On Wed, Nov 10, 2010 at 11:33 AM, Lauri Alanko &lt;<a href="mailto:la@iki.fi" target="_blank">la@iki.fi</a>&gt; wrote:<br>
&gt; So a naive implementation of split would be:<br>
&gt;<br>
&gt; split g = (mkGen seed, g&#39;)<br>
&gt;  where (seed, g&#39;) = random g<br>
<br>Just to be clear, that is the same as Burton Smith&#39;s original proposal that Simon mentioned at the outset, right?  Specifically, Smith&#39;s proposal is yours instantiated with a crypto based PRNG?<br><br>So, except for the silliness of generating 128 random bits to make an Int, the following would implement the strategy using the &quot;crypto&quot; package on Hackage, correct?  <br>


--------------------------------------------------<br>import Codec.Encryption.AES<br>import Data.LargeWord<br>import System.Random<br><br>data RNG = RNG Word128 Word128 deriving Show<br>next128 (RNG k c) = (encrypt k c, RNG k (c+1))<br>


<br>instance RandomGen RNG where <br>  next g = (fromIntegral n, g&#39;) <br>   where (n,g&#39;) = next128 g<br>  split g@(RNG k c) = (g&#39;, RNG n 0)<br>   where (n,g&#39;) = next128 g<br>
--------------------------------------------------<br><br>The reason I brought up AES-NI was that doing AES in hardware would allow about an 8X improvement over the best software implementation (~2 cycles per byte encrypted).  Comparison would be warranted, but perhaps it could make the crypto based PRNG efficient enough for day-to-day use.<br>


<br>Best,<br> -Ryan<br><br>