From: Simon Horman <horms@kernel.org>
To: Markus Theil <theil.markus@gmail.com>
Cc: linux-crypto@vger.kernel.org, davem@davemloft.net,
netdev@vger.kernel.org, akpm@linux-foundation.org,
Jason@zx2c4.com
Subject: Re: [PATCH 2/2] prandom/random32: switch to Xoshiro256++
Date: Mon, 17 Feb 2025 11:18:06 +0000 [thread overview]
Message-ID: <20250217111806.GJ1615191@kernel.org> (raw)
In-Reply-To: <20250214081840.47229-3-theil.markus@gmail.com>
On Fri, Feb 14, 2025 at 09:18:40AM +0100, Markus Theil wrote:
> The current Linux PRNG is based on LFSR113, which means:
> - needs some warmup rounds to yield better statistical properties
> - seeds/initial states must be of certain structure
> - does not pass L’Ecuyer's BigCrush in TestU01
>
> While of course, there is no clear "best" PRNG, replace with
> Xoshiro256++, which seams to be a sensible replacement, from
> todays point of view:
> - only needs one bit set to 1 in the seed, needs no warmup, when
> seeded with splitmix64.
> - Also has statistical evaluation, like LFSR113.
> - Passes BigCrush in TestU01.
>
> The code got smaller, because some edge cases are ruled out now.
> I kept the test vectors and adapted them to this RNG.
>
> Signed-off-by: Markus Theil <theil.markus@gmail.com>
...
> diff --git a/lib/random32.c b/lib/random32.c
...
> +/**
> + * prandom_seed_state - set seed for prandom_u32_state().
> + * @state: pointer to state structure to receive the seed.
> + * @seed: arbitrary 64-bit value to use as a seed.
> + *
> + * splitmix64 init as suggested for xoshiro256++
> + * See: https://prng.di.unimi.it/splitmix64.c
> + */
> +void prandom_seed_state(struct rnd_state *state, u64 seed)
> {
> - /* Calling RNG ten times to satisfy recurrence condition */
> - prandom_u32_state(state);
> - prandom_u32_state(state);
> - prandom_u32_state(state);
> - prandom_u32_state(state);
> - prandom_u32_state(state);
> - prandom_u32_state(state);
> - prandom_u32_state(state);
> - prandom_u32_state(state);
> - prandom_u32_state(state);
> - prandom_u32_state(state);
> + int i;
> +
> + for (i = 0; i < ARRAY_SIZE(state->s); ++i) {
> + seed += 0x9e3779b97f4a7c15;
> + u64 z = seed;
> + z = (z ^ (z >> 30)) * 0xbf58476d1ce4e5b9;
> + z = (z ^ (z >> 27)) * 0x94d049bb133111eb;
> + state->s[i] = z ^ (z >> 31);
nit: The indentation seems off here.
> + }
> }
> +EXPORT_SYMBOL(prandom_seed_state);
...
next prev parent reply other threads:[~2025-02-17 11:18 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
2025-02-14 8:18 [PATCH 0/2] prandom: add crypto warnings and switch to new PRNG Markus Theil
2025-02-14 8:18 ` [PATCH 1/2] prandom: add usage comments for cryptography Markus Theil
2025-02-14 8:18 ` [PATCH 2/2] prandom/random32: switch to Xoshiro256++ Markus Theil
2025-02-17 11:18 ` Simon Horman [this message]
2025-03-22 18:24 ` Markus Theil
2025-03-24 17:32 ` Simon Horman
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20250217111806.GJ1615191@kernel.org \
--to=horms@kernel.org \
--cc=Jason@zx2c4.com \
--cc=akpm@linux-foundation.org \
--cc=davem@davemloft.net \
--cc=linux-crypto@vger.kernel.org \
--cc=netdev@vger.kernel.org \
--cc=theil.markus@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.