chris-wood
commented
4 years ago Yeah, our hands are somewhat tied by the RFC editor for (2). :-\
As for (1), what do you mean by it "involves a secret"?
Closed kwantam closed 4 years ago
chris-wood
commented
4 years ago Yeah, our hands are somewhat tied by the RFC editor for (2). :-\
As for (1), what do you mean by it "involves a secret"?
kwantam
commented
4 years ago Almost-formally, we say that a pseudorandom generator is a deterministic function G and some secret s such that G(s) is statistically indistinguishable from random to anyone who doesn't know s.
Here, there's no secret---all inputs are public---so "pseudorandom" doesn't quite apply, so we're sort of watering down / confusing terminology by using it in this way.
chris-wood
commented
4 years ago Okay, I thought you meant that its output is secret, or something :) I'm not sure folks will find this particularly confusing, though hedging against any risk is probably best. What about uniform_bytes?
kwantam
commented
4 years ago uniform_bytes sounds great!
kwantam
commented
4 years ago (I suppose your life would have been easier if I'd mentioned this before you put all that work into #259!!!)
chris-wood
commented
4 years ago Hah, no worries :-) I can submit a PR for this, unless you'd like to take a crack at it?
Both from Leo as we were discussing VRF:
pseudo_random_bytesis a bad name inhash_to_field, because the cryptographic notion of pseudorandomness involves a secret. Is there a better name we can use?Is it possible to remove line breaks from the test vectors in the document, to make copy-pasting easier?
I think the answer to (2) is no because we're limited to some fixed line length. @chris-wood do you know for sure?
As to (1), I don't have any ideas but I'll think about it.