| Three comments: > I found exactly one where fetching random numbers was over 1% of CPU consumption. Again, Monte Carlo simulation is the obvious exception, and it is a huge, important field and big consumer of random numbers. Stochastic algorithms (see Sebastian Thrun's Probabilistic Robotics) might be another example. However, one big problem is that many benchmarks basically benchmark the PRN generation, and so incentivise vendors to default to fast PRNG. And I agree with you, the default should be a CSPRNG. Lastly, on a side note, I seem to recall that some generators from Vigna's Xoroshiro family suffer a very low quality least significant bit. Not sure whether Xorshift128+ is among them. EDIT to add more: BTW, it's surprisingly hard to get researchers in PRNG to give clear, unequivocal recommendations for users. They'll often resort to some version of "it depends" (or plug their own). Lastly, let me plug my related stackoverflow answer: https://stackoverflow.com/questions/4720822/best-pseudo-rand... |
It depends. :) Even then very few realistic simulations are going to be RNG bound. Even fewer of those are going to care about the difference between Xoroshiro and AES-CTR (with AESNI).
A common failure mode I've seen is programmers picking Mersenne Twister and then assuming initialization is cheap.
> suffer a very low quality least significant bit
IIRC, the LSB behaves like a LFSR.
> it's surprisingly hard to get researchers in PRNG to give clear, unequivocal recommendations for users
There are about five PRNG researchers in the world and few (none?) of them are doing it full time. L'Ecuyer, the biggest name since Marsaglia died, seems to be dealing with PRNGs mostly as a means to doing operations research.
(Side note: Pierre L'Ecuyer is very likely the strongest over-50 cyclist in Quebec.)