random: move XoRoShiRo128PlusPlus into random module

This is preparation for making it more generally accessible.

Author: sipa

src/Makefile.test.include

@@ -173,8 +173,7 @@ BITCOIN_TESTS =\
   test/validation_flush_tests.cpp \
   test/validation_tests.cpp \
   test/validationinterface_tests.cpp \
-  test/versionbits_tests.cpp \
-  test/xoroshiro128plusplus_tests.cpp
+  test/versionbits_tests.cpp
 
 if ENABLE_WALLET
 BITCOIN_TESTS += \

src/Makefile.test_util.include

@@ -23,8 +23,7 @@ TEST_UTIL_H = \
   test/util/str.h \
   test/util/transaction_utils.h \
   test/util/txmempool.h \
-  test/util/validation.h \
-  test/util/xoroshiro128plusplus.h
+  test/util/validation.h
 
 if ENABLE_WALLET
 TEST_UTIL_H += wallet/test/util.h

src/random.h

@@ -349,6 +349,57 @@ class FastRandomContext : public RandomMixin<FastRandomContext>
     void fillrand(Span<std::byte> output) noexcept;
 };
 
+/** xoroshiro128++ PRNG. Extremely fast, not appropriate for cryptographic purposes.
+ *
+ * Memory footprint is 128bit, period is 2^128 - 1.
+ * This class is not thread-safe.
+ *
+ * Reference implementation available at https://prng.di.unimi.it/xoroshiro128plusplus.c
+ * See https://prng.di.unimi.it/
+ */
+class XoRoShiRo128PlusPlus
+{
+    uint64_t m_s0;
+    uint64_t m_s1;
+
+    [[nodiscard]] constexpr static uint64_t SplitMix64(uint64_t& seedval) noexcept
+    {
+        uint64_t z = (seedval += 0x9e3779b97f4a7c15);
+        z = (z ^ (z >> 30)) * 0xbf58476d1ce4e5b9;
+        z = (z ^ (z >> 27)) * 0x94d049bb133111eb;
+        return z ^ (z >> 31);
+    }
+
+public:
+    using result_type = uint64_t;
+
+    constexpr explicit XoRoShiRo128PlusPlus(uint64_t seedval) noexcept
+        : m_s0(SplitMix64(seedval)), m_s1(SplitMix64(seedval)) {}
+
+    // no copy - that is dangerous, we don't want accidentally copy the RNG and then have two streams
+    // with exactly the same results.
+    XoRoShiRo128PlusPlus(const XoRoShiRo128PlusPlus&) = delete;
+    XoRoShiRo128PlusPlus& operator=(const XoRoShiRo128PlusPlus&) = delete;
+
+    // allow moves
+    XoRoShiRo128PlusPlus(XoRoShiRo128PlusPlus&&) = default;
+    XoRoShiRo128PlusPlus& operator=(XoRoShiRo128PlusPlus&&) = default;
+
+    constexpr result_type operator()() noexcept
+    {
+        uint64_t s0 = m_s0, s1 = m_s1;
+        const uint64_t result = std::rotl(s0 + s1, 17) + s0;
+        s1 ^= s0;
+        m_s0 = std::rotl(s0, 49) ^ s1 ^ (s1 << 21);
+        m_s1 = std::rotl(s1, 28);
+        return result;
+    }
+
+    static constexpr result_type min() noexcept { return std::numeric_limits<result_type>::min(); }
+    static constexpr result_type max() noexcept { return std::numeric_limits<result_type>::max(); }
+    static constexpr double entropy() noexcept { return 0.0; }
+};
+
 /** More efficient than using std::shuffle on a FastRandomContext.
  *
  * This is more efficient as std::shuffle will consume entropy in groups of

src/test/fuzz/bip324.cpp

@@ -4,11 +4,11 @@
 
 #include <bip324.h>
 #include <chainparams.h>
+#include <random.h>
 #include <span.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 #include <test/fuzz/util.h>
-#include <test/util/xoroshiro128plusplus.h>
 
 #include <cstdint>
 #include <vector>

src/test/fuzz/bitset.cpp

@@ -2,9 +2,9 @@
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
+#include <random.h>
 #include <span.h>
 #include <test/fuzz/util.h>
-#include <test/util/xoroshiro128plusplus.h>
 #include <util/bitset.h>
 
 #include <bitset>

src/test/fuzz/crypto_chacha20.cpp

@@ -3,10 +3,10 @@
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
 #include <crypto/chacha20.h>
+#include <random.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 #include <test/fuzz/util.h>
-#include <test/util/xoroshiro128plusplus.h>
 
 #include <array>
 #include <cstddef>

src/test/fuzz/p2p_transport_serialization.cpp

@@ -10,7 +10,6 @@
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 #include <test/fuzz/util.h>
-#include <test/util/xoroshiro128plusplus.h>
 #include <util/chaintype.h>
 
 #include <cassert>

src/test/fuzz/poolresource.cpp

@@ -2,13 +2,13 @@
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
+#include <random.h>
 #include <span.h>
 #include <support/allocators/pool.h>
 #include <test/fuzz/FuzzedDataProvider.h>
 #include <test/fuzz/fuzz.h>
 #include <test/fuzz/util.h>
 #include <test/util/poolresourcetester.h>
-#include <test/util/xoroshiro128plusplus.h>
 
 #include <cstdint>
 #include <tuple>

src/test/fuzz/vecdeque.cpp

@@ -2,9 +2,9 @@
 // Distributed under the MIT software license, see the accompanying
 // file COPYING or http://www.opensource.org/licenses/mit-license.php.
 
+#include <random.h>
 #include <span.h>
 #include <test/fuzz/util.h>
-#include <test/util/xoroshiro128plusplus.h>
 #include <util/vecdeque.h>
 
 #include <deque>

src/test/random_tests.cpp

@@ -219,4 +219,21 @@ BOOST_AUTO_TEST_CASE(shuffle_stat_test)
     BOOST_CHECK_EQUAL(sum, 12000U);
 }
 
+BOOST_AUTO_TEST_CASE(xoroshiro128plusplus_reference_values)
+{
+    // numbers generated from reference implementation
+    XoRoShiRo128PlusPlus rng(0);
+    BOOST_TEST(0x6f68e1e7e2646ee1 == rng());
+    BOOST_TEST(0xbf971b7f454094ad == rng());
+    BOOST_TEST(0x48f2de556f30de38 == rng());
+    BOOST_TEST(0x6ea7c59f89bbfc75 == rng());
+
+    // seed with a random number
+    rng = XoRoShiRo128PlusPlus(0x1a26f3fa8546b47a);
+    BOOST_TEST(0xc8dc5e08d844ac7d == rng());
+    BOOST_TEST(0x5b5f1f6d499dad1b == rng());
+    BOOST_TEST(0xbeb0031f93313d6f == rng());
+    BOOST_TEST(0xbfbcf4f43a264497 == rng());
+}
+
 BOOST_AUTO_TEST_SUITE_END()