Yasmarang

There was a 32-bit hash function I’ve played around some time ago. Not a big deal. Who need such hashes (even that days) anyway? But the benefit of this hash was easy conversion to PRNG and this is why Yasmarang came up as a replacement.

Yasmarang is a simple pseudorandom number generator with small footprint and good characteristics. Yep, yet another small random number generator but do not worry - there are no “the best ever” and the rest of blah-blah-blah here. Instead I just give you the portable C implementation:

unsigned long yasmarang(void)
{
   static unsigned long pad=0xeda4babaL, n=69, d=233;
   static unsigned char dat=0;

   pad+=dat+d*n;
   pad=(pad<<3)+(pad>>29);
   n=pad|2;
   d^=(pad<<31)+(pad>>1);
   dat^=(char) pad^(d>>8)^1; // changed, see "update" below (1)

   return (pad^(d<<5)^(pad>>18)^(dat<<1));  // changed, see "update" below (2)
}  // yasmarang

Output is a 32-bit random integers and it pass all the tests of randomness from Diehard Battery. Even though Yasmarang looks like a linear feedback congruential shift generator of some sort :)

Here are the fist 20 sample values, generated by the code above, to who may want to translate this code to another programming language:

BF5B0806 7334585E BC0C7B9D BDEC5ADE A5F12D68
978CA203 8CE2E203 37B2CE15 1B986BD2 2F3F1111
40197A2D 31057AB0 579401A4 1CF95A3C 744882AD
E6179123 9E1CAC6A 0D77D709 FB34195F 77831C40

Update
Two points in the originally proposed variant were highlighted during discussion on Yasmarang in the Usenet newsgroup sci.crypt.random-numbers.

Despite the fact Yasmarang pass all tests from the Diehard suite it demonstrates ambiguous results on Gorilla and Collisions difficult-to pass tests (something referenced as improved and stringent tests over the Diehard ones). This ambiguity can be avoided by using muddle. Yasmarang was designed to be able to muddle together with input data from the external source: eight bits from the input stream confuses by XOR with dat as a last step of the generation cycle. Input data stream does not have to be random or even variable and a single non-zero bit is sufficient. The extra “xor 1″ at (1) let Yasmarang pass either of tests - the “classic” Diehard and the “tuftests”.

Another point was the fact that it is possible to recover Yasmarang’s internal state after the first cycle and subsequently is possible to predict its output. Yasmarang was designed as a source of randomness in a first place, with a cryptographically security provided by its usage. For example a cryptographically secure stream cipher may be implemented using two differently seeded and cross-muddled yasmarangs where output of each generator confused with each other and a data stream. A pad value shall not be revealed to make Yasmarang a reasonable secure primitive (however mind that Yasmarang is not ment to be a cryptographical PRNG). The proposed obfuscation method is shown at (2) above.