"Splitmixes" Pseudorandom Permuter, aka "WS-APHF"

Forgive the quirkiness of the title; I am not aware of a name for this concept, therefore I just made a few up.

This blogpost is about a particular way to construct what I call a "pseudorandom permuter". It is distinct from a regular pseudorandom number generator (PRNG) in that it is constructed such that the sequence will never repeat until all $$$M = 2^k$$$ integers in its machine-integer state space (32- or 64-bit) has been used. In other words, it's a way to produce a permutation of $$$[0, M)$$$ that's (hopefully) statistically indistinguishable from a truly random permutation.

The generator is made up of two parts, a "discrete Weyl sequence", and an "avalanching perfect hash function".

A "discrete Weyl sequence" is defined by a parameterized function $$$W_{s, \gamma}: [0, M) \rightarrow [0, M)$$$ where the $$$i$$$-th member of the sequence is $$$W_{s, \gamma}(i) = (s + \gamma \cdot i) \mod M$$$. The two parameters can be chosen using a standard random generator, with the caveat that $$$\gamma$$$ must be odd (this can be easily ensured by a | 1 instruction). This ensures it is coprime with the machine integer size $$$M$$$.

The advantage of the discrete Weyl sequence is that as it is parameterized, it is hard to predict by an adversarial test (whether by the problemsetter or by the "hacking" mechanic). The disadvantage however, is that it is extremely regular, and this regularity may be exploited by adversarial tests.

In comes the second part. An "avalanching perfect hash function" is a function that is "perfect" in the sense that it maps $$$[0, M) \rightarrow [0, M)$$$ without collisions, i.e. $$$a \neq b \Leftrightarrow f(a) \neq f(b)$$$, and exhibits the avalanche property, which is that flipping one bit in the input should flip roughly half the bits of the output without a regularly predictable pattern. Note that our discrete Weyl sequence fits the definition of a perfect hash function, however it doesn't exhibit an avalanche property.

Constructing a good APHF is more difficult, however since it doesn't have to be parameterized, we can simply use a fixed function. One option is to use the "multiply-xorshift" construction from the "splitmix64" generator:

function splitmix64_aphf(z: uint64): uint64 {
	z = (z ^ (z >> 30)) * 0xbf58476d1ce4e5b9;
	z = (z ^ (z >> 27)) * 0x94d049bb133111eb;
	return z ^ (z >> 31);
}

where ^ denotes the binary xor operator, and >> the unsigned right-shift operator. I also use another option for 32-bit integers, taken from this offsite blogpost:

function int32_aphf(z: uint32): uint32 {
	z = (z ^ (z >> 16)) * 0x7feb352d;
	z = (z ^ (z >> 15)) * 0x846ca68b;
	return z ^ (z >> 16);
}

Rev.	Кто	Когда	Δ	Комментарий
en9	Spheniscine	2020-10-30 14:46:33	17	Tiny change: 'e blogpost](https://' -> 'e blogpost by Chris Wellons](https://'
en8	Spheniscine	2020-10-27 14:51:18	2	Tiny change: ', \gamma}(i))$, where' -> ', \gamma}(x))$, where'
en7	Spheniscine	2020-10-27 14:39:43	5	Tiny change: 't exhibit an avalanche' -> 't exhibit the avalanche'
en6	Spheniscine	2020-10-27 14:28:05	1	Tiny change: 'ation of a unpredict' -> 'ation of an unpredict'
en5	Spheniscine	2020-10-27 14:27:27	1023	Tiny change: 'oses.)\n\n' -> 'oses.)\n\n## Applications' (published)
en4	Spheniscine	2020-10-27 14:10:01	584
en3	Spheniscine	2020-10-27 14:04:10	1597
en2	Spheniscine	2020-10-27 13:45:25	548	Tiny change: 'equence is:\n\n$W_{s, \ga' -> 'equence is $W_{s, \ga'
en1	Spheniscine	2020-10-27 13:37:08	636	Initial revision (saved to drafts)

Rev.

Язык

Кто

Когда

Комментарий

en9