State of PRNG code in GMP

Torbjörn Granlund tg at
Tue Jun 9 12:55:49 UTC 2020

Marco Bodrato <bodrato at> writes:

  Mersenne Twister only uses mpz for initialization. Moreover there is a
  little "bug" in the initialization procedure, so that the sequence can
  be the same even if the seed is different (in the range where it is
  supposed to generate different sequencese).


  That's why some years ago we started rewriting that init function.
  Of course this will yield to different sequences too.

  Here is the almost mpz-free init function using the xxtea scrambler.

Cool!  Its mpz use should indeed be fairly straightforward to eliminate.

  > Here is some code I have tinkered with.

  > typedef enum {
  > } gmp_prng_alg;

  What's LIM?

LIMIT.  Intended for a future-safe loop through the algorithms.
Probably useless.  :-)

It turned out to be  a bit tricky to get an efficient AES based PRNG
which also has some desired properties:

1. Well-documented effect of seeding (so users can check we do what we

2. Also, we want n bits of random data to be the exact same n bits of data
on any machine, given the same state.  (This follows from (1) I suppose,
but we might generate different well-documented sequences on 32-bit and
64-bit machines, and on little- and big-endian machines, etc.)

3. Not too much copying and byte swiveling.

I got some code running over the week-end which I think meet all these
criteria.  The C code does not fullfil a 4th criteria, though:

3. Nice and clean.


Please encrypt, key id 0xC8601622

More information about the gmp-devel mailing list