Sound Computational Interpretation of Symbolic

Hashes in the Standard Model 1st Edition by

Flavio D Garcia, Peter van Rossum ISBN
9783540477006 download
https://ebookball.com/product/sound-computational-interpretation-
of-symbolic-hashes-in-the-standard-model-1st-edition-by-flavio-d-
garcia-peter-van-rossum-isbn-9783540477006-10366/

Instantly Access and Download Textbook at https://ebookball.com

 Get Your Digital Files Instantly: PDF, ePub, MOBI and More
Quick Digital Downloads: PDF, ePub, MOBI and Other Formats

A Tool for Managing Security Policies in Organisations 1st Edition by

Anna V Alvarez, Karen A Garcia, Raul Monroy, Luis A Trejo, Jesus
Vazquez ISBN 9783540477006

https://ebookball.com/product/a-tool-for-managing-security-
policies-in-organisations-1st-edition-by-anna-v-alvarez-karen-a-
garcia-raul-monroy-luis-a-trejo-jesus-vazquez-
isbn-9783540477006-13682/

Game Sound An Introduction to the History, Theory, and Practice of

Video Game Music and Sound Design 1st edtion by Karen Collins ISBN
026253777X 9780262537773

https://ebookball.com/product/game-sound-an-introduction-to-the-
history-theory-and-practice-of-video-game-music-and-sound-
design-1st-edtion-by-karen-collins-
isbn-026253777x-9780262537773-24998/

Handbook of Constraint Programming 1st Edition by Francesca Rossi,

Peter van Beek, Toby Walsh ISBN 0080463800 9780080463803

https://ebookball.com/product/handbook-of-constraint-
programming-1st-edition-by-francesca-rossi-peter-van-beek-toby-
walsh-isbn-0080463800-9780080463803-19758/

The Business Model in Context of Business Strategy 1st edition by

Johannes Christian Gaedicke

https://ebookball.com/product/the-business-model-in-context-of-
business-strategy-1st-edition-by-johannes-christian-
gaedicke-24436/
Atlas of Complex Orthodontics 1st Edition by Ravindra Nanda, Flavio
Andres Uribe ISBN 9780323357548 0323357547

https://ebookball.com/product/atlas-of-complex-orthodontics-1st-
edition-by-ravindra-nanda-flavio-andres-uribe-
isbn-9780323357548-0323357547-5072/

ASPC Manual of Preventive Cardiology 2nd Edition by Nathan D Wong,

Ezra A Amsterdam, Peter P Toth ISBN 3030562794 9783030562793

https://ebookball.com/product/aspc-manual-of-preventive-
cardiology-2nd-edition-by-nathan-d-wong-ezra-a-amsterdam-peter-p-
toth-isbn-3030562794-9783030562793-4790/

Elementary Hydrostatics With Chapters on the Motion of Fluids and on

Sound 1st edition by William Henry Besant ISBN 0469641509
978-0469641501

https://ebookball.com/product/elementary-hydrostatics-with-
chapters-on-the-motion-of-fluids-and-on-sound-1st-edition-by-
william-henry-besant-isbn-0469641509-978-0469641501-16524/

IEEE Standard Glossary of Computer Languages 1st Edition by IEEE ISBN

https://ebookball.com/product/ieee-standard-glossary-of-computer-
languages-1st-edition-by-ieee-isbn-9110/

IEEE Standard Glossary of Computer Networking Terminology 1st Edition

by IEEE ISBN

https://ebookball.com/product/ieee-standard-glossary-of-computer-
networking-terminology-1st-edition-by-ieee-isbn-9106/
 Sound Computational Interpretation of
Symbolic Hashes in the Standard Model

Flavio D. Garcia and Peter van Rossum

Institute for Computing and Information Sciences,

Radboud University Nijmegen, The Netherlands
{flaviog, petervr}@cs.ru.nl

Abstract. This paper provides one more step towards bridging the gap
between the formal and computational approaches to the verification of
cryptographic protocols. We extend the well-known Abadi-Rogaway logic
with probabilistic hashes and we give a precise semantic interpretation
to it using Canetti’s oracle hashes. These are probabilistic polynomial-
time hashes that hide all partial information. Finally, we show that this
interpretation is computationally sound.

1 Introduction

The analysis of security protocols is being carried out mainly by means of two
different techniques. On the one hand, from a logical perspective, messages are
seen as algebraic objects, generated by some grammar from elementary objects
such as keys, nonces, and constants. Cryptographic operations are seen as al-
gebraic operations which are unbreakable. Attackers are typically modelled as
so-called Dolev-Yao attackers [DY83], having total control over the network,
having no computational limitations, and being only (but absolutely) incapable
of breaking cryptographic operations. These logical methods are appealing, be-
cause they are relatively easy to use and capture most mistakes commonly made
in security protocols.
On the other hand, from a complexity-theory perspective, messages are seen
as bit strings and cryptographic operations as functions on bit strings satisfy-
ing certain security properties [Gol01]. An attacker here is a resource bounded
probabilistic algorithm, limited by running time and/or memory, but capable
of breaking cryptographic operations, if that is computationally feasible. The
complexity based methods are more general and more realistic, but also more
complex.
In the last few years much research has been done to relate these two perspec-
tives [AR02, AJ01, MW04, Her05]. Such a relation takes the form of a function
mapping algebraic messages m to (distributions over) bit strings [[m]]. This map
should relate messages that are observationally equivalent in the algebraic world
(meaning that a Dolev-Yao attacker can see no difference between them) to in-
distinguishable distributions over bit strings (meaning that a computationally

H. Yoshiura et al. (Eds.): IWSEC 2006, LNCS 4266, pp. 33–47, 2006.

c Springer-Verlag Berlin Heidelberg 2006
34 F.D. Garcia and P. van Rossum

bounded adversary can only with negligible probability distinguish the distribu-
tions). Such a map allows one to use algebraic methods, possibly even automated,
to reason about security properties of protocols and have those reasonings be
valid also in the computational world.
The work carried out in the literature on relating these two perspectives
mainly deals with symmetric encryption [AR02, MW04] and public key encryp-
tion [Her05]. Micciancio and Warinschi [MW04] briefly but explicitly question if
this logical approach can be extended to, among other things, collision resistant
hashes. Backes, Pfitzmann, and Waidner [BPW06] show that in their simulata-
bility framework [PW00] a sound interpretation of hashes cannot exist, but that
it is possible to give a sound interpretation of formal hashes in the simulatability
framework using random oracles.
The problem with hashes is that in the algebraic world h(m) and h(m ) are
indistinguishable for a Dolev-Yao attacker if the attacker does not know m and
m . In the computational world, however, the normal security definition — it
must be computationally infeasible to compute any pre-image of a hash value
or a hash collision [RS04] — does not guarantee that the hash function hides all
partial information about the message; hence there is no guarantee that [[h(m)]]
and [[h(m )]] are computationally indistinguishable. A possible solution to this
can be found in the work of Canetti and others [Can97a, CMR98] on perfectly
one-way functions (a.k.a. oracle hashing). These are computable probabilistic
hash functions that hide all partial information of their input (see Section 3.3
for a definition and an example).

Our Contribution. We propose an extension to the commonly used Abadi-

Rogaway logic of algebraic messages introducing a probabilistic hash operator
hr(m) in the logic, next to the probabilistic symmetric encryption operator {|m|}rk .
Just as the original logic introduces a -operator to put in place of undecryptable
ciphertext (for us r , since we also deal with repetitions of ciphertexts), we
introduce a r -operator to put in place of the hash of an unknown message.
In the computational world, we interpret h as a perfectly one-way function and
prove that the resulting interpretation is sound.
It is relatively easy to see that the interpretation of messages like m, hr(n, 0)
and m, hr(n, 1) are computationally indistinguishable whenever the adversary
can not learn n from m. If, however, the adversary can learn n from m, then the
messages are not observationally equivalent. The main technical difficulty that
has to be overcome is that the adversary can learn part of the argument of the
hash from the context, as for example in the message k, hr(n, k).

Overview. Section 2 introduces the message algebra, including the probabilistic

encryption and probabilistic hash operators. It also defines the observational
equivalence relation on messages. Section 3 then introduces the computational
world, giving the security definitions for encryption and hashes. In Section 4 the
semantic interpretation [[−]] is defined and Section 5 proves the soundness of this
interpretation. Finally, Section 6 discusses further research directions.
 Sound Computational Interpretation of Symbolic Hashes 35

2 The Algebraic Setting

This section describes the message space and the observational equivalence ex-
tending the well-known Abadi-Rogaway logic [AR02] of algebraic messages with
hashes. These messages are used to describe cryptographic protocols and the ob-
servational equivalence tells whether or not two protocol runs are indistinguish-
able for a global eavesdropper. Here a protocol run is simply the concatenation
of all the messages exchanged in the run.
Definition 2.1. Key is an infinite set of key symbols, Nonce an infinite set of
nonce symbols, Const a finite set of constant symbols, and Random an infinite
set of randomness labels. Keys are denoted by k, k  , . . . , nonces by n, n , . . . ,
constants by c, c , . . . , and randomness labels by r, r , . . . . There is one special
key called k and for every randomness label r there is a special nonce called nr .
Using these building blocks, messages are constructed using algebraic encryption,
hashing, and pairing operations:

Msg  m := c | k | n | {|m|}rk | hr(m) | m, m | r | r .

Here k and n do not range over all keys/nonces, but only over the non-special
ones. Special symbols ( r and r ) are used to indicate undecryptable cipher-
texts or hash values of unknown messages. When interpreting messages as (en-
sembles of distributions over) bit strings, we will treat r as if it were {|0|}rk
and r as if it were hr(nr ).
A message of the form {|m|}rk is called an encryption and the set of all such
messages is denoted by Enc. Similarly, messages of the form hr(m) are called hash
values and the set of all these messages is denoted by Hash. Finally Box denotes
the set of all messages of the form r or r . The set of all messages that involve
a “random choice” at their “top level”, i.e., Key ∪ Nonce ∪ Enc ∪ Hash ∪ Box, is
denoted by RanMsg.
The closure of a set U of messages is the set of all messages that can be con-
structed from U using tupling, detupling, and decryption. It represents the in-
formation an adversary could deduce knowing U .

Definition 2.2 (Closure). Let U be a set of messages. The closure of U , de-

noted by U , is the smallest set of messages satisfying:

1. Const ⊆ U ;
2. U ⊆ U;
3. m, m ∈ U =⇒ m, m  ∈ U ;
4. {|m|}rk , k ∈ U =⇒ m ∈ U ;
5. m, m  ∈ U =⇒ m, m ∈ U .

For the singleton set {m}, we write m instead of {m}.

We define the function encpat : Msg → Msg as in Abadi-Rogaway [AR02] which

takes a message m and reduces it to a pattern. Intuitively, this is the pattern
36 F.D. Garcia and P. van Rossum

that an attacker sees in a message given that he knows the messages in U . This
function does not replace hashes. Formally, it is defined as follows:

encpat(m) = encpat(m, m)
where
encpat(m1 , m2 , U ) = encpat(m1 , U ), encpat(m2 , U )

{|encpat(m, U )|}rk , if k ∈ U ;
encpat({|m|}k , U ) =
r
R({|m|}k ) ,
r
otherwise.
encpat(hr(m), U ) = hr(encpat(m, U ))
encpat(m, U ) = m in any other case.

Here R : Enc ∪ Hash → Random is an injective function that takes an encryption

or a hash value and outputs a tag that identifies its randomness. We need this
tagging function to make sure that the function encpat is injective. That is, we
need to make sure that distinct undecryptable messages get replaced by distinct
boxes and similarly for hashpat below.
Now we define the function hashpat : Msg → Msg which takes a message m
and reduces all hashes of unknown (not in U ) sub-messages, to . This function
does not replace encryptions. Formally:

hashpat(m) = hashpat(m, m)
where
hashpat(m1 , m2 , U ) = hashpat(m1 , U ), hashpat(m2 , U )
hashpat({|m|}rk , U ) = {|hashpat(m, U )|}rk
 r
h (hashpat(m, U )), if m ∈ U ;
hashpat(hr(m), U ) =
R(h (m)) ,
r
otherwise.
hashpat(m, U ) = m in any other case.

Naturally, we now define pattern as pattern = encpat ◦ hashpat.

Example 2.3. Consider the message

m = {|{|1|}rk , hr̃(n)|}rk , hr̂(k), k.

Then hashpat(m) = {|{|1|}rk , t |}rk , hr̂(k), k, because n is not in m,
and pattern(m) = {| s , t |}rk , h (k), k,
r̂
because k  is not in m,

where t = R(hr̃(n)) and s = R({|1|}rk ).
Definition 2.4 (Observational Equivalence). Two messages m and m are
said to be observationally equivalent, notation m ∼
= m , if there is a type preserv-
ing permutation σ of Key ∪ Nonce ∪ Box such that pattern(m) = pattern(m )σ.
Here pattern(m )σ denotes simultaneous substitution of x by σ(x) in pattern(m ),
for all x ∈ Key ∪ Nonce ∪ Box.
From the original setting in [AR02] we inherit the requirement that messages
must be acyclic for the soundness result to hold.
 Sound Computational Interpretation of Symbolic Hashes 37

Definition 2.5 (Acyclicity). Let m be a message and k, k  two keys. The key
k is said to encrypt k  in m if m has a sub-message of the form {|m |}rk with
k  being a sub-message of m . A message is said to be acyclic if there is no
sequence k1 , k2 , . . . , kn , kn+1 = k1 of keys such that ki encrypts ki+1 in m for all
i ∈ {1, . . . , n}.

3 The Computational Setting

This section gives a brief overview of the concepts used in the complexity the-
oretic approach to security protocols. Much of this is standard; the reader is
referred to [GB01, BDJR97] for a thorough treatment of the basic concepts, to
[AR02] for the notion of type-0 security for cryptographic schemes (see Section 3.2
below), and to [Can97a] for the notion of oracle hashing (see Section 3.3 below).
In the computational world, messages are elements of Str := {0, 1}∗. Crypto-
graphic algorithms and adversaries are probabilistic polynomial-time algorithms.
When analyzing cryptographic primitives, it is customary to consider proba-
bilistic algorithms that take an element in Param := {1}∗ as input, whose
length scales with the security parameter. By making the security parameter
large enough, the system should become arbitrarily hard to break.
This idea is formalized in the security notions of the cryptographic opera-
tions. The basic one, which is what is used to define the notion of semantically
equivalent messages, is that of computational indistinguishability of probability
ensembles over Str. Here a probability ensemble over Str is a sequence {Aη }η∈N
of probability distributions over Str indexed by the security parameter.

Definition 3.1 (Computational Indistinguishability). Two probability

ensembles {Aη }η and {Bη }η are computationally indistinguishable if for every
probabilistic polynomial-time algorithm A, for all polynomials p, and for large
enough η,
1
P[x ← Aη ; A(1η , x) = 1] − P[x ← Bη ; A(1η , x) = 1] <
$ $
.
p(η)

After a brief interlude on probabilistic polynomial-time algorithms in Section 3.1,

we give the formal definition of an encryption scheme and its security notion in
Section 3.2 and of oracle hashing in Section 3.3.

3.1 Probabilistic Algorithms

In Definition 3.1, the notion of probabilistic polynomial-time algorithm was al-
ready used. Because we explicitly use two different views of these algorithms and
in order to fix notation, we give a more precise definition.

Definition 3.2. Coins is the set {0, 1}ω , the set of all infinite sequences of 0’s
and 1’s. We equip Coins with the probability distribution obtained by flipping
a fair coin for each element in the sequence.
38 F.D. Garcia and P. van Rossum

Definition 3.3. The result of running a probabilistic algorithm A on an input

x ∈ Str is a probability distribution A(x) over Str. When we need to explicitly
write the randomness used while running A, we write A(x, ρ) with ρ ∈ Coins.
Using this notation, A(x) and [ρ ← Coins; A(x, ρ)] are the same probability
$

distribution. When confusion is unlikely, we will also denote the support of this
probability distribution, {y ∈ Str|P[ρ ← Coins; A(x, ρ = y)] > 0}, by A(x).
$

Now suppose that A runs in polynomial time p. Then running A on x cannot

use more than p(|x|) coin flips. Letting Coinsp(|x|) denote the uniform probability
distribution on {0, 1}p(|x|), we get that the probability distribution A(x) can also
be written as [ρ ← Coinsp(|x|) ; A(x, ρ)].
$

3.2 Encryption Scheme

For each security parameter η ∈ N we let Plaintextη ⊆ Str be a non-empty set of
plaintexts, satisfying that for each η ∈ N : Plaintextη ⊆Plaintextη+1 as in Gold-
wasser and Bellare [GB01]. Let us define Plaintext = η Plaintextη . There is a
set Keys ⊆ Str of keys and also a set Ciphertext ⊆ Str of ciphertexts. Further-
more, there is a special bit string ⊥ not appearing in Plaintext or Ciphertext.
An encryption scheme Π consists of three algorithms:
1. a (probabilistic) key generation algorithm K : Param → Keys that outputs,
given a unary sequence of length η, a randomly chosen element of Keys;
2. a (probabilistic) encryption algorithm E : Keys×Str → Ciphertext∪{⊥} that
outputs, given a key and a bit string, a possibly randomly chosen element
from Ciphertext or ⊥;
3. a (deterministic) decryption algorithm D : Keys × Str → Plaintext ∪ {⊥}
that outputs, given a key and a ciphertext, an element from Plaintext or ⊥.
These algorithms must satisfy that the decryption (with the correct key) of a
ciphertext returns the original plaintext. The element ⊥ is used to indicate failure
of en- or decryption, although there is no requirement that decrypting with the
wrong keys yields ⊥.
Now we define type-0 security of an encryption scheme as in [AR02], which
is a variant of the standard semantic security definition, enhanced with some
extra properties. In particular a type-0 secure encryption scheme is which-key
concealing, repetition concealing and length hiding. We refer to the original
paper for motivation and explanations on how to achieve such an encryption
scheme. The notion of type-0 security makes slightly unrealistic assumptions
on the encryption scheme. However our result on hashes does not significantly
depend on the specific security notion for the encryption scheme. As in [MP05,
Her05], it is possible to replace type-0 security by the standard notion of ind-cpa
or ind-cca by adapting the definition of encpat. For simplicity of the exposition,
throughout this paper we adopt the former security notion.
Definition 3.4. An adversary (for type-0 security) is a probabilistic polyno-
mial-time algorithm AF (−),G(−) : Param → {0, 1} having access to two prob-
abilistic oracles F , G : Str → Str. The advantage of such an adversary is the
function AdvA : N → R defined by
 Sound Computational Interpretation of Symbolic Hashes 39


AdvA (η) = P[κ, κ ← K(1η ); AE(κ,−),E(κ ,−) (1η ) = 1]−
$

P[κ ← K(1η ); AE (κ,0),E(κ,0) (1η ) = 1].

$

Here the probabilities are taken over the choice of κ and κ by the key generation
algorithm, over the choices of the oracles, and over the internal choices of A. An
encryption scheme K, E, D is called type-0 secure if for all polynomial-time
adversaries A as above, the advantage AdvA is a negligible function of η. This
means that for all positive polynomials p and for large enough η, AdvA (η) ≤ p(η)
1
.
In the sequel we need an extra assumption on the encryption scheme, namely
that the ciphertexts are well-spread as a function of the coins tosses of E. It means
that for all plaintexts μ and all keys κ, no ciphertext is exceptionally likely to
occur as the encryption of μ under κ. Note that this does not follow from, nor
implies type-0 security. Also note that every encryption scheme running in cipher
block chaining mode automatically has this property: the initial vector provides
the required randomness.
Definition 3.5 (Well-spread). An encryption scheme K, E, D is said to be
well-spread if for every polynomial p,
1
∀η  1.∀x ∈ Ciphertext.∀κ ∈ K(1η ).∀μ ∈ Plaintextη : P[E(κ, μ) = x] < .
p(η)

3.3 Oracle Hashing

The underlying secrecy assumptions behind formal or Dolev-Yao hashes [DY83]
are very strong. It is assumed that given a hash value f (x), it is not possible
for an adversary to learn any information about the pre-image x. In the litera-
ture this idealization is often modelled with the random oracle [BR93]. Such a
primitive is not computable and therefore it is also an idealization. Practical hash
functions like SHA or MD5 are very useful cryptographic primitives even though
this functions might leak partial information about their input. Moreover, un-
der the traditional security notions (one-wayness), a function that reveals half
of its input is considered secure. In addition, any deterministic hash function f
leaks partial information about x, namely f (x). Through this paper we consider
a new primitive introduced by Canetti [Can97a] called oracle hashing, that mim-
ics what semantic security is for encryption schemes. This hash function is proba-
bilistic and therefore it needs a verification function, just as in a signature scheme.
A hash scheme consists of two algorithms H and V. The probabilistic algorithm
H : Param × Str → Str takes a unary sequence and a message and outputs a hash
value; the verification algorithm V : Str × Str → {0, 1} that given two messages
x and c correctly decides whether c is a hash of x or not. As an example we re-
produce here a hash scheme proposed in the original paper. Let p be a large (i.e.,
scaling with η) safe prime. Take H(x) = r2 , r2·h(x) mod p, where r is a ran-
domly chosen element in Z∗p and h is any collision resistant hash function. The
verification algorithm V(x, a, b) just checks whether b = ah(x) mod p.
40 F.D. Garcia and P. van Rossum

Canetti gives essentially two security notions for such a hash scheme. The
first one, oracle indistinguishability, guarantees that an adversary can gain no
information at all about a bit string, given its hash value (or rather, with suf-
ficiently small probability). The second one is an appropriate form of collision
resistance. It guarantees that an adversary cannot (or rather, again, with suffi-
ciently small probability) compute two distinct messages that successfully pass
the verification test with the same hash value.
Definition 3.6. A hash scheme H, V is said to be oracle indistinguishable if for
every family of probabilistic polynomial-time predicates {Dη : Str → {0, 1}}η∈N
and every positive polynomial p there is a polynomial size family {Lη }η∈N of
subsets of Str such that for all large enough η and all x, y ∈ Str \ Lη :
1
P[Dη (H(1η , x)) = 1] − P[Dη (H(1η , y)) = 1] < .
p(η)
Here the probabilities are taken over the choices made by H and the choices
made by Dη . This definition is the non-uniform [Gol01] version of oracle indis-
tinguishability proposed by Canetti [Can97a] as it is finally used throughout the
proof (See the full version [Can97b], Appendix B).
Definition 3.7 (Collision Resistance). A hash scheme H, V is said to be
collision resistant if for every probabilistic polynomial time adversary A, the
probability

P[c, x, y ← A(1η ); x = y ∧ V(x, c) = V(y, c) = 1]

$

is a negligible function of η.

4 Interpretation
Section 2 describes a setting where messages are algebraic terms generated by
some grammar. In Section 3 messages are bit strings and operations are given by
probabilistic algorithms operating on bit strings. This section shows how to map
algebraic messages to (distributions over) bit strings. This interpretation is very
much standard. We refer to [AR02, AJ01, MW04] for a thorough explanation. In
particular this section introduces notation that allows us to assign, beforehand,
some of the random coin flips used for the computation of the interpretation of
a message. This notation becomes useful throughout the soundness proof.
Definition 4.1. For every message m and set of messages V we define the set
R(m, V ) ⊆ RanMsg of random messages in m relative to V as follows: if m ∈ V ,
then R(m, V ) = ∅, otherwise
R(c, V ) = ∅ R({|m|}rk , V ) = R(m, V ) ∪ {k, {|m|}rk }
R(n, V ) = {n} R(hr(m), V ) = R(m, V ) ∪ {hr(m)}
R(k, V ) = {k} R(m1 , m2 , V ) = R(m1 , V ) ∪ R(m2 , V )
R(r , V ) = {k , r } R(r , V ) = {nr , r }.
 Sound Computational Interpretation of Symbolic Hashes 41

The set of random messages in m is defined as R(m) := R(m, ∅) and the set of
random messages in m relative to m as R(m, m ) := R(m, {m }).
Note that R(m) is nearly equal to the set of all sub-messages of m that are in
RanMsg; the only difference is that R(m) also may contain the special key k or
special nonces nr . When interpreting a message m as (ensembles of distributions
over) bit strings (Definition 4.4 below), we will first choose a sequence of coin
flips for all elements of R(m) and use these sequences as source of randomness
for the appropriate interpretation algorithms.
Also note that R(m, m ) is the set of all random messages in m except those
that only occur as a sub-message of m (see Definition 4.5 below).

Example 4.2. Let m be the message k, {|0|}rk , hr ({|0|}rk , n), n  and let m̃ be
the message inside the hash: {|0|}rk , n. Then the randomness in m is R(m) =

{k, {|0|}rk , hr ({|0|}rk , n), n , n}, the randomness inside the hash is R(m̃) = {{|0|}rk ,

k, n}, and the randomness that occurs only outside the hash is R(m, hr (m̃)) =

R(m) \ {hr (m̃), n}. The randomness that is shared between the inside of the

hash and the outside of the hash is R(m, hr (m̃)) ∩ R(m̃) = {{|0|}rk }.
Definition 4.3. For every finite set X we define Coins(X) as {τ : X → Coins}.
We equip Coins(X) with the induced product probability distribution. Further-
more, for every message m we write Coins(m) instead of Coins(R(m)).
An element of τ of Coins(m) gives, for every sub-message m of m that requires
random choices when interpreting this sub-message as a bit string, an infinite
sequence τ (m ) of coin flips that will be used to resolve the randomness.
Now we are ready to give semantic to our message algebra. We use E to
interpret encryptions, K to interpret key symbols, and H to interpret for hashes.
We let C : Const → Str be a function that (deterministically) assigns a constant
bit string to each constant identifier. We let N : Param → Str be the nonce
generation function that, given a unary sequence of length η, chooses uniformly
and randomly a bit string from {0, 1}η .
Definition 4.4. For a message m, a value of the security parameter η ∈ N, a
finite set U of messages containing R(m), and for a choice τ ∈ Coins(U ) of (at
least) all the randomness in m, we can (deterministically) create a bit string
τ
[[m]]η ∈ Str as follows:
τ τ τ τ
[[c]]η = C(c) [[{|m|}rk ]]η = E([[k]]η , [[m]]η , τ ({|m|}rk ))
τ τ τ
[[k]]η = K(1η , τ (k)) [[hr(m)]]η = H(1η , [[m]]η , τ (hr(m)))
τ τ τ
[[n]]η = N (1η , τ (n)) [[r ]]η = E([[k ]]η , C(0), τ (r ))
τ τ τ τ τ
[[m1 , m2 ]]η = [[m1 ]]η [[m2 ]]η [[r ]]η = H(1η , [[nr ]]η , τ (r )).
τ τ|
Note that [[m]]η = [[m]]η R(m) . For a fixed message m and η ∈ N, choosing τ from
the probability distribution Coins(R(m)) creates a probability distribution [[m]]η
over Str:
τ
[[m]]η := [τ ← Coins(m); [[m]]η ].
$
42 F.D. Garcia and P. van Rossum

Note that although the codomain of τ ∈ Coins(m) is Coins, the set of infinite
bit strings, when interpreting a fixed message m at a fixed value of the security
parameter η, only a predetermined finite initial segment of each sequence of coin
flips will be used by K, N , E, and H (cf. Definition 3.3). Denoting by Coinsη (m)
the probability distribution (on {τ : R(m) → Str}) that is actually being used
when computing [[m]]η , we could also write

τ
[[m]]η = [τ ← Coinsη (m); [[m]]η ].
$

Furthermore, letting η range over N creates an ensemble of probability distribu-

tions [[m]] over Str, namely [[m]] := {[[m]]η }η∈N .

Definition 4.5. We will also need a way of interpreting a message as a bit

string when the interpretation of certain sub-messages has already been chosen
in some other way. For this, let e be a function from some set Dom(e) ⊆ Pat
to Str and let τ ∈ Coins(U, Dom(e)) with U a finite set of messages containing
R(m). We interpret a message m using e whenever possible and τ otherwise: if
m ∈ Dom(e), then [[m]]e,τ
η = e(m), otherwise

e,τ e,τ τ e,τ

[[c]]η = C(c) [[{|m|}rk ]]η = E([[k]]η , [[m]]η , τ ({|m|}rk ))
e,τ e,τ e,τ
[[k]]η = K(1η , τ (k)) [[hr(m)]]η = H(1η , [[m]]η , τ (hr(m)))
e,τ e,τ e,τ
[[n]]η = N (1η , τ (n)) [[r ]]η = E([[k ]]η , C(0), τ (r ))
e,τ e,τ e,τ e,τ e,τ
[[m1 , m2 ]]η = [[m1 ]]η [[m2 ]]η [[r ]]η = H(1η , [[nr ]]η , τ (r )).

Definition 4.6. We also need a way of pre-specifying some of the random

choices to be made when interpreting a message. For this, let τ ∈ Coins(U )
for some finite set of messages U . Then for every η ∈ N and every message m,
τ
the distribution [[m]]η is obtained by randomly choosing coins for the remaining
randomness labels in m. Formally,
τ ∪τ 
[[m]]η := [τ  ← Coins(R(m) \ U ); [[m]]η
τ $
],

where τ ∪ τ  ∈ Coins(m) denotes the function which agrees with τ on U ∩ R(m)

and with τ  on R(m) \ U .
This can also be combined with the previous way of preselecting a part of the
interpretation. For a function e from a set Dom(e) ⊆ Pat to Str and τ ∈ Coins(U )
 $ e,τ ∪τ 
as above, we define [[m]]e,τ
η := [τ ← Coins(R(m) \ U ); [[m]]η ].

5 Soundness
This section shows that the interpretation proposed in the previous section is
computationally sound. Throughout this section we assume that the encryption
 Sound Computational Interpretation of Symbolic Hashes 43

scheme K, E, D is type-0 secure (or ind-cca with encpat modified as in [Her05,
MP05]) and well-spread, and that the probabilistic hash scheme H, V is oracle
indistinguishable and collision resistant.
The following lemma uses all these assumptions. It claims that if you pre-
specify some, but not all, of the sequences of coins to be chosen when interpreting
a message m, then no single bit string x is exceptionally likely to occur as the
interpretation of m.

Lemma 5.1 Let m be a message, U  R(m). Let p be a positive polynomial.

Then
τ 1
∀η  1.∀τ ∈ Coins(U ).∀x ∈ Str : P[α ← [[m]]η ; α = x] <
$
.
p(η)
Proof. The proof follows by induction on the structure of m. See the full version
of this paper [GR06].

Theorem 5.2 Let m be a message with a sub-message of the form hr(m̃). As-
sume that m̃ ∈ m. Take m := m[hr(m̃) := s ], where s = R(hr(m̃)). Then
[[m]] ≡ [[m ]].

Proof. Assume that [[m]] ≡ [[m ]], say A : Param × Str → {0, 1} is a probabilistic
polynomial-time adversary and p a positive polynomial such that
1
≤ P[μ ← [[m]]η ; A(1η , μ) = 1] − P[μ ← [[m ]]η ; A(1η , μ) = 1]
$ $
(1)
p(η)
for infinitely many η ∈ N. We will use this to build a distinguisher as in Defini-
tion 3.6 that breaks oracle indistinguishability of H, V.
Let η ∈ N, abbreviate R(m, m̃) ∩ R(m̃) to U and let τ ∈ Coins(U ). Note that
τ chooses coin flips for the randomness that occurs both inside and outside
the hash. Then define a probabilistic polynomial-time algorithm Dητ : {0, 1}∗ →
{0, 1} as follows.

algorithm Dητ (α) :

{hr(m̃)→α},τ
μ ← [[m]]η
$

β ← A(η, μ)
$

return β
τ
This algorithm tries to guess if a given bit string α was drawn from [[hr(m̃)]]η
τ τ
or from [[s ]]η = [[hs(ns )]]η . It does so by computing an interpretation for m
as follows. The sub-message hr(m̃) is interpreted as α; the randomness that is
shared between the inside of the hash (m̃) and the rest of the message is resolved
using hard-coded sequences of coin flips τ . It then uses the adversary A to guess
if the resulting interpretation was drawn from [[m]]η (in which case it guesses
that α was drawn from [[hr(m̃)]]η ) or from [[m ]]η (in which case it guesses that
α was drawn from [[s ]]η ).
44 F.D. Garcia and P. van Rossum

Even though τ has values in Coins, i.e., infinite strings, this is still a well-
defined probabilistic polynomial-time algorithm, as it uses only a finite, prede-
termined amount of bits from τ (cf. Definitions 3.3 and 4.4). However, (1η , α) →
Dητ (α) would not be a well-defined probabilistic polynomial-time algorithm.
Now consider one of the infinitely many values of η for which (1) holds. Using
Dητ we can rephrase (1) as follows:

1 τ
≤ P[τ ← Coinsη (U ), α ← [[hr(m̃)]]η ; Dητ (α) = 1]−
$ $

p(η)
P[τ ← Coinsη (U ), α ← [[s ]]τη ; Dητ (α) = 1]
$ $

 
P[α ← [[hr(m̃)]]τη ; Dητ (α) = 1]−
$
=
τ ∈Coinsη (U)

τ
P[α ← [[s ]]η ; Dητ (α) = 1] · P[T ← Coinsη (U ); T = τ ]
$ $

 
P[α ← [[m̃]]τη ; Dητ (H(1η , α)) = 1]−
$
=
τ ∈Coinsη (U)

τ
P[α ← [[ns ]]η ; Dητ (H(1η , α)) = 1] · P[T ← Coinsη (U ); T = τ ].
$ $

Note that τ selects the randomness that is shared between the inside of the hash
τ
and the outside of the hash; when α is drawn from [[m̃]]η the randomness that
appears only inside the hash is chosen (and the assumption on m̃ means that
there is really something to choose); H chooses the randomness for taking the
hash; and Dητ itself resolves the randomness that appears only outside the hash.
This means that there must be a particular value of τ , say τ̄η , such that

1 τ̄ τ̄
≤ P[α ← [[m̃]]τ̄ηη ; Dηη (H(1η , α)) = 1] − P[α ← [[ns ]]τ̄ηη ; Dηη (H(1η , α)) = 1].
$ $
(2)
p(η)

τ̄
Gathering all Dηη together for the various values of η, let D be the non-
τ̄ τ̄
uniform adversary {Dηη }η∈N . Note that we have not actually defined Dηη for
all η, but only for those (infinitely many) for which (1) actually holds. What D
does for the other values of η is irrelevant.
We will now show that D breaks the oracle indistinguishability of H, V. For
this, let L = {Lη }η∈N be a polynomial size family of subsets of Str. We have to
show that for infinitely many values of η, there are x, y ∈ Str \ Lη such that D
meaningfully distinguishes between H(1η , x) and H(1η , y).
Once again, take one of the infinitely many values of η for which (1) holds.
Continuing from (2), a short computation (see the full version of this paper

 
[GR06]) gives


1 1 τ̄ τ̄
≤ + P[Dηη (H(1η , α)) = 1] − P[Dηη (H(1η , β)) = 1]
p(η) 2p(η) τ̄η
α∈[[m̃]]η \Lη
β∈[[ns

]]τ̄η \Lη
η
· P[[[m̃]]τ̄ηη = α] · P[[[ns ]]τ̄ηη = β] . (3)
 Sound Computational Interpretation of Symbolic Hashes 45

Now suppose that for all α ∈ [[m̃]]ητ̄η \ Lη and all β ∈ [[ns ]]ητ̄η \ Lη we have
1
P[Dητ̄η (H(1η , α)) = 1] − P[Dητ̄η (H(1η , β)) = 1] < .
2p(η)
Then, continuing from (3), we get a contradiction:
1 1 1
< + · P[[[m̃]]ητ̄η = α] · P[[[ns ]]τ̄ηη = β]
p(η) 2p(η) τ̄η
2p(η)
α∈[[m̃]]η \Lη
β∈[[ns

]]τ̄η \Lη
η

1 1
= + P[[[m̃]]τ̄ηη = α] · P[[[ns ]]τ̄ηη = β]
2p(η) 2p(η) τ̄η
α∈[[m̃]]η \Lη
β∈[[ns

]]τ̄η \Lη
η

1 1
≤ + .
2p(η) 2p(η)
Therefore, there must be an x ∈ [[m̃]]ητ̄η \ Lη and a y ∈ [[ns ]]ητ̄η \ Lη such that
1
≤ P[Dητ̄η (H(1η , x)) = 1] − P[Dητ̄η (H(1η , y)) = 1].
2p(η)
Hence D breaks oracle indistinguishability, contradicting the assumption on
H, V. 


Theorem 5.3 (Abadi-Rogaway) Let m be an acyclic message. Suppose that

for every sub-message hr(m̃) of m, m̃ ∈ m.Then [[m]] ≡ [[encpat(m)]].
Proof. The proof follows just like in Abadi-Rogaway [AR02]. Interpreting hashes
here is straightforward because their argument is always known, by assumption.
We refer the reader to the original paper for a full proof. 


Theorem 5.4 (Soundness) Let m and m be acyclic messages. Then m ∼ =

m =⇒ [[m]] ≡ [[m ]].
Proof. The assumption that m ∼ = m means that there is a permutation σ of
Key ∪ Nonce ∪ Box such that pattern(m) = pattern(m )σ. Therefore we get
[[pattern(m)]] ≡ [[pattern(m )]]. By definition of pattern, [[encpat ◦ hashpat(m)]] ≡
[[encpat ◦ hashpat(m )]]. Now, by applying Theorem 5.3 two times, we obtain
[[hashpat(m)]] ≡ [[hashpat(m )]]. Finally, by repeatedly applying Theorem 5.2 on
both sides we get [[m]] ≡ [[m ]]. 


6 Conclusions and Future Work

We have proposed an interpretation for formal hashes that is computationally
sound. For the proof we considered non-uniform adversaries and the assumption
that the encryption scheme is type-0 secure and well-spread and that the hash
scheme is oracle indistinguishable and collision resistant. This paper considers
passive adversaries. It would be interesting to study whether this result can be
extended to active adversaries. Another interesting research direction would be
proving completeness for this extended logic.
46 F.D. Garcia and P. van Rossum

Acknowledgements. We are thankful to David Galindo for providing the ref-

erence to [Can97a] and insightful comments.

References
[AJ01] Martı́n Abadi and Jan Jürjens. Formal eavesdropping and its computa-
tional interpretation. In Naoki Kobayashi and Benjamin C. Pierce, ed-
itors, Proceedings of the Fourth International Symposium on Theoretical
Aspects of Computer Software (TACS’01), volume 2215 of Lecture Notes
in Computer Science, pages 82–94. Springer, 2001.
[AR02] Martı́n Abadi and Phillip Rogaway. Reconciling two views of cryptography
(the computational soundness of formal encryption). Journal of Cryptology,
15(2):103–127, 2002.
[BDJR97] Mihir Bellare, Anand Desai, Eron Jokipii, and Philip Rogaway. A concrete
security treatment of symmetric encryption. In 38th Annual Symposium on
Foundations of Computer Science (FOCS’97), pages 394–405. IEEE, 1997.
[BPW06] Michael Backes, Birgit Pfitzmann, and Michael Waidner. Limits of the re-
active simulatability/UC of Dolev-Yao models with hashes. Cryptology
ePrint Archive, Report 2006/014 (http://eprint.iacr.org/2006/068),
2006.
[BR93] Mihir Bellare and Phillip Rogaway. Random oracles are practical: A
paradigm for designing efficient protocols. In Proceedings of the 1st ACM
CCS, pages 62–73. ACM, 1993.
[Can97a] Ran Canetti. Towards realizing random oracles: Hash functions that hide
all partial information. In Burt Kaliski, editor, Advances in Cryptology,
17th Annual International Cryptology Conference (CRYPTO’97), volume
1294 of Lecture Notes in Computer Science, pages 455–469. Springer, 1997.
[Can97b] Ran Canetti. Towards realizing random oracles: Hash functions that
hide all partial information. Cryptology ePrint Archive, Report 1997/007
(http://eprint.iacr.org/1997/007), 1997.
[CMR98] Ran Canetti, Danielle Micciancio, and Omer Reingold. Perfectly one-way
probabilistic hash functions (preliminary version). In Proceedings of the
Thirtieth Annual ACM Symposium on Theory of Computing (STOC’98),
pages 131–140. ACM, 1998.
[DY83] Danny Dolev and Andrew C. Yao. On the security of public key protocols.
IEEE Transactions on Information Theory, 29(2):198–208, 1983.
[GB01] Shafi Goldwasser and Mihir Bellare. Lecture Notes on Cryptography. 2001.
http://www-cse.ucsd.edu/∼ mihir/papers/gb.html.
[Gol01] Oded Goldreich. Foundations of Cryptography, volume 1. Cambridge Uni-
versity Press, 2001.
[GR06] Flavio D. Garcia and Peter van Rossum. Sound computational inter-
pretation of formal hashes. Cryptology ePrint Archive, Report 2006/014
(http://eprint.iacr.org/2006/014), 2006.
[Her05] Jonathan Herzog. A computational interpretation of Dolev-Yao adver-
saries. Theoretical Computer Science, 340(1):57–81, 2005.
[MP05] Daniele Micciancio and Saurabh Panjwani. Adaptive security of symbolic
encryption. In Joe Kilian, editor, Theory of Cryptography: Second Theory
of Cryptography Conference (TCC’05), volume 3378 of Lecture Notes in
Computer Science, pages 169–187. Springer, February 2005.
 Sound Computational Interpretation of Symbolic Hashes 47

[MW04] Daniele Micciancio and Bogdan Warinschi. Completeness theorems of the

Abadi-Rogaway logic of encrypted expressions. Journal of Computer Se-
curity, 12(1):99–129, 2004.
[PW00] Birgit Pfitzmann and Michael Waidner. Composition and integrity preser-
vation of secure reactive systems. In Proceedings of the 7th ACM CCS,
pages 245–254, 2000.
[RS04] Phillip Rogaway and Thomas Shrimpton. Cryptographic hash-function
basics: Definitions, implications, and separations for preimage resistance,
second-preimage resistance, and collision resistance. In Bimal Roy and
Willi Meier, editors, Fast Software Encryption: 11th International Work-
shop (FSE’04), volume 3017 of Lecture Notes in Computer Science, pages
371–388. Springer, 2004.
Other documents randomly have
different content
 This identity of the subjective and objective, which is present in
the active understanding—while finite things and mental states are
respectively one separated from the other, because there the
understanding is only in potentiality—is the highest point which
speculation can reach: and in it Aristotle reverts to his metaphysical
principles (p. 147), where he termed self-thinking reason absolute
Thought, divine Understanding, or Mind in its absolute character. It
is only in appearance that thought is spoken of as on a level with
what is other than thought; this fashion of bringing what is different
into conjunction certainly appears in Aristotle. But what he says of
thought is explicitly and absolutely speculative, and is not on the
same level with anything else, such as sense-perception, which has
only potentiality for thought. This fact is moreover involved, that
reason is implicitly the true totality, but in that case thought is in
truth the activity which is independent and absolute existence; that
is, the thought of Thought, which is determined thus abstractly, but
which constitutes the nature of absolute mind explicitly. These are
the main points which are to be taken note of in Aristotle with
regard to his speculative ideas, which it is impossible for us,
however, to treat in greater detail.
We have now to pass on to what follows, which is a practical
philosophy, and in doing so we must first establish firmly the
conception of desire, which is really the turning round of thought
into its negative side, wherein it becomes practical. Aristotle (De
Anima, III. 7 and 6) says: “The object of knowledge and active
knowledge are one and the same; what is in potentiality is in the
individual prior in point of time, although not so in itself. For all that
comes into being originates from that which operates actively. The
object perceived by sense appears as that which causes the faculty
of perception in potentiality to become the faculty of perception in
actuality, for the latter is not receptive of influence, and does not
undergo change. On that account it has a different kind of
movement from the ordinary, for movement, as we have seen (p.
163) is the activity of an unaccomplished end (ἐνέργεια ἀτελοῦς);
pure activity (ἁπλῶς ἐνέργεια), on the contrary, is that of the
accomplished end (τοῦ τετελεσμένον).”—“The simple thoughts of
the soul are such that in regard to them there can be no falsity; but
that in which there is falsity or truth is a combination of thoughts as
constituting one conception; for example, ‘the diameter is
incommensurate.’ Or if by mistake white has been stated to be not
white, not-white has been brought into connection with it. All this
process may, however, just as well be termed separation. But that
which makes everything one is reason, which in the form of its
thinking thinks the undivided in undivided time and with the
undivided action of the soul.”—“Sense-perception resembles simple
assertion and thought, but pleasant or unpleasant sense-perception
has the relation of affirmation or negation,” therefore of the positive
and negative determination of thought. “And to perceive the
pleasant or unpleasant is to employ the activity” (spontaneity) “of
the middle state of sense-perception upon good or evil, in so far as
they are such. But desire and aversion are the same in energy; it is
only in manifestation that they are different. To the reasoning soul
pictorial conceptions take the place of sense-perceptions, and when
the mind affirms or denies something to be good or bad, it desires
or avoids its object. It has the relation both of unity and limit. The
understanding,” as that which determines opposites, “recognizes the
forms underlying pictorial conceptions; and in the same manner as
what is desirable in them and what is to be avoided have been
determined for it, so it also is determined independently of actual
sense-perceptions when it is in mental conceptions. And when, in
dealing with conception or thought, as if seeing them, it compares
the future with the present and passes judgment accordingly, and
determines what is pleasant or unpleasant in this respect; it desires
or seeks to avoid it, and in general it finds itself in practical
operation. But independently of action true and false are of the
same character as good or evil.”

b. Practical Philosophy.
 From this the conception of will, or the practical element is
shown to us, and it has to be reckoned as still belonging to the
Philosophy of Mind. Aristotle has treated it in several works which
we now possess.

α. Ethics.

We have three great ethical works: the Nicomachean Ethics

(Ἠθικὰ Νικομάχεια) in ten books, the Magna Moralia (Ἠθικὰ μεγάλα)
in two books, and the Eudemean Ethics (Ἠθικὰ Εὐδήμια) in seven
books; the last deals for the most part with particular virtues, while
in the first two general investigations on the principles are
contained. Just as the best that we even now possess in reference to
psychology is what we have obtained from Aristotle, so is it with his
reflections on the actual agent in volition, on freedom, and the
further determinations of imputation, intention, &c. We must simply
give ourselves the trouble to understand these, and to translate
them into our own form of speech, conception and thought; and this
is certainly difficult. Aristotle follows the same course here as in his
Physics, determining one after the other, in the most thorough and
accurate fashion, the many moments which appear in desire: the
purpose, the decision, voluntary or forced action, the act of
ignorance, guilt, moral responsibility, &c. I cannot enter upon this
somewhat psychological presentation of the subject.[102] I shall only
make the following remarks on the Aristotelian definitions.
Aristotle[103] defines the principle of morality or the highest
good, as happiness (εὐδαιμονία), which later on became a much
disputed expression. It is good generally, not as abstract idea, but in
such a way that the moment of realization is what actually answers
to it. Aristotle thus does not content himself with the Platonic idea of
the good, because it is only general; with him the question is taken
in its determinateness. Aristotle then says that the good is what has
its end in itself (τέλειον). If we tried to translate τέλειον by “perfect”
here, we should translate it badly; it is that which, as having its end
(τὸ τέλος) in itself, is not desired for the sake of anything else, but
for its own sake (supra, pp. 162, 201). Aristotle determines
happiness in this regard as the absolute end existing in and for itself,
and gives the following definition of it: It is “the energy of the life
that has its end in itself in accordance with absolute virtue (ζωῆς
τελείας ἐνέργεια κατ̓ ἀρετὴν).” He makes rational insight an essential
condition; all action arising from sensuous desires, or from lack of
freedom generally, indicates lack of insight; it is an irrational action,
or an action which does not proceed from thought as such. But the
absolute rational activity is alone knowledge, the action which in
itself satisfies itself, and this is hence divine happiness; with the
other virtues, on the contrary, only human happiness is obtained,
just as from a theoretic point of view feeling is finite as compared
with divine thought. Aristotle goes on to say much that is good and
beautiful about virtue and the good and happiness in general, and
states that happiness, as the good attainable by us, is not to be
found without virtue, &c.; in all of which there is no profound insight
from a speculative point of view.
In regard to the conception of virtue I should like to say
something more. From a practical point of view, Aristotle[104] first of
all distinguishes in soul a rational and an irrational side; in the latter
reason only exists potentially; under it come the feelings, passions
and affections. On the rational side understanding, wisdom,
discretion, knowledge, have their place; but they still do not
constitute virtue, which first subsists in the unity of the rational and
the irrational sides. When the inclinations are so related to virtue
that they carry out its dictates, this, according to Aristotle, is virtue.
When the perception is either bad or altogether lacking, but the
heart is good, goodwill may be there, but not virtue, because the
principle—that is reason—which is essential to virtue, is wanting.
Aristotle thus places virtue in knowledge, yet reason is not, as many
believe, the principle of virtue purely in itself, for it is rather the
rational impulse towards what is good; both desire and reason are
thus necessary moments in virtue. Hence it cannot be said of virtue
that it is misemployed, for it itself is the employer. Thus Aristotle, as
we have already seen (Vol. I. pp. 412-414), blames Socrates,
because he places virtue in perception alone. There must be an
irrational impulse towards what is good, but reason comes in
addition as that which judges and determines the impulse; yet when
a beginning from virtue has been made, it does not necessarily
follow that the passions are in accordance, since often enough they
are quite the reverse. Thus in virtue, because it has realization as its
aim, and pertains to the individual, reason is not the solitary
principle; for inclination is the force that impels, the particular, which
as far as the practical side of the individual subject is concerned, is
what makes for realization. But then the subject must, in this
separation of his activity, bring likewise his passions under the
subjection of the universal, and this unity, in which the rational is
pre-eminent, is virtue. This is the correct determination; on the one
hand this definition is opposed to these ideals of the utter subjection
of the passions, by which men are guided from their youth up, and,
on the other, it is opposed to the point of view that declares desires
to be good in themselves. Both these extreme views have been
frequent in modern times, just as sometimes we hear that the man
who by nature is beauteous and noble, is better than he who acts
from duty; and then it is said that duty must be performed as duty,
without taking into account the particular point of view as a moment
of the whole.
Aristotle then passes through the particular virtues at great
length. Because the virtues, considered as the union of the desiring
or realizing with the rational, have an illogical moment within them,
Aristotle places[105] their principle on the side of feeling in a mean,
so that virtue is the mean between two extremes; e.g. liberality is
the mean between avarice and prodigality; gentleness between
passion and passive endurance; bravery between rashness and
cowardice; friendship between egotism and self-effacement, &c. For
the good, and specially that good which has to do with the senses,
which would suffer if affected to an excessive degree (supra, p.
195), is therefore a mean, just because the sensuous is an
ingredient in it. This does not appear to be a sufficient definition,
and it is merely a quantitative determination, just because it is not
only the Notion that determines, but the empirical side is also
present. Virtue is not absolutely determined in itself, but likewise has
a material element, the nature of which is capable of a more or a
less. Thus if it has been objected to Aristotle’s definition of virtue as
a difference in degree, that it is unsatisfactory and vague, we may
say that this really is involved in the nature of the thing. Virtue, and
determinate virtue in its entirety, enters into a sphere where that
which is quantitative has a place; thought here is no more as such at
home with itself, and the quantitative limit undetermined. The nature
of particular virtues is of such a kind, that they are capable of no
more exact determination; they can only be spoken of in general,
and for them there is no further determination than just this
indefinite one.[106] But in our way of looking at things, duty is
something absolutely existent in itself, and not a mean between
existent extremes through which it is determined; but this universal
likewise results in being empty, or rather undetermined, while that
determinate content is a moment of being that immediately involves
us in conflicting duties. It is in practice that man seeks a necessity in
man as individual, and endeavours to express it; but it is either
formal, or as in particular virtues, a definite content, which, in so
being, falls a prey to empiricism.

β. Politics.

We have still to speak of Aristotle’s Politics; he was conscious

more or less that the positive substance, the necessary organization
and realization of practical spirit, is the state, which is actualized
through subjective activity, so that this last finds in it its
determination and end. Aristotle hence also looks on political
philosophy as the sum total of practical philosophy, the end of the
state as general happiness. “All science and all capacity (δύναμις),”
he says (Magn. Mor. I. 1), “have an end, and this is the good: the
more excellent they are, the more excellent is their end; but the
most excellent capacity is the political, and hence its end is also the
good.” Of Ethics Aristotle recognizes that it indubitably also applies
to the individual, though its perfection is attained in the nation as a
whole. “Even if the highest good is the same for an individual and
for a whole state, it would yet surely be greater and more glorious to
win and maintain it for a state; to do this for an individual were
meritorious, but to do it for a nation and for whole states were more
noble and godlike still. Such is the object of practical science, and
this pertains in a measure to politics.”[107]
Aristotle indeed appreciates so highly the state, that he starts at
once (Polit. I. 2) by defining man as “a political animal, having
reason. Hence he alone has a knowledge of good and evil, of justice
and injustice, and not the beast,” for the beast does not think, and
yet in modern times men rest the distinction which exists in these
determinations on sensation, which beasts have equally with men.
There is also the sense of good and evil, &c., and Aristotle knows
this aspect as well (supra, p. 202); but that through which it is not
animal sensation merely, is thought. Hence rational perception is
also to Aristotle the essential condition of virtue, and thus the
harmony between the sensational point of view and that of reason is
an essential moment in his eudæmonism. After Aristotle so
determines man, he says: “The common intercourse of these, forms
the family and the state; in the understanding, however, that the
state, in the order of nature” (i.e. in its Notion, in regard to reason
and truth, not to time) “is prior to the family” (the natural relation,
not the rational) “and to the individual among us.” Aristotle does not
place the individual and his rights first, but recognizes the state as
what in its essence is higher than the individual and the family, for
the very reason that it constitutes their substantiality. “For the whole
must be prior to its parts. If, for example, you take away the whole
body, there is not a foot or hand remaining, excepting in name, and
as if anyone should call a hand of stone a hand; for a hand
destroyed is like a hand of stone.” If the man is dead, all the parts
perish. “For everything is defined according to its energy and
inherent powers, so that when these no longer remain such as they
were, it cannot be said that anything is the same excepting in name.
The state is likewise the essence of the individuals; the individual
when separate from the whole, is just as little complete in himself as
any other organic part separated from the whole.” This is directly
antagonistic to the modern principle in which the particular will of
the individual, as absolute, is made the starting-point; so that all
men by giving their votes, decide what is to be the law, and thereby
a commonweal is brought into existence. But with Aristotle, as with
Plato, the state is the prius, the substantial, the chief, for its end is
the highest in respect of the practical. “But whoever was incapable
of this society, or so complete in himself as not to want it, would be
either a beast or a god.”
From these few remarks it is clear that Aristotle could not have
had any thought of a so-called natural right (if a natural right be
wanted), that is, the idea of the abstract man outside of any actual
relation to others. For the rest, his Politics contain points of view
even now full of instruction for us, respecting the inward elements of
a state,[108] and a description of the various constitutions;[109] the
latter, however, has no longer the same interest, on account of the
different principle at the base of ancient and modern states. No land
was so rich as Greece, alike in the number of its constitutions, and in
the frequent changes from one to another of these in a single state;
but the Greeks were still unacquainted with the abstract right of our
modern states, that isolates the individual, allows of his acting as
such, and yet, as an invisible spirit, holds all its parts together. This
is done in such a way, however, that in no one is there properly
speaking either the consciousness of, or the activity for the whole;
but because the individual is really held to be a person, and all his
concern is the protection of his individuality, he works for the whole
without knowing how. It is a divided activity in which each has only
his part, just as in a factory no one makes a whole, but only a part,
and does not possess skill in other departments, because only a few
are employed in fitting the different parts together. It is free nations
alone that have the consciousness of and activity for the whole; in
modern times the individual is only free for himself as such, and
enjoys citizen freedom alone—in the sense of that of a bourgeois
and not of a citoyen. We do not possess two separate words to mark
this distinction. The freedom of citizens in this signification is the
dispensing with universality, the principle of isolation; but it is a
necessary moment unknown to ancient states. It is the perfect
independence of the points, and therefore the greater independence
of the whole, which constitutes the higher organic life. After the
state received this principle into itself, the higher freedom could
come forth. These other states are sports and products of nature
which depend upon chance and upon the caprice of the individual,
but now, for the first time, the inward subsistence and indestructible
universality, which is real and consolidated in its parts, is rendered
possible.
Aristotle for the rest has not tried like Plato to describe such a
state, but in respect of the constitution he merely points out that the
best must rule. But this always takes place, let men do as they will,
and hence he has not so very much to do with determining the
forms of the constitution. By way of proving that the best must rule,
Aristotle says this: “The best would suffer injustice if rated on an
equality with the others inferior to them in virtue and political
abilities, for a notable man is like a god amongst men.” Here
Alexander is no doubt in Aristotle’s mind, as one who must rule as
though he were a god, and over whom no one, and not even law,
could maintain its supremacy. “For him there is no law, for he
himself is law. Such a man could perhaps be turned out of the state,
but not subjected to control any more than Jupiter. Nothing remains
but, what is natural to all, quietly to submit to such an one, and to
let men like this be absolutely and perpetually (ἀΐδιοι) kings in the
states”[110] The Greek Democracy had then entirely fallen into
decay, so that Aristotle could no longer ascribe to it any merit.

4. The Logic.
On the other side of the Philosophy of Mind, we have still
Aristotle’s science of abstract thought, a Logic, to consider. For
hundreds and thousands of years it was just as much honoured as it
is despised now. Aristotle has been regarded as the originator of
Logic: his logical works are the source of, and authority for the
logical treatises of all times; which last were, in great measure, only
special developments or deductions, and must have been dull,
insipid, imperfect, and purely formal. And even in quite recent times,
Kant has said that since the age of Aristotle, logic—like pure
geometry since Euclid’s day—has been a complete and perfect
science which has kept its place even down to the present day,
without attaining to any further scientific improvements or alteration.
Although logic is here mentioned for the first time, and in the whole
of the history of Philosophy that is to come no other can be
mentioned (for no other has existed, unless we count the negation
of Scepticism), we cannot here speak more precisely of its content,
but merely find room for its general characterization. The forms he
gives to us come from Aristotle both in reference to the Notion and
to the judgment and conclusion. As in natural history, animals, such
as the unicorn, mammoth, beetle, mollusc, &c., are considered, and
their nature described, so Aristotle is, so to speak, the describer of
the nature of these spiritual forms of thought; but in this inference
of the one from the other, Aristotle has only presented thought as
defined in its finite application and aspect, and his logic is thus a
natural history of finite thought. Because it is a knowledge and
consciousness of the abstract activity of pure understanding, it is not
a knowledge of this and that concrete fact, being pure form. This
knowledge is in fact marvellous, and even more marvellous is the
manner in which it is constituted: this logic is hence a work which
does the greatest honour to the deep thought of its discoverer and
to the power of his abstraction. For the greatest cohesive power in
thought is found in separating it from what is material and thus
securing it; and the strength shows itself almost more, if thus
secured when it, amalgamated with matter, turns about in manifold
ways and is seen to be capable of numberless alterations and
applications. Aristotle also considers, in fact, not only the movement
of thought, but likewise of thought in ordinary conception. The Logic
of Aristotle is contained in five books, which are collected together
under the name Ὀργανον.
 a. The Categories (κατηγορίαι), of which the first work treats, are
the universal determinations, that which is predicated of existent
things (κατηγορεῖται): as well that which we call conceptions of the
understanding, as the simple realities of things. This may be called
an ontology, as pertaining to metaphysics; hence these
determinations also appear in Aristotle’s Metaphysics. Aristotle
(Categor. I.) now says: “Things are termed homonyms (ὁμώνυμα) of
which the name alone is common, but which have a different
substantial definition (λόγος τῆς οὐσίας); thus a horse and the
picture of a horse are both called an animal.”
Thus the Notion (λόγος) is opposed to the homonym; and since
Aristotle deduces herefrom τὰ λεγόμενα, of which the second
chapter treats, it is clear that this last expression indicates more
than mere predication, and is here to be taken as determinate
Notions. “Determinate conceptions are either enunciated after a
complex (κατὰ συμπλοκήν) or after an incomplex manner (ἄνευ
συμπλοκῆς); the first as ‘a man conquers,’ ‘the ox runs,’ and the
other as ‘man,’ ‘ox,’ ‘to conquer,’ ‘to run.’” In the first rank of this
division Aristotle places τὰ ὄντα, which are undoubtedly purely
subjective relations of such as exist per se, so that the relation is not
in them but external to them. Now although τὰ λεγόμενα and τὰ
ὄντα are again distinguished from one another, Aristotle yet again
employs both λέγεται, and ἐστί of the ὄντα, so that λέγεται is
predicated of a species, in relation to its particular; ἐστί is, on the
contrary, employed of a universal, which is not Idea but only simple.
For Aristotle says, “There are predicates (ὄντα) which can be
assigned to a certain subject (καθ̓ ὑποκειμένον), yet are in no
subject, as ‘man’ is predicated of ‘some certain man,’ and yet he is
no particular man. Others are in a subject (ἐν ὑποκειμένῳ ἐστί) yet
are not predicated of any subject (I mean by a thing being in a
subject, that it is in any thing not as a part, but as unable to subsist
without that in which it is), as ‘a grammatical art’ (τὶς γραμματική) is
in a subject, ‘the soul,’ but cannot be predicated of any,’ or related as
genus to a subject. Some are predicated of a subject (λέγεται) and
are in it; science is in the soul and is predicated of the grammatical
art. Some again are neither in, nor are predicated of any subject, as
‘a certain man,’ the individual, the one in number; but some of them
can be in a subject like ‘a certain grammatical art.’” Instead of
subject we should do better to speak of substratum, for it is that to
which the Notion necessarily relates, i.e. that which is neglected in
abstraction, and thus the individual opposed to the Notion. We can
see that Aristotle has the difference of the genus or universal and
the individual present to his mind.
The first thing which Aristotle has indicated in the foregoing is
thus the genus, which is predicated of a man, but which is not in
him, at least not as a particular quality; the brave man, for example,
is an actual, but expressed as a universal conception. In formal logic
and its conceptions and definitions there is always present
opposition to an actual; and the logical actual is in itself something
thought, bravery thus being, for example, a pure form of
abstraction. This logic of the understanding seeks, however, in its
three stages to imitate the categories of the absolute. The
conception or definition is a logical actual, and thus in itself merely
something thought, i.e. possible. In the judgment this logic calls a
conception A the actual subject and connects with it another actual
as the conception B; B is said to be the conception and A to be
dependent on it—but B is only the more general conception. In the
syllogism necessity is said to be simulated: even in a judgment there
is a synthesis of a conception and something whose existence is
assumed; in the syllogism it should bear the form of necessity,
because both the opposites are set forth in a third as through the
medius terminus of reason, e.g. as was the case with the mean of
virtue (supra, p. 206). The major term expresses logical being and
the minor term logical potentiality, for Caius is a mere potentiality for
logic; the conclusion unites both. But it is to reason that life first
unfolds itself, for it is true reality. What comes second in Aristotle is
the universal, which is not the genus, i.e. it is not in itself the unity
of universal and particular—nor is it absolute individuality and hence
infinitude. This is the moment or predicate in a subject certainly, but
it is not absolutely in and for itself. This relation is now expressed
through οὐ λέγεται; for ὅ λέγεται is that which, as universal in itself,
is likewise infinite. The third is the particular which is predicated:
just as science in itself is infinite and thus the genus, e.g. of the
grammatical art; but at the same time as universal, or as not
individual, it is the moment of a subject. The fourth indicated by
Aristotle is what is called immediate conception—the individual. The
reservation that something such as a definite grammatical art is also
in a subject, has no place here, for the definite grammatical art is
not really in itself individual.
Aristotle, himself,[111] makes the following remarks on this
matter: “When one thing is predicated (κατηγορεῖται) of another, as
of a subject, whatever things are said (λέγεται) of the predicate,” i.e.
what is related to it as a universal, “may be also said of the subject.”
This is the ordinary conclusion; from this we see, since this matter is
so speedily despatched, that the real conclusion has with Aristotle a
much greater significance. “The different genera not arranged under
one another (μὴ ὑπ̓ ἄλλμλα τεταγμένα), such as ‘animal’ and
‘science,’ differ in their species (διαφοράς). For instance, animals are
divided into beasts, bird, fishes—but science has no such distinction.
In subordinate genera, however, there may be the same distinctions;
for the superior genera are predicated of the inferior, so that as
many distinctions as there are of the predicate, so many will there
be of the subject.”
After Aristotle had thus far spoken of what is enunciated
respecting that which is connected, or the complex, he now comes
to “that which is predicated without any connection,” or the
incomplex; for as we saw (p. 212) this was the division which he laid
down in the second chapter. That which is predicated without any
connection he treats of more fully as the categories proper, in what
follows; yet the work in which these categories are laid down is not
to be regarded as complete. Aristotle[112] takes ten of them; “Each
conception enunciated signifies either Substance (οὐσίαν), or Quality
(ποιόν), or Quantity (ποσόν),” matter, “or Relation (πρός τι), or
Where (ποῦ), or When (ποτέ), or Position (κεῖσθαι), or Possession
(ἕχειν), or Action (ποιεῖν), or Passion (πάσχειν). None of these is
considered by itself an affirmation (κατάφασις) or a negation
(κατάφασις), i.e. none is either true or false.” Aristotle adds to these
predicables five post predicaments, but he only ranges them all side
by side.[113] The categories of relation are the syntheses of quality
and quantity, and consequently they belonged to reason; but in as
far as they are posited as mere relation, they belong to the
understanding and are forms of finitude. Being, essence, takes the
first place in them; next to it is possibility, as accident or what is
caused; the two are, however, separated. In substance A is Being, B,
potentiality; in the relation of causality A and B are Being, but A is
posited in B as being posited in a postulation of A. A of substance is
logical Being; it is its essence opposed to its existence, and this
existence is in logic mere potentiality. In the category of causality
the Being of A in B is a mere Being of reflection; B is for itself
another. But in reason A is the Being of B as well as of A, and A is
the whole Being of A as well as of B.
Aristotle[114] goes on to speak of Substance; first Substance, “in
its strictest (κυριώτατα), first and chief sense” is to him the
individual, the fourth class of the divisions enunciated above (pp.
212-214). “Secondary substances are those in which as species
(εἴδεσι) these first are contained, that is to say, both these and the
genera of these species. Of the subject both name and definition
(λόγος) of all things predicated of a subject (τῶν καθ̓ ὑποκειμένον
λεγομένον)—of secondary substances—are predicated; for example
of the particular man, as subject, both the name and the definition
of ‘man’ (living being) are also predicated. But of things which are in
a subject (ἐν ὑποκειμένῳ ὄντος) it is impossible to predicate the
definition of the” subordinate “subjects, yet with some we predicate
the name: the definition of ‘whiteness’ thus is not of the body in
which it is, but only the name. All other things however,” besides
Definition (λόγος) and “in most cases name, are related to primary
substances as subjects” (the individual), “or are inherent in them.
Thus without the primary substances none of the rest could exist,
for they are the basis (ὑποκεῖσθαι) of all else. Of secondary
substances, species is more substance than genus; for it is nearer to
the primary substance, and genus is predicated of the species and
not the other way.” For species is here the subject, or what does not
always require to be something really determined as individual, but
which also signifies that which is generally speaking subordinate.
“But the species are not more substance one than another, just as in
primary substances one is not more substance than the other.
Species and genera are likewise, before the rest” (qualities or
accidents) “to be called secondary substances: the definition ‘man’
before the fact that he is ‘white’ or ‘runs.’” Abstraction has thus two
kinds of objects; ‘man’ and ‘learned’ are both qualities of a certain
individual; but the former only abstracts from the individuality and
leaves the totality, and is thus the elevation of the individual into the
rational, where nothing is lost but the opposition of reflection. “What
is true of substances is also true of differences; for as synonyms
(συνώνυμα) they have both name and definition in common.”
b. The second treatise is on Interpretation (περὶ ἑρμηνείας); it is
the doctrine of judgments and propositions. Propositions exist where
affirmation and negation, falsehood and truth are enunciated;[115]
they do not relate to pure thought when reason itself thinks; they
are not universal but individual.
c. The Analytics come third, and there are two parts of them, the
Prior and the Posterior; they deal most fully with proof (ἀπόδειξις)
and the syllogisms of the understanding. “The syllogism is a reason
(λόγος) in which if one thing is maintained, another than what was
maintained follows of necessity.”[116] Aristotle’s logic has treated the
general theory of conclusions in the main very accurately, but they
do not by any means constitute the universal form of truth; in his
metaphysics, physics, psychology, &c., Aristotle has not formed
conclusions, but thought the Notion in and for itself.
d. The Topics (τοπικά) which treat of ‘places’ (τόποι) come
fourth; in them the points of view from which anything can be
considered are enumerated. Cicero and Giordano Bruno worked this
out more fully. Aristotle gives a large number of general points of
view which can be taken of an object, a proposition or a problem;
each problem can be directly reduced to these different points of
view, that must everywhere appear. Thus these ‘places’ are, so to
speak, a system of many aspects under which an object can be
regarded in investigating it; this constitutes a work which seems
specially suitable and requisite for the training of orators and for
ordinary conversation, because the knowledge of points of view at
once places in our hands the possibility of arriving at the various
aspects of a subject, and embracing its whole extent in accordance
with these points of view (Vol. I. p. 358). This, according to Aristotle,
is the function of Dialectic, which he calls an instrument for finding
propositions and conclusions out of probabilities.[117] Such ‘places’
are either of a general kind, such as difference, similarity, opposition,
relation, and comparison,[118] or special in nature, such as ‘places’
which prove that something is better or more to be desired, since in
it we have the longer duration of time, that which the one wise man
or several would choose, the genus as against the species, that
which is desirable for itself; also because it is present with the more
honourable, because it is end, what approximates to end, the more
beautiful and praiseworthy, &c.[119] Aristotle (Topic VIII. 2) says that
we must make use of the syllogism by preference, with the
dialectician, but of induction with the multitude. In the same way
Aristotle separates[120] the dialectic and demonstrative syllogisms
from the rhetorical and every kind of persuasion, but he counts
induction as belonging to what is rhetorical.
e. The fifth treatise, finally, deals with the Sophistical Elenchi
(σοφιστικοὶ ἔλεγχοι), or ‘On Refutations,’ as in the unconscious
escape of thought in its categories to the material side of popular
conception, it arrives at constant contradiction with itself. The
sophistical elenchi betray the unconscious ordinary idea into these
contradictions, and make it conscious of them, in order to entrap
and puzzle it; they were mentioned by us in connection with Zeno,
and the Sophists sought them out, but it was the Megarics who were
specially strong in them. Aristotle goes through a number of such
contradictions by the way of solving them; in so doing he proceeds
quietly and carefully, and spares no pains, though they might have
been made more dramatic. We have before (Vol. I. pp. 456-459)
found specimens of these in treating of the Megarics, and we have
seen how Aristotle solves such contradictions through distinction and
determination.
Of these five parts of the Aristotelian Organon, what is produced
in our ordinary systems of logic is, as a matter of fact, of the
slightest and most trivial description, consisting as it does mainly of
what is contained in the introduction of Porphyry. More particularly in
the first parts, in the Interpretation and in the Analytics, this
Aristotelian logic contains these representations of universal forms of
thought, such as are now dealt with in ordinary logic, and really
form the basis of what in modern times is known as logic. Aristotle
has rendered a never-ending service in having recognized and
determined the forms which thought assumes within us. For what
interests us is the concrete thought immersed as it is in externalities;
these forms constitute a net of eternal activity sunk within it, and
the operation of setting in their places those fine threads which are
drawn throughout everything, is a masterpiece of empiricism, and
this knowledge is absolutely valuable. Even contemplation, or a
knowledge of the numerous forms and modes assumed by this
activity, is interesting and important enough. For however dry and
contentless the enumeration of the different kinds of judgments and
conclusions, and their numerous limitations may appear to us to be,
and though they may not seem to serve their purpose of discovering
the truth, at least no other science in opposition to this one can be
elevated into its place. For instance, if it is held to be a worthy
endeavour to gain a knowledge of the infinite number of animals,
such as one hundred and sixty-seven kinds of cuckoo, in which one
may have the tuft on his head differently shaped from another, or to
make acquaintance with some miserable new species of a miserable
kind of moss which is no better than a scab, or with an insect,
vermin, bug, &c., in some learned work on entomology, it is much
more important to be acquainted with the manifold kinds of
movement present in thought, than to know about such creatures.
The best of what is stated respecting the forms of judgment,
conclusion, &c., in ordinary logic, is taken from the works of
Aristotle; as far as details are concerned, much has been spun out
and added to it, but the truth is to be found with Aristotle.
As regards the real philosophic nature of the Aristotelian logic, it
has received in our text-books a position and significance as though
it gave expression only to the activity of the understanding as
consciousness; hence it is said to direct us how to think correctly.
Thus it appears as though the movement of thought were something
independent, unaffected by the object of thought; in other words, as
if it contained the so-called laws of thought of our understanding,
through which we attain to perception, but through a medium which
was not the movement of things themselves. The result must
certainly be truth, so that things are constituted as we bring them
forth according to the laws of thought; but the manner of this
knowledge has merely a subjective significance, and the judgment
and conclusion are not a judgment and conclusion of things
themselves. Now if, according to this point of view, thought is
considered on its own account, it does not make its appearance
implicitly as knowledge, nor is it without content in and for itself; for
it is a formal activity which certainly is exercised, but whose content
is one given to it. Thought in this sense becomes something
subjective; these judgments and conclusions are in and for
themselves quite true, or rather correct—this no one ever doubted;
but because content is lacking to them, these judgments and
conclusions do not suffice for the knowledge of the truth. Thus by
logicians they are held to be forms whose content is something
entirely different, because they have not even the form of the
content; and the meaning which is given to them—namely that they
are forms—is found fault with. The worst thing said of them,
however, is that their only error is their being formal; both the laws
of thought as such, and also its determinations, the categories, are
either determinations of the judgment only, or merely subjective
forms of the understanding, while the thing-in-itself is very different.
But in that point of view and in the blame awarded the truth itself is
missed, for untruth is the form of opposition between subject and
object, and the lack of unity in them; in this case the question is not
put at all as to whether anything is absolutely true or not. These
determinations have certainly no empirical content, but thought and
its movement is itself the content—and, indeed, as interesting a
content as any other that can be given; consequently this science of
thought is on its own account a true science. But here again we
come across the drawback pertaining to the whole Aristotelian
manner, as also to all succeeding logic—and that indeed in the
highest degree—that in thought and in the movement of thought as
such, the individual moments fall asunder; there are a number of
kinds of judgment and conclusion, each of which is held to be
independent, and is supposed to have absolute truth as such. Thus
they are simply content, for they then have an indifferent,
undistinguished existence, such as we see in the famous laws of
contradiction, conclusions, &c. In this isolation they have, however,
no truth; for their totality alone is the truth of thought, because this
totality is at once subjective and objective. Thus they are only the
material of truth, the formless content; their deficiency is hence not
that they are only forms but rather that form is lacking to them, and
that they are in too great a degree content. Thus as many individual
qualities of a thing are not anything, such as red, hard, &c., if taken
by themselves, but only in their unity constitute a real thing, so it is
with the unity of the forms of judgment and conclusion, which
individually have as little truth as such a quality, or as a rhythm or
melody. The form of a conclusion, as also its content, may be quite
correct, and yet the conclusion arrived at may be untrue, because
this form as such has no truth of its own; but from this point of view
these forms have never been considered, and the scorn of logic rests
simply on the false assumption that there is a lack of content. Now
this content is none other than the speculative Idea. Conceptions of
the understanding or of reason constitute the essence of things, not
certainly for that point of view, but in truth; and thus also for
Aristotle the conceptions of the understanding, namely the
categories, constitute the essential realities of Being. If they are thus
in and for themselves true, they themselves are their own, and thus
the highest content. But in ordinary logic this is not the case, and
even as these are represented in the Aristotelian works they are only
universal thought-determinations, between which the abstract
understanding makes distinctions. This, however, is not the logic of
speculative thought, i.e. of reason as distinguished from
understanding; for there the identity of the understanding which
allows nothing to contradict itself is fundamental. However little this
logic of the finite may be speculative in nature, yet we must make
ourselves acquainted with it, for it is everywhere discovered in finite
relationships. There are many sciences, subjects of knowledge, &c.,
that know and apply no other forms of thought than these forms of
finite thought, which constitute in fact the general method of dealing
with the finite sciences. Mathematics, for instance, is a constant
series of syllogisms; jurisprudence is the bringing of the particular
under the general, the uniting together of both these sides. Within
these relationships of finite determinations the syllogism has now,
indeed, on account of its terms being three in number, been called
the totality of these determinations, and hence by Kant (Kritik der
reinen Vernunft, p. 261) also the rational conclusion; but this
syllogism addressed to the intelligence as it appears in the ordinary
logical form, is only the intelligible form of rationality, and, as we
saw above (p. 76), is very different from the rational syllogism
proper. Aristotle is thus the originator of the logic of the
understanding; its forms only concern the relationship of finite to
finite, and in them the truth cannot be grasped. But it must be
remarked that Aristotle’s philosophy is not by any means founded on
this relationship of the understanding; thus it must not be thought
that it is in accordance with these syllogisms that Aristotle has
thought. If Aristotle did so, he would not be the speculative
philosopher that we have recognized him to be; none of his
propositions could have been laid down, and he could not have
made any step forward, if he had kept to the forms of this ordinary
logic.
Like the whole of Aristotle’s philosophy, his logic really requires
recasting, so that all his determinations should be brought into a
necessary systematic whole—not a systematic whole which is
correctly divided into its parts, and in which no part is forgotten, all
being set forth in their proper order, but one in which there is one
living organic whole, in which each part is held to be a part, and the
whole alone as such is true. Aristotle, in the Politics, for instance
(supra, pp. 207-208), often gives expression to this truth. For this
reason the individual logical form has in itself no truth, not because
it is the form of thought, but because it is determinate thought,
individual form, and to be esteemed as such. But as system and
absolute form ruling this content, thought has its content as a
distinction in itself, being speculative philosophy in which subject and
object are immediately identical, and the Notion and the universal
are the realities of things. Just as duty certainly expresses the
absolute, but, as determinate, a determinate absolute which is only
a moment and must be able again to abrogate its determination, the
logical form which abrogates itself as this determinate in this very
way gives up its claim to be in and for itself. But in this case logic is
the science of reason, speculative philosophy of the pure Idea of
absolute existence, which is not entangled in the opposition of
subject and object, but remains an opposition in thought itself. Yet
we certainly may allow that much in logic is an indifferent form.
At this point we would leave off as far as the Aristotelian
philosophy is concerned, and from this it is difficult to break away.
For the further we go into its details, the more interesting it
becomes, and the more do we find the connection which exists
among the subjects. The fulness with which I have set forth the
principal content of the Aristotelian philosophy is justified both by
the importance of the matter itself, because it offers to us a content
of its own, and also by the circumstances already mentioned (p.
118), that against no philosophy have modern times sinned so much
as against this, and none of the ancient philosophers have so much
need of being defended as Aristotle.
One of the immediate followers of Aristotle was Theophrastus,
born Ol 102, 2 (371 B.C.); though a man of distinction, he can still
only be esteemed a commentator on Aristotle. For Aristotle is so rich
a treasure-house of philosophic conceptions, that much material is
found in him which is ready for further working upon, which may be
Welcome to Our Bookstore - The Ultimate Destination for Book Lovers
Are you passionate about books and eager to explore new worlds of
knowledge? At our website, we offer a vast collection of books that
cater to every interest and age group. From classic literature to
specialized publications, self-help books, and children’s stories, we
have it all! Each book is a gateway to new adventures, helping you
expand your knowledge and nourish your soul
Experience Convenient and Enjoyable Book Shopping Our website is more
than just an online bookstore—it’s a bridge connecting readers to the
timeless values of culture and wisdom. With a sleek and user-friendly
interface and a smart search system, you can find your favorite books
quickly and easily. Enjoy special promotions, fast home delivery, and
a seamless shopping experience that saves you time and enhances your
love for reading.
Let us accompany you on the journey of exploring knowledge and
personal growth!

ebookball.com