, and having found it, then you'd be able to generate exactly the same $n$ supposedly random bits.

Thus, by brute-forcing "only" 256 bits (a computational effort of $2^{256}$ operations), you can find all $n$ bits, while if they were actually random, you'd need an actual computational effort of $2^n$ (for, again, $n > 256$), which is general is much greater than $2^{256}$.

So don't fool yourself: you only have 256 bits of randomness. Any bit coming after that is a 100% deterministic function of those 256 bits, and thus adds no randomness at all.

+ 2

CaffeineAddiction

3/5/24, 5:24 AM

I think I understand what your saying, and agree with it. Argument for argument sake ... let say the orig 256 bits of handwavium "perfect random data" is destroyed/forgotten/never transmitted after the hash algo created a new 256 bits of deterministic data. How is this new data less "random" than the entire rest of the key space?

swineone

3/5/24, 5:31 AM

Assuming you really throw away your "perfect random data", and that you use a "perfect" hash function, for which no attacks that reduce its preimage resistance exist, then your first 256 bits of deterministic data should be OK. Once you generate a 257th, you're back to the same problem. But if you can only securely generate the exact same 256 bits you started with (which, recall, you threw away), then why go to the trouble and computational expense of hashing it? Just use the random data directly.

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Logic Flaw, why cant you use randomness to seed more randomness?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.