Xoroshiro128+ BTFO

Name
Email
Subject
Comment *
File	Select/drop/paste files here
Password	(Randomized for file and post deletion; you may also set your own.)
* = required field	[▶ Show post options & limits] Confused? See the FAQ.

Flag
Oekaki	Show oekaki applet (replaces files and can be used instead)
Options	Do not bump (you can also write sage in the email field) Spoiler images (this replaces the thumbnails of your images with question marks)
Allowed file types:jpg, jpeg, gif, png, webm, mp4, pdf Max filesize is 16 MB. Max image dimensions are 15000 x 15000. You may upload 3 per post.

File (hide): 6aadf80b83113b8⋯.jpg (24.36 KB, 214x277, 214:277, foto.jpg) (h) (u)

▶Xoroshiro128+ BTFO Anonymous 03/26/18 (Mon) 09:44:11 No.889073 [Watch Thread][Show All Posts]

Xoroshiro128+ Fails PractRand Even When Truncated

Although I know a lot of effort went into Xoroshiro128+, and there are many good things that have come out of its development, I am sad to say that on balance I feel it has too many flaws to be worth recommending---there are many better choices. In this post, I'll dig a little deeper into some of its flaws.

Let's begin with what we already know:

* John D. Cook showed that it fails PractRand with just a couple of seconds of testing, and before that Chris Doty-Humphrey, author of PractRand, showed that it didn't just fail “binary rank” tests, it also failed the DC6 test which is a short-medium range linear test.

* Daniel Lemire showed that it fails TestU01.

* I showed that it is trivially predictable.

* I showed that it is visualizing smaller-scale versions of the scheme shows clear flaws.

But are the flaws superficial and easily ignored, or more troubling than that?

Evolving Author Caveats

The authors of Xoroshiro128+ do acknowledge some of these flaws. The source code admits (somewhat obliquely) that it fails PractRand's binary-rank tests, but suggests that the problem is confined to just the lowest few bits. Over time, however, these claims have been progressively weakened. The source for this generator used to say:

>with the exception of binary rank tests, which fail due to the lowest bit being an LFSR; all other bits pass all tests.

On 14 October, 2017, the comments in the source were revised to say

>with the exception of binary rank tests, as the lowest bit of this generator is an LSFR. The next bit is not an LFSR, but in the long run it will fail binary rank tests, too. The other bits have no LFSR artifacts.

Less than six weeks later, on 29 November 2017, the comments were revised yet again, to what is now their current wording (archive):

>with the exception of binary rank tests, the lowest bit of this generator is an LFSR of degree 128. The next bit can be described by an LFSR of degree 8256, but in the long run it will fail linearity tests, too. The other bits needs a much higher degree to be represented as LFSRs.

This version is quite a climbdown---from saying the other bits have no LFSR artifacts to admitting that actually, yes, they do. But the implication remains that only the lowest few bits fail statistical tests in practice. If that is the case, it means that using Xoroshiro128+ to generate 48-bits of randomness (throwing away not just the lowest two bits, but the lowest 16) is fine. But you have to wonder: is that really true?

Conclusions

Of course, few people bother to run a test that lasts 30 weeks and consumes half a petabyte of random numbers, but the point remains, Xoroshiro128+ has detectable flaws even if you throw half of its output, 32-bits, away.

It seems reasonable to surmise that you only throw 16 bits away, leaving 48 bits, you'll see statistical flaws sooner. When I get around to it, I'll test that out too, but even if it's less than 30 weeks of testing, it might need more than the typical week of testing to unmask the issues.

It's my understanding that Vigna mostly dismisses linearity-related failures as overly technical, and has even gone so far as to argue with the author of PractRand as to whether BCFN and DC6 are valid tests at all (even though other PRNGs pass them just fine). But I'd rather use a PRNG where you don't have to worry as much. There are plenty of them out there, including some very old ones.

I left out the Tests sections. Read them here:

http://www.pcg-random.org/posts/xoroshiro-fails-truncated.html

discuss

▶Anonymous 03/26/18 (Mon) 13:23:44 No.889118>>889121

Never heard about this. How is that a big deal?

▶Anonymous 03/26/18 (Mon) 13:29:37 No.889121>>889131

>>889118

Because it is pretty much the fastest full period PRNG. As such it is used in many projects.

▶Anonymous 03/26/18 (Mon) 14:09:57 No.889131>>889132

>>889121

>PRNG

Why.

http://moonbase.tictail.com/

▶Anonymous 03/26/18 (Mon) 14:19:05 No.889132

>>889131

>40 USD

Why pay for some proprietary bullshit just for some random numbers?

Are you retarded?

▶Anonymous 03/26/18 (Mon) 23:04:39 No.889331>>889393 >>889394

File (hide): 8c9a7a8bf008cc2⋯.png (144.07 KB, 540x298, 270:149, tenor.png) (h) (u)

Serious question: what is wrong with just getting random bytes based on system entrophy? I thought that was what you did when you wanted true random shit.

▶Anonymous 03/27/18 (Tue) 02:01:47 No.889390

From the site:

// *Really* minimal PCG32 code / (c) 2014 M.E. O'Neill / pcg-random.org
// Licensed under Apache License 2.0 (NO WARRANTY, etc. see website)

typedef struct { uint64_t state;  uint64_t inc; } pcg32_random_t;

uint32_t pcg32_random_r(pcg32_random_t* rng)
{
    uint64_t oldstate = rng->state;
    // Advance internal state
    rng->state = oldstate * 6364136223846793005ULL + (rng->inc|1);
    // Calculate output function (XSH RR), uses old state for max ILP
    uint32_t xorshifted = ((oldstate >> 18u) ^ oldstate) >> 27u;
    uint32_t rot = oldstate >> 59u;
    return (xorshifted >> rot) | (xorshifted << ((-rot) & 31));
}

I wonder if it would be more secure to do this:

// *Really* minimal PCG32 code / (c) 2014 M.E. O'Neill / pcg-random.org
// Licensed under Apache License 2.0 (NO WARRANTY, etc. see website)

typedef struct { uint64_t state;  uint64_t inc; } pcg32_random_t;

uint32_t pcg32_random_r(pcg32_random_t* rng)
{
    uint64_t oldstate = rng->state;
    // Advance internal state
    rng->state = oldstate * 6364136223846793005ULL + (rng->inc|1);
    // Calculate output function (XSH RR), uses old state for max ILP
    uint32_t xorshifted = (((oldstate << 5) >> 18u) ^ oldstate) >> 27u;
    uint32_t rot = oldstate >> 59u;
    return (xorshifted >> rot) | (xorshifted << ((-rot) & 31));
}

Doing it this way you don't have the amount you rotate by (the first 5 bits) as part of what's being outputted. This does mean that you are using more of the lower bits of the state. From reading the wikipedia article on LCG it sounds like the lower bits are not as random. If this small change would be an actual improvement to PCG.

▶Anonymous 03/27/18 (Tue) 02:07:27 No.889393>>889394

>>889331

because it doesn't work like that, obviously.

▶Anonymous 03/27/18 (Tue) 02:12:52 No.889394

>>889331

It's slow to do that / use a CSPRNG.

>>889393

or does it?

▶Anonymous 04/01/18 (Sun) 16:56:31 No.891802>>892512

File (hide): f4038e565faa3c3⋯.png (308.03 KB, 484x502, 242:251, me.png) (h) (u)

Hey Faggots,

My name is seba, and I hate every single one of you. All of you are fat, retarded, no-lifes who spend every second of their day looking at stupid ass pictures. You are everything bad in the world. Honestly, have any of you ever gotten any pussy? I mean, I guess it’s fun making fun of random number generators because of your own insecurities, but you all take to a whole new level. This is even worse than jerking off to generators on facebook.

Don’t be a stranger. Just hit me with your best shot. I’m pretty much perfect. I was captain of the chess club, and starter on my math team. What programming work do you do, other than “jack off to naked drawn Japanese people”? I also get straight A’s, and have a banging hot random number generator (it just generated numbers; Shit was SO cash). You are all faggots who should just kill yourselves. Thanks for listening.

Pic Related: It’s me and my random number generator

▶Anonymous 04/03/18 (Tue) 12:52:12 No.892512>>893230

>>891802

>being this butthurt because a woman belittled his tiny PRNG

LOL

▶Anonymous 04/04/18 (Wed) 23:03:56 No.893230

>>892512

>implying xoroshiro+ and xorshift1024* fails at it's intended purpose

>muh predictability

>not knowing Melissa O'Neil is notorious for lying on her website

Dumb nigger detected

/tech/ - Technology★

General

WebM

Theme

User JS

Do not paste code here unless you absolutely trust the source or have read it yourself!

Favorites

Customize Formatting

Filters