How do you store infinity in 256 bits?
This paper explores a fundamental paradox in cryptography: cryptographic theory assumes random oracles that produce infinite sequences of random bits, yet we only have computers with finite memory. The answer? We can’t implement true random oracles. Instead, we create an elaborate and beautiful deception.
The Impossible Oracle
Random oracles are functions that map any input to an infinite sequence of perfectly random bits. But trying to implement one (OracleDigest) fails catastrophically:
- Memory Unboundedness: Each new query exhausts memory
- Non-Serializability: Cannot save/restore state
- Non-Reproducibility: Each instance generates different values
- Non-Distributability: Cannot share across systems
This isn’t a bug—it’s a constructive proof that true random oracles cannot exist in our computational universe.
The Beautiful Lie: LazyDigest
From this impossibility emerges something remarkable:
class LazyDigest:
def __init__(self, seed):
self.seed = seed
def __getitem__(self, index):
return hash(seed || index)[0]
Just 256 bits of entropy generating what appears to be an infinite random sequence.
The Core Deception
- Appears: Infinite random sequence
- Actually: Deterministic function with 256 bits of state
- Information content: K(LazyDigest) = 256 bits + constant
- Apparent information: Infinite
We’re achieving a compression ratio of infinity—representing unbounded data with bounded information.
Why the Deception Works
Computational indistinguishability: If h is a secure PRF, no polynomial-time distinguisher can tell LazyDigest apart from truly random output.
We’re not random—we’re computationally hard to distinguish from random. This weaker guarantee is sufficient for cryptography.
The Inevitable Cycle
Since LazyDigest has finite state, it must eventually repeat. After at most 2^256 queries, it will cycle.
But 2^128 (expected cycle length) ≈ 10^38. At one billion queries per second, it would take 10^21 years—far longer than the age of the universe.
Advanced Constructions
Hierarchical Seeding
epoch_seed = h(master_seed || "epoch" || epoch)
chunk_seed = h(epoch_seed || "chunk" || chunk)
value = h(chunk_seed || position)[0]
Extends the effective period by structuring state hierarchically.
XOR Multi-Hash (Defense in Depth)
result = sha256(seed||index)[0] ⊕ sha512(seed||index)[0] ⊕
sha3_256(seed||index)[0] ⊕ blake2b(seed||index)[0]
System remains secure if at least one hash function is secure. Hedges against:
- Future cryptanalysis breaking individual algorithms
- Quantum computing vulnerabilities
- Implementation bugs
Sponge Construction
Reserves capacity bits that never leave the system, providing tunable security with 2^(capacity/2) collision resistance.
Deep Connections
Random Oracles as Uncomputable Reals
Most real numbers are uncomputable—they require infinite information to specify. A true random oracle is the cryptographic analog of an uncomputable real:
- Computable reals (like π, e): Measure zero, finite programs
- Uncomputable reals: Measure one, infinite information
- LazyDigest: Computable, appears random
- Random oracle: Uncomputable, truly random
We’re using computable functions to approximate uncomputable ones.
Lazy Evaluation and Mathematical Constants
Consider π: we can compute any digit using a finite algorithm (Bailey-Borwein-Plouffe formula). This is lazy evaluation in its purest form:
- Finite description: Algorithm is hundreds of bytes
- Infinite output: Arbitrarily many digits
- On-demand computation: Only compute what’s observed
LazyDigest parallels this exactly. The difference is semantic:
- π encodes geometric relationships
- LazyDigest encodes computational hardness
Both achieve the same compression: finite program → infinite sequence.
Randomness as Computational Hardness
We have two incompatible definitions of randomness:
- Information-theoretic: High Kolmogorov complexity
- Computational: Indistinguishable from random by efficient algorithms
LazyDigest fails (1) catastrophically—it has tiny Kolmogorov complexity. LazyDigest passes (2) perfectly—assuming secure hash functions.
The profound insight: “Randomness” in cryptography is actually computational hardness in disguise.
Entropy, Time’s Arrow, and Laplace’s Demon
Consider a being with unlimited computational power (Laplace’s demon):
- LazyDigest is trivially non-random—just compute
h(seed||i) - No entropy exists—only deterministic evolution
- Past and future are equally accessible
But we are computationally bounded, which creates our entire experience:
- Past is fixed (we remember it)
- Future is uncertain (cannot compute fast enough)
- Entropy increases (cannot invert dynamics)
- Randomness exists (cannot distinguish from true random)
A hash function is a “fast-forward only” time machine:
- Forward:
h(x)is easy - Backward: Finding
xgivenh(x)is computationally infeasible
The P ≠ NP Bet
Every use of LazyDigest implicitly bets that P ≠ NP. If P = NP, we could invert the hash function in polynomial time, distinguishing LazyDigest from random.
We’re not generating randomness—we’re generating a computationally hard problem and hoping nobody can solve it.
Applications
Deterministic Test Data: Reproducible infinite test streams Memory-Hard KDF: Force memory access patterns for password hashing Blockchain PoW: Model mining as searching the output space
The Beautiful Paradox
LazyDigest embodies a beautiful paradox:
- Simple: Just hash seed concatenated with index
- Complex: Output appears completely random
- Finite: Only 256 bits of true information
- Infinite: Can generate unbounded output
- Deterministic: Same seed always gives same sequence
- Unpredictable: Cannot predict next value without seed
This paradox is the heart of modern cryptography: simple deterministic processes that appear complex and random to bounded observers.
A Constructivist Victory
Perhaps most profoundly, LazyDigest represents a victory for constructivism in mathematics. While classical mathematics struggles with incoherent infinities and uncomputable reals, we’ve built something better: a finite, computable object that serves all practical purposes of an infinite random sequence.
The “deception” is beautiful because it’s honest:
- We don’t claim infinite objects—we have finite programs generating unbounded output
- We don’t pretend uncomputable things exist—we work with computable approximations
- We don’t hide behind axioms—we build finite machines and study their behavior
Cryptography forces us to be constructivists. The boundary of cryptographic possibility is precisely the boundary of computational constructibility.
In a universe that may itself be computational, LazyDigest isn’t approximating some “true” random oracle in a Platonic realm. It may be as real as randomness gets.
Key Takeaways
- True random oracles are impossible to implement (proven constructively)
- LazyDigest uses 256 bits to simulate infinity through computational hardness
- “Randomness” in cryptography means computationally indistinguishable from random
- The deception works because we’re all computationally bounded observers
- This represents a constructivist approach to mathematics and computation
Discussion