1. 2
  1.  

  2. 2

    Hmm. I haven’t looked into RNG’s on GPU’s since xorshift was so fast for non-crypto stuff. Here’s a survey paper I found from 2012:

    https://lobste.rs/s/8mr2et/random_number_generators_for_massively

      1. 1

        However, since AES is a reversible process (encryption rather than hash), we have found that it is much less random than MD5 (as detailed in Section 4).

        This sounds really fishy.

        On the topic, my gut says that MD5 is way overkill, even after the tweaks they’ve done. The goal seems to be to produce pleasant white noise, not to do secure digests. The peak performance for their optimised version on the GPU with 64 rounds is 1024^2 * 128 bits in 6.3 ms or about 2.5 GiB/s. That doesn’t sound terribly good (even for 2007). They can reduce the number of rounds but even dropping it to 48 they start failing statistical tests. That doesn’t sound terribly good either, though I wouldn’t trust DIEHARD for much these days. At 16 rounds, they get nearly 10 GiB/s (1.6 ms for 1024^2 * 128 bit), but fail 4 out of 15 tests. I’d still expect way more than 10 GiB/s given such a simple task and the massive parallelism of GPUs.

        Considering the time measurement makes it easy to put the performance into perspective: 6.3 ms to fill one half of a 1080p image with four floats per pixel is 40% of the time you have to render an entire frame, if the goal is 60 fps. That’s crazy. Of course you wouldn’t use it like that in the real world.

        For reference, I recently wrote my own rather simplistic random-access PRNG (angersock) which produces a stream on stdout at about 1.6 GiB/s as measured by pv on Linux, on a single core of a Ryzen R7 1800X. It passes all the three statistical test batteries of TestU01. It also passes all the DIEHARDER tests, though the criteria might not be be the same that they used in writing this paper. There are a few weak results. Then again, a run on /dev/random tends to give you a few weak results too. (That’s why it’s hard to recommend diehard(er) for simple pass/fail testing of prngs these days; it’s no longer a great test, and it is quite easy to pass with a generator that trivially fails testu01).

        1. 2

          I become very suspicious when AES “fails” to pass a random test. That would constitute a MAJOR break if it were true. Yet it seems to happen a lot in this kind of random number research.