On Unix machines, the throughput of the HAVEGE generator is generally higher than the typical throughput of standard random generators rand() or random(). For application domains requiring huge volume of high quality random numbers, we provide the ndrand() function.2. A cryptography oriented random number generator function int cryptondrand(): high performance high quality random numbers for cryptography.
CAUTION: ndrand() passes all statistical tests for uniform distribution and is irreproducible.
However ndrand() has been designed for providing both high throughput and high quality, but not for unpredictability.
3. The structure of the source code has been improved and made more readable.
- cryptondrand() produces several megabytes of unpredictable random numbers per cycle.
- Each 1 Mbyte sequence of cryptondrand() results is the exclusive-OR of the previous sequence with 32 consecutive 1 Mbyte sequences of a ndrand()-like function results.
- Each of these 33 individual sequences are already high quality random number sequences.
- Total collection of a 1 Mbyte sequence spans over several tens of operating system interrupts.
- The 31 intermediate sequences are hidden from the outside world. Hiding a single intermediate sequence is sufficient to ensure irreproducibiliy.
A single procedure, HAVEGE_COLLECTRAND(), is used both to initialize the predictor and to generate unpredictable random numbers.Back to HAVEGE main page
The main loop in HAVEGE_COLLECTRAND() is embedded in file LoopBody.h. The iterations are unrolled in order to fully gather and expand entropy from the instruction cache and branch predictor. Precise number of iterations depend on the compiler, the processor and the operating system. An iteration is coded in file OneIteration.h.
Two parallel self-modifying walks in a table called Walk twice as large as the data cache are performed (gather and expand entropy from the L1 data cache).
16 results data (from the RESULT array) are updated per iteration.
21 conditonal tests on random data are per iteration and the hardware clock counter is read two times to collect the entropy.
The initialisation phase runs HAVEGE_COLLECTRAND() a sufficient number of times to guarantee that all internal variables (i.e the RESULT, Walk arrays and PT and PT2 pointers) are unpredictable.