On Tue, 15 Nov 2022 at 00:14, David Mertz, Ph.D. <david.mertz@gmail.com> wrote:

In general, all PRNGs are deterministic, and by relying on a known seed, the Nth element in a sequence of random numbers can always be reconstructructed. However, if a large number of random numbers are used, certain replication scenarios make the purely sequential nature of generators like Mersenne Twister or linear congruential generators inconvenient.

Counter based pseudo-random generators like Random123 use cryptographic transformations upon counter variables, and were rigorously shown to pass all standard tests of randomness of distribution. However, these tests were done using AES, Threefish, and Philox, and do not automatically apply to SHA256 that James uses. The advantage of these is that they allow direct construction of the Nth element in a pseudo-random sequence without large memory or CPU usage needed to construct the N-1 prior elements.

There's another possibility that you haven't explored.

You are only looking at random number generators that produce a linear sequence of numbers.

If you add a 'split' function to your generator, that takes one generator and returns two generators that are independent of each other, you can build trees of random numbers, instead of just linear sequences. Those trees also allow parallelisation. (Implementations should take care to ensure that the resulting generators are not correlated. )

You can combine the counter-based approach and the split based approach, of course. If you have a cryptographic hash function, it's relatively easy to give a toy implementation.