Show HN: Fast Random Library for C++17

51 GeorgeHaldane 52 6/2/2025, 11:09:45 AM github.com ↗

Morning HN.

Random number generation feels is a somewhat underrepresented topic in the C++ realm. There is a lot of questionable info about it found online and even the standard library is quite behind the times in terms of it's algorithms. It suffers from trying to accommodate sometimes impractical standard requirements and has several ways of getting significantly bad statistical results. This leaves a lot easily achievable performance & quality on the table.

So, being a mathematician who mostly works with stochastic models and wants these models to run fast and well, I embarked on a journey of trying to summarize "what is good and what is bad" and implement the "best stuff there currently is".

Thankfully, the design of C++ <random> is quite flexible and easy to extend. With some cleanup, generalization and compile-time logic all the different algorithms can be wrapped in a generic standard-compatible API.

A result of this work is single-header RNG library which has:

  - <random>-compatible generators (PRNGSs) with 3x-6x better performance
  - Cryptographically secure generators (CSPRNGs)
  - Faster uniform / normal distributions that produce same sequences on every platform
  - Quick approximations of some non-linear distributions
  - More reliable entropy sources that std::random_device()
  - rand()-like API for when we just want random numbers without the boilerplate of proper a <random> setup

Effectively all of this gets us 2x-8x speedups on many workloads while producing even better statistical quality.

Don't think there is anything else like it, so I would like to showcase the result here and hear some opinions on its improvement:

https://github.com/DmitriBogdanov/UTL/blob/master/docs/modul...

For those interested, there is a more detailed rundown of all the quirks of this topic at end of the docs, might prove an interesting read.

Comments (52)

OskarS · 16h ago

I think it looks great! Might be using this in a future project.

One note on API design: I think it's a FANTASTIC idea to have default `rand()` functions available, since very often, you don't really care about the generator and you're just like "just give me a random number, i don't care how". But if you do, you shouldn't have a `seed()` function, because that means you can then never upgrade it without breaking your API contract. It should always be seeded with entropy. This is why glibc's `rand()` is still using an LCG from the late neolithic, they can't ever update it without breaking a gazillion applications and tests. This is the classic example of "Hyrum's law". Doing this also helps with thread-safety: you can just make the seed/state thread-local and then it just works.

Basically, if you want the ability to seed your PRNG, you also need to specify the generator explicitly. The global one is for convenience only, and there should be no ability in the API to seed it.

EDIT: btw, this is a really nice thing about C++, doing this is dead easy:

    int rand() {
        thread_local generator my_generator { seed_with_entropy() };
        return my_generator.rand();
    }

quietbritishjim · 16h ago

I forget the details off hand, but I thought that C++ notoriously fails to include much entropy in the generator unless you go through some complex multiline dance that forces the seed sequence to actually include it.

SiempreViernes · 15h ago

I think Oskars point is that if you say "I just want a random number, I don't care how" you can't very well be upset the seed is bad as that would be caring.

kccqzy · 14h ago

You mean creating the generator with a deterministic seed is shorter code than creating it with entropy? Well yes, because the entropy source is std::random_device so it's an extra line for an extra variable.

Don't think it's a problem in practice because every online tutorial or Stack Overflow posts contain that multi-line snippet for real entropy. C++ programmers are somewhat used to verbosity anyways.

OskarS · 15h ago

I’m assuming here that ”generator” has a decent enough constructor that seeds it properly. If it doesn’t, and you have to cycle it a few times to ”warm it up”, it’s not much more complicated, just factor out the initialization code into a function or lambda and use that to initialize the thread_local.

jll29 · 14h ago

Thanks for sharing, this is a very well-written and useful set of libraries, not just random, but also the other sub-libraries of utl.

One caveat:

> Note 2: If no hardware randomness is available, std::random_device falls back onto an internal PRNG ....

> ...

> std::random_device has a critical deficiency in it's design — in case its implementation doesn't provide a proper source of entropy, it is free to fallback onto a regular PRNGs that don't change from run to run. The method std::random_device::entropy() which should be able to detect that information is notoriously unreliable and returns different things on every platform.

> entropy() samples several sources of entropy (including the std::random_device itself) and is (almost) guaranteed to change from run to run even if it can't provide a proper hardware-sourced entropy that would be suitable for cryptography.

Personally, I think it would be best if there was a way to communicate to the system (or here, to the library in specific) what is the use case. For cryptographic applications, I don't want the library to fall back gracefully to something insecure; I would want a dark red critical error message and immediate termination with an "insufficient entropy error" error code.

However, for a game graceful degradation might be quite okay, because nobody is going to die in the real world if a monster behaves a little less random.

I learned a lot about recent advances in pseudo-random number generators by reading your code and associated documentation, including some stuff that DEK has yet to incorporate into volume 2 of TAOCP. ;)

spacechild1 · 16h ago

This looks nice! One thing I find particularly noteworthy:

- Faster uniform / normal distributions that produce same sequences on every platform

This is very useful if you want to reliably repeat simulations across platforms!

One question:

    template<class T>
    constexpr T& rand_choice(std::initializer_list<T> objects) noexcept;

Isn't this returning a reference to a local variable? In my understanding, 'objects' is destroyed when rand_choice() returns.

GeorgeHaldane · 15h ago

Thanks, that is indeed the case when list doesn't consist of literals, fixed in the new commit.

zX41ZdbW · 12h ago

Nice trick:

> How is it faster than std: It uses the fact that popcount of a uniformly distributed integer follows a binomial distribution. By rescaling that binomial distribution and adding some linear fill we can achieve a curve very similar to a proper normal distribution in just a few instructions. While that level of precision is not suitable for a general use, in instances where quality is not particularly important (gamedev, fuzzing) this is perhaps the fastest possible way of generating normally distributed floats.

zx2c4 · 18h ago

Careful with the "chacha csprng" when the seed from the seed() function appears to be 32 or 64 bits. That's not enough for the cs part. (Also the output stream appears to wrap after 2**32 blocks. Could make this larger.)

nzzn · 14h ago

For a more full featured Xoshiro/Xoroshiro implementation see

https://github.com/nessan/xoshiro

Documented at: https://nessan.github.io/xoshiro/

Handles the full family of these generators featuring arbitrary jump sizes, stream partitioning for parallel applications, and, like this library, a number of convenience sampling methods to shield the casual user from the complexities of using <random>.

Can be used with a companion `bit` library (https://github.com/nessan/bit) that performs efficient linear algebra and polynomial reduction over GF(2) for those that want to explore some of the mathematics behind these linear generators.

fluffyllemon · 18h ago

How does this compare with Abseil's random library? https://abseil.io/docs/cpp/guides/random

bhickey · 18h ago

This library appears to be insecure by default. I think there are vanishingly few use cases for non-crypto RNGs. We made absl random secure by default using randen: https://arxiv.org/abs/1810.02227

The algorithm is provably secure, so long as AES is secure. It is also backtracking resistant: an adversary with the current RNG state cannot step backwards.

On hardware with AES primitives, it's faster than MT, though slower than pcg64.

SideQuark · 10h ago

By far the vast majority of RNG calls in use need to be non-crypto. They are so many orders of magnitude too slow for so many uses that it's ludicrous to claim there are " vanishingly few use cases for non-crypto RNGs," unless you're trying to scare people into using your work.

Science, neural networks, simulation, gaming, rendering, weather, nuclear, robotics, signal processing, engineering, finance, and more industries require fast rngs to get billions to trillions of them quickly.

Very few things actually need secure - only the things that need a secure endpoint, and most of those simply use the secure rng to do a private key transfer algo, after which there is no more rngs.

Use the right tool for the job. Widen your view of what things are used for. Etc.

spacechild1 · 17h ago

> I think there are vanishingly few use cases for non-crypto RNGs.

There are quite a few applications:

- audio applications

- computer games

- simulations

- etc.

bhickey · 15h ago

Years ago a player figured out how to decode the RNG state in dungeon crawl. This allowed them to essentially God mode the game because they could determine when a monster would land a hit.

Night_Thastus · 14h ago

Out of curiosity, how do audio applications use RNG?

magicalhippo · 13h ago

Noise. Either directly as a source, which is then filtered to produce say a cymbal sound, or indirectly by creating timing variance, ie notes not playing exactly at the beat each time, which makes things sound less artificial and more pleasing.

It can also be used to dither[1] the result when doing a final rendering, to improve the noise floor.

[1]: https://en.wikipedia.org/wiki/Noise_shaping

Night_Thastus · 13h ago

Ah, ok. I was thinking playback. Noise makes total sense. Thanks!

magicalhippo · 12h ago

I guess I should have pointed out the noise shaping could be useful if you're doing 16bit playback of a 24bit source, so possibly useful during playback as well.

thomasmg · 16h ago

So I'm a bit confused, the paper says "'Randen' ... outperforming ... PCG" but now you wrote "though slower than pcg64"? In the paper itself, PCG is faster but "these microbenchmark results are quite irrelevant in practice — which actual application repeatedly calls a random generator and ignores the results?" I wonder, was the paper peer-reviewed? (I'm not saying it should have been..., just wondering.)

My guess is that yes, Randen is fast, but it is not quite as fast as PCG or other pseudo-random number generators.

Whether or not it is relevant, that's another story. I can not agree to your claim "there are vanishingly few use cases" for insecure random number generators.

bhickey · 15h ago

I was citing the micro benchmarks because they provide a pessimistic comparison in favor of other RNGs. My recollection is that it appeared as a conference paper, but I'd need to ask the author.

jeffbee · 16h ago

If you look inside Abseil it seems that the authors generally agree on performance. The default random in Abseil is Randen, but the faster variant the use of which is discouraged is PCG.

adastra22 · 16h ago

Every time you use a hash map you use a (PR)RNG. There are an abundant number of use cases for non-CS RNGs.

spacechild1 · 16h ago

That would be a very strange hash map :) Could it be that you are confusing hash functions with PRNGs?

adastra22 · 15h ago

Why do you think they are different? That's what a hash function is--mapping input to outputs with a pseudo-random distribution. Different words for literally the same thing.

spacechild1 · 14h ago

> That's what a hash function is--mapping input to outputs with a pseudo-random distribution

That's not what a PRNG does. A PRNG produces a sequence of pseudo-random values (with a particular distribution) based on an initial seed value.

A hash function is stateless, a PRNG is not.

adastra22 · 13h ago

When used as a hasher, the 'seed' is the input. When used as a PRNG tool, the seed is an incrementing counter or something. It's the same function though.

spacechild1 · 12h ago

I see what you mean. You can use a hash function to build a PRNG, but the hash function itself it not a PRNG.

In a hash table, the hash function is not used to produce a series of random numbers, that's why it's a bit silly to call it a PRNG. Instead, the purpose is to reduce a (possibly larger) input value to a fixed size output value, often with the requirement that similar input values should result in very different output values to avoid clustering.

However, your hash table example is still useful as an analogy.

bhickey · 15h ago

You've made yourself susceptible to hash flooding.

jeffbee · 16h ago

Well, when you use the Abseil hash maps the "random" number is actually a thread-local variable that monotonically increments, and the Abseil hash functions use static "random" data.

duped · 16h ago

I mean the only use case for cryptographically secure RNGs is cryptography. I can't think of non-crypto use cases that need it, but all of those need performance (and determinism is sometimes desirable!).

joiguru · 16h ago

Very interesting work!

Did you guys get a chance compare with [1]. These seen to be the standard for high-performance not Crypto RNGs.

[1]: https://github.com/DEShawResearch/random123

pantalaimon · 18h ago

Shouldn't getrandom() be plenty fast these days?

ksherlock · 18h ago

That seems to be linux/glibc specific.

No comments yet

zx2c4 · 18h ago

If you don't need "predictable randomness", like for repeatable statistical simulations, then absolutely, you should only use getrandom(). On recent Linux, this is implemented in the vDSO and is super fast. Few excuses now to use anything different.

wahern · 16h ago

The portable API is getentropy, which glibc provides as a simple wrapper around getrandom. getentropy was added to POSIX, and is also available on most modern unix systems, including FreeBSD, Illumos, NetBSD, macOS, OpenBSD, and Solaris.

arc4random has been provided by glibc 2.36 (2022), and is available on all the above-mentioned systems as well. If you don't want to make a syscall per request (outside Linux), just use arc4random; it'll be the fastest method available. musl libc lacks arc4random, unfortunately, but you can always ship a small wrapper.

Systems that support arc4random also support arc4random_uniform, which is a way to get an unbiased unsigned integer between 0 and N (up to 2^32-1). That's probably the most important reason to use the arc4random family.

jeffbee · 16h ago

vDSO getrandom has been in the kernel for what, two weeks? And it is only "super fast" compared to the unbelievably slow full syscall. Compared to PCG it is like watching rocks grow.

zx2c4 · 16h ago

Linus merged it on July 24, 2024, so about a year I guess. Kernel is released ~8 weeks after the merge window, so I suppose September or so.

I think neither are unbelievably slow. I dunno, take some measurements and see, maybe it suits you.

jeffbee · 19h ago

This looks quite helpful. An especially useful feature is to have a stable uniform int distribution, even if it is just a copy of the GNU one. It is incredibly annoying that the standard dictates the output of the generators, but leaves the output of the distributions unspecified.

Iwan-Zotow · 10h ago

Std::minstd at 100pct and std::mt19997 at 105pct?!?

Not quite believable...

Gaps.com Industry Reports (gaps.com)

Conducting smarter intelligences than me: new orchestras (southbridge-research.notion.site)

Cursor – The AI Code Editor (cursor.com)

Show HN: A tic-tac-toe but there's always a winner (maxwellito.github.io)

Google working on AI email tool that can 'answer in your style' (theguardian.com)

Robinhood Completes Acquisition of Bitstamp (newsroom.aboutrobinhood.com)

US Prosecutors Sought Builder.ai Data After Sales Overstated (bloomberg.com)

'Half the tree of life' ecologists' horror as nature reserves emptied of insects (theguardian.com)

How powerful is FLUX.1 Kontext? (fluxkontext.top)

The Future of Coding Is Here: An Inside Look at Amp (medium.com)

What the Trump Bullet Photo Taught Me about Modern Camera Shutters (substack.com)

Walmart is supercharging revenue – but with fewer workers (ft.com)

Why more than 50k passengers have booked on 'flights to nowhere' (standard.co.uk)

Show HN: Gemma 3 1B fine-tuned for Arabic Grammatical Error Correction (huggingface.co)

Ubicloud: Open-Source Alternative to AWS (github.com)

I built an AI Coach for managers who get zero training (learnmentalmodels.co)

Miri Yudovich: "I'm just a very pragmatic person. I like to do things my way." (calcalistech.com)

Chinese battery glut plugs into solar boom to power Pakistan (ft.com)

Quarkdown: A modern Markdown-based typesetting system (github.com)

Why monsoon rains wreak havoc annually in India's cities (bbc.com)

Not causal chains, but interactions and adaptations (surfingcomplexity.blog)

Yoshua Bengio announces non-profit to develop 'honest' artificial intelligence (theguardian.com)

Example of Splitting a PR (jefftk.com)

DaisyUI – Tailwind CSS Components (daisyui.com)

Mount Etna eruption live: volcanic blast in Italy sends tourists fleeing (independent.co.uk)

SmolVLA: A Vision-Language-Action Model for Affordable and Efficient Robotics (arxiv.org)

'AI' as Class Warfare (newintermag.com)

What's new for JFR in JDK 25 (egahlin.github.io)

Bill Gates to give most of $200B fortune to Africa (bbc.com)

Ask HN: Bing Search API will be retired soon. What alternatives do you use?

Ask HN: How do you struggle with/optimize for deep,sustained focus?

Uniqueness for Behavioural Types (kcsrk.info)

Versadok: Versatile document creation markup and library (github.com)

'It's thrilling': almost three centuries of the Belfast News Letter go online (theguardian.com)

Information Density of Cuneiform Tablets (2016) (bookandsword.com)

Unlicensed law clerk fired after ChatGPT hallucinations found in filing (arstechnica.com)

FlyonUI Pro – Tailwind CSS UI Kit (flyonui.com)

Show HN: Pokémon Blue remade in React (playable in browser)

Tpde: A fast framework for writing baseline compiler back-ends in C++ (github.com)

Stop Over-Thinking AI Subscriptions – Peter Steinberger (steipete.me)

Old Desktop to Linux: Wayland is still not ready (boyter.org)

Kepler Invented Science Fiction (themarginalian.org)

Manager Is Not Your Best Friend (staysaasy.com)

Top Conference ICLR Accepts AI-Written ML Paper (intology.ai)

Teaching AI models what they don't know (news.mit.edu)

IBM Cloud login breaks for second time in a fortnight (theregister.com)

An Android 'sshd' server with shell access, rsync and scp/sftp services (github.com)

Moon Still Geologically Active: Ridges Formed Just 84M Years Ago (earthsky.org)

Configuring Jujutsu (oppi.li)

Show HN: Shopify Chat – Chat with any Shopify store (shopifychat.recllm.com)

Show HN: Fast Random Library for C++17

Comments (52)