Random number generation: It might be harder than you think to write code that rivals novice-level code written in Python.

(It’d be great if you emailed me so that I can attribute your feedback if/when appropriate. If I’ve missed papers and terminology from the crypto area, you can certainly help fix that.)

About ChaCha20, in the table on the website, I was talking about the OpenBSD implementation, which is the only implementation of ChaCha20 as a PRNG that anyone is likely to have used. In the main comparison section of the website it’s clearer about making a distinction between the OpenBSD PRNG and the usual ChaCha20 code.

As for security claims, I make it fairly clear on the predictability page of the website exactly what I’m talking about and not. I am absolutely not recommending it as a stream cipher for cryptography (given how new it is that’d be absurd!), but I am saying that even general purpose RNGs should have an eye to not being predictable. The only way to actually test unpredictability is to have a challenge, ideally with a prize. I’m working on setting that up. When the contest is announced, I hope you’ll give it a try. If it’s as predictable as you seem to think, collecting ought to be easy! If you have advice on that aspect, I’d also be delighted to hear from you—I hardly want anyone claiming I rigged it!

As for my speed claims, I’m not sure how you get the notion that there isn’t much difference between the Mersenne Twister and PCG (or other fast RNGs), the graphs make it clear that it’s more than twice as fast. It is true if you want to have 64-bit state, the easiest approach is 64-bit multiplication (although there are other ways of doing things that are fast). The paper briefly mentions 32-bit tests, and PCG does still do well in that domain, although things are certainly closer for the standard PCG generators. I think 64-bit is the future though, which is why I don’t focus much on 32-bit. Even for ARM, 64-bit is either here now or on the horizon. My phone (which is old enough that it’s now out of contract) is 64 bit; if yours isn’t, it will be in a year or two.

If I were writing a proposal for additional RNGs to add to the standard, I’d almost certainly include ChaCha20. Thanks to someone else who liked ChaCha20, I now have a fairly nice C++11 implementation of it (and I have arc4random too), and some other relatively new/good ones as well.

I’d be delighted to see any modern RNG added to the standard, and if PCG were merely seen as a minimum standard to equal/beat, that’s fine. If people want to say they have something better, that’s awesome. Maybe we can argue about relative strengths and weaknesses. But the RNGs we have now in C++11 are all worse.

/r/cpp Thread Parent