<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<title>Issue 677: Weaknesses in seed_seq::randomize [rand.util.seedseq]</title>
<meta property="og:title" content="Issue 677: Weaknesses in seed_seq::randomize [rand.util.seedseq]">
<meta property="og:description" content="C++ library issue. Status: CD1">
<meta property="og:url" content="https://cplusplus.github.io/LWG/issue677.html">
<meta property="og:type" content="website">
<meta property="og:image" content="http://cplusplus.github.io/LWG/images/cpp_logo.png">
<meta property="og:image:alt" content="C++ logo">
<style>
  p {text-align:justify}
  li {text-align:justify}
  pre code.backtick::before { content: "`" }
  pre code.backtick::after { content: "`" }
  blockquote.note
  {
    background-color:#E0E0E0;
    padding-left: 15px;
    padding-right: 15px;
    padding-top: 1px;
    padding-bottom: 1px;
  }
  ins {background-color:#A0FFA0}
  del {background-color:#FFA0A0}
  table.issues-index { border: 1px solid; border-collapse: collapse; }
  table.issues-index th { text-align: center; padding: 4px; border: 1px solid; }
  table.issues-index td { padding: 4px; border: 1px solid; }
  table.issues-index td:nth-child(1) { text-align: right; }
  table.issues-index td:nth-child(2) { text-align: left; }
  table.issues-index td:nth-child(3) { text-align: left; }
  table.issues-index td:nth-child(4) { text-align: left; }
  table.issues-index td:nth-child(5) { text-align: center; }
  table.issues-index td:nth-child(6) { text-align: center; }
  table.issues-index td:nth-child(7) { text-align: left; }
  table.issues-index td:nth-child(5) span.no-pr { color: red; }
  @media (prefers-color-scheme: dark) {
     html {
        color: #ddd;
        background-color: black;
     }
     ins {
        background-color: #225522
     }
     del {
        background-color: #662222
     }
     a {
        color: #6af
     }
     a:visited {
        color: #6af
     }
     blockquote.note
     {
        background-color: rgba(255, 255, 255, .10)
     }
  }
</style>
</head>
<body>
<hr>
<p><em>This page is a snapshot from the LWG issues list, see the <a href="lwg-active.html">Library Active Issues List</a> for more information and the meaning of <a href="lwg-active.html#CD1">CD1</a> status.</em></p>
<h3 id="677"><a href="lwg-defects.html#677">677</a>. Weaknesses in seed_seq::randomize [rand.util.seedseq]</h3>
<p><b>Section:</b> 29.5.8.1 <a href="https://wg21.link/rand.util.seedseq">[rand.util.seedseq]</a> <b>Status:</b> <a href="lwg-active.html#CD1">CD1</a>
 <b>Submitter:</b> Charles Karney <b>Opened:</b> 2007-05-15 <b>Last modified:</b> 2016-01-28</p>
<p><b>Priority: </b>Not Prioritized
</p>
<p><b>View all other</b> <a href="lwg-index.html#rand.util.seedseq">issues</a> in [rand.util.seedseq].</p>
<p><b>View all issues with</b> <a href="lwg-status.html#CD1">CD1</a> status.</p>
<p><b>Discussion:</b></p>
<p>
<code>seed_seq::randomize</code> provides a mechanism for initializing random number
engines which ideally would yield "distant" states when given "close"
seeds.  The algorithm for <code>seed_seq::randomize</code> given in the current
Working Draft for C++,
<a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2007/n2284.pdf">N2284</a>
(2007-05-08), has 3 weaknesses
</p>

<ol>
<li>
<p> Collisions in state.  Because of the way the state is initialized,
    seeds of different lengths may result in the same state.  The
    current version of seed_seq has the following properties:</p>
<ul>
<li>  For a given <code>s &lt;= n</code>, each of the 2^(32s) seed vectors results in a
      distinct state.</li>
</ul>
<p>
    The proposed algorithm (below) has the considerably stronger
    properties:</p>
<ul>
<li>   All of the <code>(2^(32n)-1)/(2^32-1)</code> seed vectors of lengths <code>s &lt; n</code>
      result in distinct states.
</li>
<li>  All of the <code>2^(32n)</code> seed vectors of length <code>s == n</code> result in
      distinct states.
</li>
</ul>
</li>
<li>
<p> Poor mixing of <code>v'</code>s entropy into the state.  Consider <code>v.size() == n</code>
    and hold <code>v[n/2]</code> thru <code>v[n-1]</code> fixed while varying <code>v[0]</code> thru <code>v[n/2-1]</code>,
    a total of <code>2^(16n)</code> possibilities.  Because of the simple recursion
    used in <code>seed_seq</code>, <code>begin[n/2]</code> thru <code>begin[n-1]</code> can take on only 2^64
    possible states.</p>

<p> The proposed algorithm uses a more complex recursion which results
    in much better mixing.</p>
</li>
<li> <code>seed_seq::randomize</code> is undefined for <code>v.size() == 0</code>.  The proposed
    algorithm remedies this.
</li>
</ol>
<p>
The current algorithm for <code>seed_seq::randomize</code> is adapted by me from the
initialization procedure for the Mersenne Twister by Makoto Matsumoto
and Takuji Nishimura.  The weakness (2) given above was communicated to
me by Matsumoto last year.
</p>
<p>
The proposed replacement for <code>seed_seq::randomize</code> is due to Mutsuo Saito,
a student of Matsumoto, and is given in the implementation of the
SIMD-oriented Fast Mersenne Twister random number generator SFMT.
<a href="http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/SFMT/index.html">http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/SFMT/index.html</a>
<a href="http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/SFMT/SFMT-src-1.2.tar.gz">http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/SFMT/SFMT-src-1.2.tar.gz</a>
</p>
<p>
See
Mutsuo Saito,
An Application of Finite Field: Design and Implementation of 128-bit
Instruction-Based Fast Pseudorandom Number Generator,
Master's Thesis, Dept. of Math., Hiroshima University (Feb. 2007)
<a href="http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/SFMT/M062821.pdf">http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/SFMT/M062821.pdf</a>
</p>
<p>
One change has been made here, namely to treat the case of small <code>n</code>
(setting <code>t = (n-1)/2</code> for <code>n &lt; 7</code>).
</p>
<p>
Since <code>seed_seq</code> was introduced relatively recently there is little cost
in making this incompatible improvement to it.
</p>

<p>
See <a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2007/n2391.pdf">N2391</a> and
<a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2007/n2423.pdf">N2423</a>
for some further discussion.
</p>


<p id="res-677"><b>Proposed resolution:</b></p>
<p>
Adopt the proposed resolution in
<a href="http://www.open-std.org/jtc1/sc22/wg21/docs/papers/2007/n2423.pdf">N2423</a>.
</p>


<p><i>[
Kona (2007): The LWG adopted the proposed resolution of N2423 for this issue.
The LWG voted to accelerate this issue to Ready status to be voted into the WP at Kona.
]</i></p>





</body>
</html>
