Myth-busting

[1eg1eg1...@gmail.com]

Hi there. My name is rtyu uytr and I would like to get to know more about xoshiro**, etc.

You have to say if the sentences are true (T) or false (F)

1. Even theoretical xoroshiro4294967296+, having 4294967296 bits of state and a period of 2^4294967296-1, fails linearity in the lowest four bits.

2. The Vigna's recommended way to reduce to a range is a singular modulo operation.

3. All xoroshiro and xoshiro based generators are trivially predictable according to the owner of a competitor.

4. The higher the jump distance, the longer it takes, for example in xoshiro512 the 2^384 long jump takes longer than a 2^256 jump in turn takes longer than a 2^128 short jump, same for xoshiro512+, xoshiro512** and xoshiro512++.

5. The generators with ++ are statistically worse than ** (aside from one less k-distribution).

[david.j...@gmail.com]

On Tuesday, 4 February 2020 04:57:29 UTC+11, 1eg1eg1...@gmail.com wrote:

Hi there. My name is rtyu uytr and I would like to get to know more about xoshiro**, etc.

You have to say if the sentences are true (T) or false (F)

1. Even theoretical xoroshiro4294967296+, having 4294967296 bits of state and a period of 2^4294967296-1, fails linearity in the lowest four bits.

True, kind of. But the equivalent LFSR is insanely large. Just implementing this prng is going to be slow and kludgey. Detecting linearity of the least significant bit (only one)  maybe just barely possible on a fast computer. For the other bits, not going to happen.

2. The Vigna's recommended way to reduce to a range is a singular modulo operation.

(Can't remember sorry. Seba? That method fails for some bad prngs but should be ok for xoshiro** . There might be quicker ways on some hardware.)

3. All xoroshiro and xoshiro based generators are trivially predictable according to the owner of a competitor.

True. According to the competitor.

True. Actually, for xoshiro256** .

True or probably true (and depending on what you mean by trivial). For other published members of the family.

4. The higher the jump distance, the longer it takes, for example in xoshiro512 the 2^384 long jump takes longer than a 2^256 jump in turn takes longer than a 2^128 short jump, same for xoshiro512+, xoshiro512** and xoshiro512++.

False. I'm fairly sure of this. Jump speed should be about the same for any distance. There are some tiny performance differences depending on the Hamming weight of certain bit vectors, but these are pretty random and don't always get worse for longer distances.

5. The generators with ++ are statistically worse than ** (aside from one less k-distribution).

False, probably. For most members of the family, and certainly the recommended ones, ++ and ** are both so good it's hard to tell by actual testing. We have some vague circumstantial evidence that ++ might actually be better than ** (aside from one less k-distribution).