<div class="gmail_quote"><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="gmail_quote"><div class="im"><div>The more fundamental problem is that splitting is neither well understood nor generally safe, and as such it should not be in the basic Random class.</div>
</div></div></blockquote><div> </div><div>Would you mind elaborating? Splitting was not well-understood by the original authors of System.Random; that much is in the comments. Nor is it well understood by me. But I am under the impression that it is well understood by Burton Smith and others who have worked on the topic, and that they assure us that using AES, RNG's under any series of splits are as strong as those generated in a linear sequence. (And if you show otherwise, you have a crypto paper and quite a name for yourself.)</div>
<div> </div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;"><div class="gmail_quote"><div class="im"><div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
And I think we need splitting, especially as more Haskell programs become parallel.</blockquote><div><br>
</div></div><div>I do not agree here, I'm afraid.</div></div></blockquote><div><br></div><div>Could you expound on this also? The people I know in the parallelism community seem to care a lot about deterministic PRNG in parallel programs. For example, the Cilk folks at MIT and Intel who I work with are <b><i>modifying their runtime system </i></b>just to get deterministic parallel PRNG.</div>
<div><br></div><div>For example our in our "Monad Par" package splittable RNG will allow us to add a variant of the monad that provides randomness and transparently routes the state through the "forks" in the parallel computation, retaining the model's determinism.</div>
<div><br></div><div>-Ryan</div><div><br></div></div>