better random numbers

Andrew Haley aph-open at littlepinkcloud.com
Sun Sep 5 14:43:42 UTC 2021


On 9/3/21 12:35 AM, John Rose wrote:

> The reference I’d like to give here is to Dr. Melissa O’Neill’s
> website and articles:

I'm quite sceptical. Anyone who says a (non-cryptographic) random-
number generator is "hard to predict" is either quite naive or in a
state of sin, (;-) and while O’Neill’s argument seems sound, it
doesn't seem to have convinced the academic world.

Lemire is thoughtful:
https://lemire.me/blog/2017/08/15/on-melissa-oneills-pcg-random-number-generator/

I wonder about AES, which can do (on Apple M1) 2 parallel rounds per
clock cycle. I'm quite tempted to try a reduced- round AES on the
TestU01 statistical tests. Maybe 6 rounds? However, there can be a
long latency between FPU and integer CPU, so perhaps it's not such a
great idea. Also, you have to load the key registers before you can
generate a random number, so it only really works if you want to
generate a lot of bits at a time. But it is maybe 128 randomish bits
per a few clock cycles.

-- 
Andrew Haley  (he/him)
Java Platform Lead Engineer
Red Hat UK Ltd. <https://www.redhat.com>
https://keybase.io/andrewhaley
EAC8 43EB D3EF DB98 CC77 2FAD A5CD 6035 332F A671



More information about the core-libs-dev mailing list