[loup-vaillant]

If I recall correctly, Chacha20 is as fast as AES with AVX256, isn't it? For more speed, Chacha8 has yet to be broken. And I bet even Chacha2 would pass most statistical tests, although at that point it is not secure at all. Furthemore, we could ditch Chacha compatibility by skipping the de-interleaving step for more speed.

AES could likewise benefit from reduced rounds, but since its security margin is lower than Chacha, there's a chance it would perform a bit worse at the same quality level.

[fulafel]

The linked code (https://github.com/lemire/testingRNG/blob/master/source/aesc...) uses Intel's AES instructions directly. Software AES would not be competitive with purpouse built PRNG algorithms speed-wise.

[loup-vaillant]

I never talked about software AES. I talked about AES-INI vs Chacha/AVX-256.

Chacha is very fast with vector instructions. Over 2.3GB per second on my core i5 skylake laptop.

[stochastic_monk]

I can't find a benchmark for chacha20 as a PRNG (I've only found benchmarks for salsa20...). Why don't you try the code from [1] and see how it compares to your chacha20 random number generator?

[loup-vaillant]

I have done such a benchmark when implementing my cryptographic library: https://monocypher.org/speed

Also look at BearSSL: https://www.bearssl.org/constanttime.html 2.4GB per second for AES-INI is comparable to my own measurements with AVS-256 Chacha20.

Chacha is slightly faster than Salsa, mostly because it removed some word shuffling Salsa needed for matrix transposition.

[throwawaymath]

The commenter you're responding to doesn't need cryptographic security.

[loup-vaillant]

Even if you don't need security, stream ciphers are basically the gold standard when it comes to randomness.

Besides, they started it, talking about AES.