PCG, A Family of Better Random Number Generators

PCG is a family of simple fast space-efficient statistically good algorithms for random number generation. Unlike many general-purpose RNGs, they are also hard to predict.

At-a-Glance Summary

	Statistical Quality	Prediction Difficulty	Reproducible Results	Multiple Streams	Period	Useful Features	Time Perfomance	Space Usage	Code Size & Complexity	k-Dimensional Equidistribution
PCG Family	Excellent	Challenging	Yes	Yes (e.g. 2⁶³)	Arbitrary	Jump ahead, Distance	Very fast	Very compact	Very small	Arbitrary^*
Mersenne Twister	Some Failures	Easy	Yes	No	Huge 2¹⁹⁹³⁷	Jump ahead	Acceptable	Huge (2 KB)	Complex	623
Arc4Random	Some Issues	Secure	Not Always	No	Huge 2¹⁶⁹⁹	No	Slow	Large (0.5 KB)	Complex	No
ChaCha20^†	Good	Secure	Yes	Yes (2¹²⁸)	2¹²⁸	Jump ahead, Distance	Fairly Slow	Plump (0.1 KB)	Complex	No
Minstd (LCG)	Many Issues	Trivial	Yes	No	Tiny < 2³²	Jump ahead, Distance	Acceptable	Very compact	Very small	No
LCG 64/32	Many Issues	Published Algorithms	Yes	Yes 2⁶³	Okay 2⁶⁴	Jump ahead, Distance	Very fast	Very compact	Very small	No
XorShift 32	Many Issues	Trivial	Yes	No	Small 2³²	Jump ahead	Fast	Very compact	Very small	No
XorShift 64	Many Issues	Trivial	Yes	No	Okay 2⁶⁴	Jump ahead	Fast	Very compact	Very small	No
RanQ	Some Issues	Trivial	Yes	No	Okay 2⁶⁴	Jump ahead	Fast	Very compact	Very small	No
XorShift* 64/32	Excellent	Unknown?	Yes	No	Okay 2⁶⁴	Jump ahead	Fast	Very compact	Very small	No	XXXXXX

^* For the PCG family, arbitrary k-dimensional equidistribution (and the huge periods it implies) requires PCG's extended generation scheme.
^† ChaCha entry based on an optimized C++ implementation of ChaCha, kindly provided by Orson Peters.

Contents

Random Number Generation Is Important

Algorithmic random number generators are everywhere, used for all kinds of tasks, from simulation to computational creativity. Learn more about algorithmic random number generation...

But despite their widespread use, the odds are that you're using a flawed random number generator.

What's Wrong with Your Current RNG

Most random number generators in widespread use today have one of the following problems:

Not Actually Random: Behaving like a true and unbiased source of randomness seems like a fundamental requirement that any random number generator ought to satisfy, yet many RNGs fail statistical tests for randomness. Learn more...
Predictable & Insecure: Many RNGs can be predicted with after observing small amount of their output. If you use random numbers as a way to ensure fairness or unpredictability, that's a problem. Learn more...
Mediocre Performance: Many RNGs are either slow or require a relatively large amount of memory. Learn more...
Lack Useful Features: Most popular RNGs don't provide useful features like “jump ahead”. Learn more...

Sure, some RNGs are bad, but I'm using a good one, right?

Unless you're using a very esoteric RNG, odds are that the RNG you're using is flawed in one way or another. If you're using the Mersenne Twister, arc4random, ChaCha20, Unix's drand48, Unix random, Unix rand, XorShift*, RanQ1, or several others there are flaws you might want to know about. Learn more...

The PCG Family Is Better

The PCG family combines properties not previously seen together in the same generation scheme:

It's really easy to use, and yet its very flexible and offers powerful features (including some that allow you to perform silly party tricks). Learn more...
It's very fast, and can occupy very little space. Learn more...
It has small code size. Learn more...
It's performance in statistical tests is excellent (see the PCG paper for full details).
It's much less predictable and thus more secure than most generators.
It's open source software, with a permissive license (the Apache license).

You can download C and C++ implementations today!

What Makes the PCG Family Different?

To explain why the PCG family is better, we need to get a little bit technical. There are two parts to a random number generator. We can see them as two functions:

The State-Transition Function: Governs how the RNG's internal state changes every time you ask for a random number
The Output Function: Turns the RNG's internal state into the actual random number

Most RNGs use a very simple output function. Many RNGs just use the identity function! They just return the state as is (making them easily predicted). Some RNGs combine multiple simple RNGs and thus have an output function that just merges them together (e.g., with addition or xor). Again, this is a very simple output function.

A few RNGs adopt the opposite approach. For example, the Fortuna RNG has a trivial state transition function (it just increments a counter), but uses a cryptographic block cypher as the output function.

The observation that underlies the PCG family is that these approaches are unbalanced, they put too much weight on one side or the other. The PCG family takes a more balanced approach.

PCG's State-Transition Function: The PCG family uses a linear congruential generator as the state-transition function—the “CG” of PCG stands for “congruential generator”. Linear congruential generators are known to be statistically weak, but PCG's state transition function only does half the work, so it doesn't need to be perfect. Moreover, LCGs have number of very useful properties that make them a good choice.
PCG's Output Function: PCG uses a new technique called permutation functions on tuples to produce output that is much more random than the RNG's internal state. PCG's output functions are what gives it its excellent statistical performance and makes it hard predict from its output (and thus more secure). The “P” in PCG stands for “permuted”.

That's it. The PCG paper describes permutation functions on tuples in depth, as well as the output functions used by different members of the PCG family.

If you'd like to use the PCG generation scheme, head to the download page.

The PCG Blog

The PCG blog has new developments and essays on topics related to PCG and random number generation in general. It tends to be updated more often than the rest of the site.