chacha8rand
packagestandard library
This package is not in the latest version of its module.
Details
Validgo.mod file
The Go module system was introduced in Go 1.11 and is the official dependency management solution for Go.
- Redistributable license
Redistributable licenses place minimal restrictions on how software can be used, modified, and redistributed.
- Tagged version
Modules with tagged versions give importers more predictable builds.
- Stable version
When a project reaches major version v1 it is considered stable.
- Learn more about best practices
Repository
Links
Report a Vulnerability
Documentation¶
Overview¶
Package chacha8rand implements a pseudorandom generatorbased on ChaCha8. It is used by both runtime and math/rand/v2and must have minimal dependencies.
ChaCha8 is ChaCha with 8 rounds.Seehttps://cr.yp.to/chacha/chacha-20080128.pdf.
ChaCha8 operates on a 4x4 matrix of uint32 values, initially set to:
const1 const2 const3 const4seed seed seed seedseed seed seed seedcounter64 0 0
We use the same constants as ChaCha20 does, a random seed,and a counter. Running ChaCha8 on this input producesa 4x4 matrix of pseudo-random values with as much entropyas the seed.
Given SIMD registers that can hold N uint32s, it is possibleto run N ChaCha8 block transformations in parallel by fillingthe first register with the N copies of const1, the secondwith N copies of const2, and so on, and then running the operations.
Each iteration of ChaCha8Rand operates over 32 bytes of input andproduces 992 bytes of RNG output, plus 32 bytes of input for the nextiteration.
The 32 bytes of input are used as a ChaCha8 key, with a zero nonce, toproduce 1024 bytes of output (16 blocks, with counters 0 to 15).First, for each block, the values 0x61707865, 0x3320646e, 0x79622d32,0x6b206574 are subtracted from the 32-bit little-endian words atposition 0, 1, 2, and 3 respectively, and an increasing counterstarting at zero is subtracted from each word at position 12. Then,this stream is permuted such that for each sequence of four blocks,first we output the first four bytes of each block, then the next fourbytes of each block, and so on. Finally, the last 32 bytes of outputare used as the input of the next iteration, and the remaining 992bytes are the RNG output.
Seehttps://c2sp.org/chacha8rand for additional details.
Normal ChaCha20 implementations for encryption use this sameparallelism but then have to deinterlace the results so thatit appears the blocks were generated separately. For the purposesof generating random numbers, the interlacing is fine.We are simply locked in to preserving the 4-way interlacingin any future optimizations.
Index¶
Constants¶
This section is empty.
Variables¶
This section is empty.
Functions¶
Types¶
typeState¶
type State struct {// contains filtered or unexported fields}A State holds the state for a single random generator.It must be used from one goroutine at a time.If used by multiple goroutines at a time, the goroutinesmay see the same random values, but the code will notcrash or cause out-of-bounds memory accesses.
func (*State)Next¶
Next returns the next random value, along with a booleanindicating whether one was available.If one is not available, the caller should call Refilland then repeat the call to Next.
Next is //go:nosplit to allow its use in the runtimewith per-m data without holding the per-m lock.
Source Files