Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New rand algorithm: Xoroshiro928** also for crypto #1857



Copy link

RaimoNiskanen commented Jun 29, 2018

This pull request implements a new algorithm for the rand module and is also used as a long period counter for an algorithm in the crypto module.

This adds a fast and really long period PRNG with good statistical quality to the rand module, and one with impeccable statistical properties to the crypto module.

The base algorithm is Xoroshiro928 which is a PRNG with a period of 2^928 - 1. It is derived from Xoroshiro1024 that has 16 words of 64 bit as internal state and instead uses 58 bit words for speed reasons in the Erlang VM. It has a jump function corresponding to 2^512 invocations enabling 2^416 different sequences with the jump length for massively parallel applications.

The new rand algorithm is exro928ss (Xoroshiro928**) that is uses the new StarStar scrambler from the 2018 paper Scrambled Linear Pseudorandom Number Generators. It runs only about 30-50% slower than the default algorithm exrop (Xoroshiro116+) but has a larger state space (78 heap words compared to 47, with 38 dynamic (garbage per iteration) compared to 5).

The new crypto algorithm is crypto_aes that uses Xoroshiro928 as a counter with period 2^928, scrambles 116 bits of the counter value with AES encryption (128-bit) and takes 58 of the encrypted bits as output. This should produce a random number sequence with absolutely no detectable statistical artifacts. Note that this is not a cryptographically strong PRNG since it is repeatable, which is a feature. It has got the same jump function as its base algorithm. The encryption is done in batches and the result is cached for speed reasons. It runs about half the speed (twice the run time, amortized) of the default algorithm 'exrop', and has a much larger state space thanks to the caching.

@RaimoNiskanen RaimoNiskanen self-assigned this Jun 29, 2018
@RaimoNiskanen RaimoNiskanen force-pushed the RaimoNiskanen:raimo/rand-crypto-xoroshiro928 branch from b5d51e5 to af42f57 Jun 29, 2018
@IngelaAndin IngelaAndin added the team:PS label Jul 2, 2018
@RaimoNiskanen RaimoNiskanen force-pushed the RaimoNiskanen:raimo/rand-crypto-xoroshiro928 branch 2 times, most recently from 5b1fce9 to 9dfe9cb Jul 4, 2018
@RaimoNiskanen RaimoNiskanen force-pushed the RaimoNiskanen:raimo/rand-crypto-xoroshiro928 branch from 9dfe9cb to 0f79e3f Sep 14, 2018

This comment has been minimized.

Copy link
Contributor Author

RaimoNiskanen commented Sep 14, 2018

Rebased to fresh master to resolve merge conflicts

@RaimoNiskanen RaimoNiskanen merged commit b2c338c into erlang:master Sep 18, 2018
2 checks passed
2 checks passed
continuous-integration/travis-ci/pr The Travis CI build passed
license/cla Contributor License Agreement is signed.
@RaimoNiskanen RaimoNiskanen deleted the RaimoNiskanen:raimo/rand-crypto-xoroshiro928 branch Sep 18, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
None yet
2 participants
You can’t perform that action at this time.