On Tuesday,2009-10-20, at 11:32 , Dan Harkins wrote:
Check out "Random Oracles are Practical" by Bellare and Rogaway. Section 6 discusses how to use a standard hash function, which by itself has too much structure, to make a random oracle. In fact, they provide an example to extend the range and domain ofthe mapping for an example random oracle and end up with something thatlooks remarkably like a KDF. It even includes a random "salt" to instantiate multiple independent random oracles.
Yes, and you might also be interested in "How Risky is the Random- Oracle Model?" by Gaetan Leurent and Phong Q. Nguyen 2008 which attacks those constructions from BR93 along the way of making interesting points about "How bad is it" in different cryptosystems if the thing standing in for a random oracle fails to act like one.
http://eprint.iacr.org/2008/441 Regards, Zooko