For background, Random123 was developed for a supercomputer that does molecular dynamic simulations. In particular, for the Anton supercomputer, complete reproducibility of simulations was/is an important constraint. In concept, in that context, you might want to "jump to timestamp 1 billion, and run forward from there" (based on a saved snapshot of the chemical system at the timestamp). In simulations, a certain element of "reproducible randomness" is relevant to inject. For that specific purpose, the splitting of generators that Matthias mentions isn't especially helpful. But for other purposes, it absolutely is. And yes, most certainly these two techniques could be complementary, they need not be mutually exclusive. On Tue, Dec 6, 2022 at 8:45 PM Matthias Görgens <matthias.goergens@gmail.com> wrote:
On Tue, 15 Nov 2022 at 00:14, David Mertz, Ph.D. <david.mertz@gmail.com> wrote:
In general, all PRNGs are deterministic, and by relying on a known seed, the Nth element in a sequence of random numbers can always be reconstructructed. However, if a large number of random numbers are used, certain replication scenarios make the purely sequential nature of generators like Mersenne Twister or linear congruential generators inconvenient.
Counter based pseudo-random generators like Random123 use cryptographic transformations upon counter variables, and were rigorously shown to pass all standard tests of randomness of distribution. However, these tests were done using AES, Threefish, and Philox, and do not automatically apply to SHA256 that James uses. The advantage of these is that they allow direct construction of the Nth element in a pseudo-random sequence without large memory or CPU usage needed to construct the N-1 prior elements.
There's another possibility that you haven't explored.
You are only looking at random number generators that produce a linear sequence of numbers.
If you add a 'split' function to your generator, that takes one generator and returns two generators that are independent of each other, you can build trees of random numbers, instead of just linear sequences. Those trees also allow parallelisation. (Implementations should take care to ensure that the resulting generators are not correlated. )
You can combine the counter-based approach and the split based approach, of course. If you have a cryptographic hash function, it's relatively easy to give a toy implementation.
-- Keeping medicines from the bloodstreams of the sick; food from the bellies of the hungry; books from the hands of the uneducated; technology from the underdeveloped; and putting advocates of freedom in prisons. Intellectual property is to the 21st century what the slave trade was to the 16th.