PCG, A Family of Better Random Number Generators

PCG is a family of simple fast space-efficient statistically good algorithms for random number generation. Unlike many general-purpose RNGs, they are also hard to predict.

At-a-Glance Summary

Statistical Quality
Prediction Difficulty
Reproducible Results
Multiple Streams
Period
Useful Features
Time Perfomance
Space Usage
Code Size & Complexity
k-Dimensional Equidistribution
PCG Family Excellent Challenging Yes Yes
(e.g. 263)
Arbitrary Jump ahead,
Distance
Very
fast
Very
compact
Very
small
Arbitrary*
Mersenne Twister Some Failures Easy Yes No Huge
219937
Jump ahead Acceptable Huge
(2 KB)
Complex 623
Arc4Random Some Issues Secure Not Always No Huge
21699
No Slow Large
(0.5 KB)
Complex No
ChaCha20 Good Secure Yes Yes
(2128)
2128 Jump ahead, Distance Fairly
Slow
Plump
(0.1 KB)
Complex No
Minstd (LCG) Many Issues Trivial Yes No Tiny
< 232
Jump ahead, Distance Acceptable Very
compact
Very
small
No
LCG 64/32 Many Issues Published Algorithms Yes Yes
263
Okay
264
Jump ahead, Distance Very
fast
Very
compact
Very
small
No
XorShift 32 Many Issues Trivial Yes No Small
232
Jump ahead Fast Very
compact
Very
small
No
XorShift 64 Many Issues Trivial Yes No Okay
264
Jump ahead Fast Very
compact
Very
small
No
RanQ Some Issues Trivial Yes No Okay
264
Jump ahead Fast Very
compact
Very
small
No
XorShift* 64/32 Excellent Unknown? Yes No Okay
264
Jump ahead Fast Very
compact
Very
small
No XXXXXX
* For the PCG family, arbitrary k-dimensional equidistribution (and the huge periods it implies) requires PCG's extended generation scheme.
ChaCha entry based on an optimized C++ implementation of ChaCha, kindly provided by Orson Peters.

Random Number Generation Is Important

Algorithmic random number generators are everywhere, used for all kinds of tasks, from simulation to computational creativity. Learn more about algorithmic random number generation...

But despite their widespread use, the odds are that you're using a flawed random number generator.

What's Wrong with Your Current RNG

Most random number generators in widespread use today have one of the following problems:

Not Actually Random
Behaving like a true and unbiased source of randomness seems like a fundamental requirement that any random number generator ought to satisfy, yet many RNGs fail statistical tests for randomness. Learn more...
Predictable & Insecure
Many RNGs can be predicted with after observing small amount of their output. If you use random numbers as a way to ensure fairness or unpredictability, that's a problem. Learn more...
Mediocre Performance
Many RNGs are either slow or require a relatively large amount of memory. Learn more...
Lack Useful Features
Most popular RNGs don't provide useful features like “jump ahead”. Learn more...

Sure, some RNGs are bad, but I'm using a good one, right?

Unless you're using a very esoteric RNG, odds are that the RNG you're using is flawed in one way or another. If you're using the Mersenne Twister, arc4random, ChaCha20, Unix's drand48, Unix random, Unix rand, XorShift*, RanQ1, or several others there are flaws you might want to know about. Learn more...

The PCG Family Is Better

The PCG family combines properties not previously seen together in the same generation scheme:

You can download C and C++ implementations today!

What Makes the PCG Family Different?

To explain why the PCG family is better, we need to get a little bit technical. There are two parts to a random number generator. We can see them as two functions:

The State-Transition Function
Governs how the RNG's internal state changes every time you ask for a random number
The Output Function
Turns the RNG's internal state into the actual random number

Most RNGs use a very simple output function. Many RNGs just use the identity function! They just return the state as is (making them easily predicted). Some RNGs combine multiple simple RNGs and thus have an output function that just merges them together (e.g., with addition or xor). Again, this is a very simple output function.

A few RNGs adopt the opposite approach. For example, the Fortuna RNG has a trivial state transition function (it just increments a counter), but uses a cryptographic block cypher as the output function.

The observation that underlies the PCG family is that these approaches are unbalanced, they put too much weight on one side or the other. The PCG family takes a more balanced approach.

PCG's State-Transition Function
The PCG family uses a linear congruential generator as the state-transition function—the “CG” of PCG stands for “congruential generator”. Linear congruential generators are known to be statistically weak, but PCG's state transition function only does half the work, so it doesn't need to be perfect. Moreover, LCGs have number of very useful properties that make them a good choice.
PCG's Output Function
PCG uses a new technique called permutation functions on tuples to produce output that is much more random than the RNG's internal state. PCG's output functions are what gives it its excellent statistical performance and makes it hard predict from its output (and thus more secure). The “P” in PCG stands for “permuted”.

That's it. The PCG paper describes permutation functions on tuples in depth, as well as the output functions used by different members of the PCG family.

If you'd like to use the PCG generation scheme, head to the download page.