Clean up RNG comparison table#100
Open
vks wants to merge 2 commits into
Open
Conversation
- Only state facts we are willing to commit to. - Make sure to list the currently underlying algorithms with full statistics. This way, we only communicate what we are willing to guarantee. As a nice side effect, the comparison is less likely to go out of date if we change the underlying algorithm of `StdRng` or `SmallRng`. This happened for `SmallRng`, which until now stated an incorrect state size. Fixes #58.
Contributor
Author
|
I still left the |
dhardy
reviewed
May 18, 2026
| | [`Pcg32`] | PCG XSH RR 64/32 (LCG) | 5 GB/s | 16 bytes | ★★★☆☆ | `u32` * 2<sup>64</sup> | — | | ||
| | [`Pcg64`] | PCG XSL 128/64 (LCG) | 7 GB/s | 32 bytes | ★★★☆☆ | `u64` * 2<sup>128</sup> | — | | ||
| | [`Pcg64Mcg`] | PCG XSL 128/64 (MCG) | 8 GB/s | 16 bytes | ★★★☆☆ | `u64` * 2<sup>126</sup> | — | | ||
| | [`SmallRng`] | (unspecified) | (unspecified) | (unspecified) | ★★★☆☆ | ≥ `u32` * 2<sup>64</sup> | not portable | |
Member
There was a problem hiding this comment.
The purpose of SmallRng is to be a fast, low-memory PRNG. Maybe we should use inspecific words like 'fast', 'small' here? Or 'competitive'?
| | name | full name | performance | initialization | memory | security (predictability) | forward secrecy | | ||
| |------|-----------|--------------|--------------|----------|----------------|-------------------------| | ||
| | [`StdRng`] | (unspecified) | 4.1 GB/s | fast | 136 bytes | widely trusted | no | | ||
| | [`StdRng`] | (unspecified) | (unspecified) | fast | (unspecified) | widely trusted | no | |
Member
There was a problem hiding this comment.
Again, performance is part of the selection criteria so could write 'fast'.
| | [`StdRng`] | (unspecified) | (unspecified) | fast | (unspecified) | widely trusted | no | | ||
| | [`ChaCha20Rng`] | ChaCha20 | 2.6 GB/s | fast | 136 bytes | [rigorously analysed](https://tools.ietf.org/html/rfc7539#section-1) | no | | ||
| | [`ChaCha8Rng`] | ChaCha8 | 5.8 GB/s | fast | 136 bytes | small security margin | no | | ||
| | [`ChaCha12Rng`] | ChaCha12 | 4.1 GB/s | fast | 136 bytes | [large security margin](https://eprint.iacr.org/2019/1492) | no | |
Member
There was a problem hiding this comment.
I measure the size as 320 bytes now. I recall that the buffer size has been increased to better support some SIMD backends. This size is untested in the stream-ciphers repo.
Update this to 320 with a footnote clarifying that it may change?
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What statements we made and didn't make for
StdRngandSmallRngwas inconsistent. Now, we only specify what we are willing to guarantee.The full stats for the currently chosen algorithms are still there:
ChaChaRng12(newly added to the table) andXoshiro256PlusPlus(unchanged) are part of the comparison.Also state that
rand_pcgnow supports jump-ahead.