W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2012

Re: random numbers API

From: <Frederick.Hirsch@nokia.com>
Date: Fri, 16 Nov 2012 15:24:03 +0000
To: <pyalot@gmail.com>
CC: <Frederick.Hirsch@nokia.com>, <public-webapps@w3.org>
Message-ID: <1CB2E0B458B211478C85E11A404A2B2701819659@008-AM1MPN1-035.mgdnok.nokia.com>
The W3C Web Cryptography working group [1]  has a draft that seems to include a method to generate cryptographically random values [2].

I'm not sure how well that relates to what your use case requires but it might be worth looking at.

regards, Frederick

Frederick Hirsch
Nokia


[1] http://www.w3.org/2012/webcrypto/

[2] http://www.w3.org/TR/WebCryptoAPI/#Crypto-method-getRandomValues


On Nov 16, 2012, at 10:13 AM, ext Florian Bösch wrote:

Motivation: Web Applications enter the arena of interactive content creation/consumption (games, productivity software, etc.). A good PRNG would be desirable in many situations.

Web Applications that desire to use random numbers have a 4 problems with the existing Math.random function.

1) The implementation is not "high quality" in that the generated random numbers tend to be statistically poor compared to other higher quality PRNGs.

2) The API does not support seeding whereas the same sequence of random numbers can be generated twice if so desired.

3) It is based on floating points which due to machine differences even in the presence of seeding could generate different numbers.

4) Alternative implementations in JS suffer even in the presence of sophisticated JITing VMs from the fact that mathematics is done in doubles (in the case of addition, subtraction, division and multiplication) and by converting double -> int -> double (in the case of bitshifts and modulo division). This makes it both harder to implement a reliable PRNG and it makes it slow.

I would propose an alternative native code random number API that has the following characteristic:

- The returned value is based on integers ranging from 0 up to a specified limit.
- It is initializable with a seed
- It makes a guarantee that no matter on what machine the random number is generated, that the sequence of random numbers to the same seed is identical.
- It selects a suitable PRNG algorithm to that end that satisfies a high standard of statistical qualities of PRNGs and exhibits good runtime performance.

It could look something like this for example:

var prng = new PRNG(seed);
var x = prng.random(limit);
Received on Friday, 16 November 2012 15:24:34 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:56 GMT