State of PRNG code in GMP
Torbjörn Granlund
tg at gmplib.org
Tue Jun 9 12:55:49 UTC 2020
Marco Bodrato <bodrato at mail.dm.unipi.it> writes:
Mersenne Twister only uses mpz for initialization. Moreover there is a
little "bug" in the initialization procedure, so that the sequence can
be the same even if the seed is different (in the range where it is
supposed to generate different sequencese).
Oops.
That's why some years ago we started rewriting that init function.
Of course this will yield to different sequences too.
https://gmplib.org/list-archives/gmp-bugs/2017-March/004106.html
Here is the almost mpz-free init function using the xxtea scrambler.
Cool! Its mpz use should indeed be fairly straightforward to eliminate.
> Here is some code I have tinkered with.
> typedef enum {
> GMP_PRNG_ALG_LC, GMP_PRNG_ALG_MT, GMP_PRNG_ALG_AES,
> GMP_PRNG_ALG_LIM, GMP_PRNG_ALG_DEFAULT = GMP_PRNG_ALG_AES
> } gmp_prng_alg;
What's LIM?
LIMIT. Intended for a future-safe loop through the algorithms.
Probably useless. :-)
It turned out to be a bit tricky to get an efficient AES based PRNG
which also has some desired properties:
1. Well-documented effect of seeding (so users can check we do what we
promise)
2. Also, we want n bits of random data to be the exact same n bits of data
on any machine, given the same state. (This follows from (1) I suppose,
but we might generate different well-documented sequences on 32-bit and
64-bit machines, and on little- and big-endian machines, etc.)
3. Not too much copying and byte swiveling.
I got some code running over the week-end which I think meet all these
criteria. The C code does not fullfil a 4th criteria, though:
3. Nice and clean.
:-)
--
Torbjörn
Please encrypt, key id 0xC8601622
More information about the gmp-devel
mailing list