{"id":13456833,"url":"https://github.com/avaneev/prvhash","last_synced_at":"2025-03-24T11:31:32.332Z","repository":{"id":38688498,"uuid":"286408909","full_name":"avaneev/prvhash","owner":"avaneev","description":"PRVHASH - Pseudo-Random-Value Hash. Hash functions, PRNG with unlimited period, randomness extractor, and a glimpse into abyss. (inline C/C++) (Codename Gradilac/Градилак)","archived":false,"fork":false,"pushed_at":"2025-03-12T12:51:09.000Z","size":10339,"stargazers_count":312,"open_issues_count":0,"forks_count":23,"subscribers_count":21,"default_branch":"master","last_synced_at":"2025-03-12T13:36:56.939Z","etag":null,"topics":["cellular-automata","hash","hash-algorithm","hash-function","hash-functions","hashing","hashing-algorithm","hashing-algorithms","prng","prng-algorithms","prng-methods","pseudo-random","pseudo-random-generator","pseudorandom","random","random-number-generators","random-numbers"],"latest_commit_sha":null,"homepage":"","language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/avaneev.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-08-10T07:39:52.000Z","updated_at":"2025-03-12T12:51:14.000Z","dependencies_parsed_at":"2025-03-12T13:32:43.848Z","dependency_job_id":"abac48a4-71e4-4406-9019-1a746396bd4d","html_url":"https://github.com/avaneev/prvhash","commit_stats":null,"previous_names":[],"tags_count":38,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avaneev%2Fprvhash","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avaneev%2Fprvhash/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avaneev%2Fprvhash/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/avaneev%2Fprvhash/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/avaneev","download_url":"https://codeload.github.com/avaneev/prvhash/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":245260895,"owners_count":20586494,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["cellular-automata","hash","hash-algorithm","hash-function","hash-functions","hashing","hashing-algorithm","hashing-algorithms","prng","prng-algorithms","prng-methods","pseudo-random","pseudo-random-generator","pseudorandom","random","random-number-generators","random-numbers"],"created_at":"2024-07-31T08:01:28.600Z","updated_at":"2025-03-24T11:31:32.324Z","avatar_url":"https://github.com/avaneev.png","language":"C","readme":"# PRVHASH - Pseudo-Random-Value Hash (in C/C++) #\n\n## Introduction ##\n\nPRVHASH is a hash function that generates a [uniform pseudo-random number\nsequence](https://en.wikipedia.org/wiki/Pseudorandom_number_generator)\nderived from the message. PRVHASH is conceptually similar (in the sense of\nusing a pseudo-random number sequence as a hash) to [`keccak`](https://en.wikipedia.org/wiki/SHA-3)\nand [`RadioGatun`](https://en.wikipedia.org/wiki/RadioGat%C3%BAn)\nschemes, but is a completely different implementation of such concept.\nPRVHASH is both a [\"randomness extractor\"](https://en.wikipedia.org/wiki/Randomness_extractor)\nand an \"extendable-output function\" (XOF).\n\nPRVHASH can generate 64- to unlimited-bit hashes, yielding hashes of\napproximately equal quality independent of the chosen hash length. PRVHASH is\nbased on 64-bit math, which is scalar, portable, cross-platform, inlineable,\nC++ compatible (fairly efficient on 32-bit systems as well). The use of the\nfunction beyond 1024-bit hashes is easily possible, but has to be\nstatistically tested. For example, any 32-bit element extracted from 2048-, or\n4096-bit resulting hash is as collision resistant as just a 32-bit hash. It is\na fixed execution time hash function that depends only on message's length.\nA streamed, higher-security, hashing implementation is available.\n\nPRVHASH is solely based on the butterfly effect, inspired by [LCG](https://en.wikipedia.org/wiki/Linear_congruential_generator)\npseudo-random number generators. The generated hashes have good avalanche\nproperties. For best security, a random seed should be supplied to the hash\nfunction, but this is not a requirement.\n\n64-, 128-, 192-, 256-, 512-, and 1024-bit PRVHASH hashes pass all\n[SMHasher](https://github.com/rurban/smhasher) tests. Other hash lengths were\nnot thoroughly tested, but extrapolations can be made. The author makes no\ncryptographic claims (neither positive nor negative) about PRVHASH-based\nconstructs.\n\nPRVHASH core function can be used as a PRNG with an arbitrarily-chosen\n(practically unlimited) period, depending on the number of hashwords in the\nsystem.\n\n## PRVHASH64 ##\n\nPlease see the `prvhash64.h` file for the details of the basic hash function\nimplementation (the `prvhash.h`, `prvhash4.h`, `prvhash42.h`, and versions\nbelow 4.3 are outdated versions). While this hash function is most likely\nirreversible, according to SAT solver-based testing, it does not feature a\npreimage resistance. This function should not be used in open systems, without\na secret seed. Note that `64` refers to core function's variable size.\n\nThe default `prvhash64.h`-based 64-bit hash of the string `The cat is out of\nthe bag` is `6ac39f7ac0c94d63`.\n\nA proposed short name for hashes created with `prvhash64.h` is `PRH64-N`,\nwhere `N` is the hash length in bits (e.g., `PRH64-256`).\n\n## PRVHASH64_64M ##\n\nThis is a minimized implementation of the `prvhash64` hash function. Arguably,\nit is the smallest hash function in the world, that produces 64-bit hashes of\nthis quality level. While this function does not provide a throughput that can\nbe considered \"fast\", due to its statistical properties it is practically fast\nfor hash-maps and hash-tables.\n\n## Streamed Hashing ##\n\nThe file `prvhash64s.h` includes a relatively fast streamed hashing function\nwhich utilizes a \"fused\" PRVHASH arrangement. Please take a look at the\n`prvhash64s_oneshot()` function for usage example. The `prvhash64s` offers\nboth an increased security and hashing speed.\n\nThis function has an increased preimage resistance compared to the basic\nhash function implementation. Preimage resistance cannot be currently\nestimated exactly, but the hash length affects it exponentially. Also,\npreimage attack usually boils down to exchange of forged symbols to \"trash\"\nsymbols (at any place of the data stream); substitutions usually end up as\nbeing quite random, possibly damaging to any compressed or otherwise\nstructured file. Which means that data compression software and libraries\nshould always check any left-over, \"unused\", data beyond the valid compressed\nstream, for security reasons.\n\nTime complexity for preimage attack fluctuates greatly as preimage resistance\nlikely has a random-logarithmic PDF of timing.\n\nEven though a formal proof is not yet available, the author assumes this\nhash function can compete with widely-used SHA2 and SHA3 families of hash\nfunctions while at the same time offering a considerably higher performance\nand scalability. When working in open systems, supplying a secret seed is not\na requirement for this hash function.\n\nThe performance (expressed in cycles/byte) of this hash function on various\nplatforms can be evaluated at the\n[ECRYPT/eBASH project](https://bench.cr.yp.to/results-hash.html).\n\nThe default `prvhash64s.h`-based 64-bit hash of the string `The cat is out of\nthe bag` is `2043ccf52ae2ca6f`.\n\nThe default `prvhash64s.h`-based 256-bit hash of the string\n`Only a toilet bowl does not leak` is\n`b13683799b840002689a1a42d93c826c25cc2d1f1bc1e48dcd005aa566a47ad8`.\n\nThe default `prvhash64s.h`-based 256-bit hash of the string\n`Only a toilet bowl does not leaj` is\n`d4534a922fd4f15ae8c6cc637006d1f33f655b06d60007a226d350e87e866250`.\n\nThis demonstrates the [Avalanche effect](https://en.wikipedia.org/wiki/Avalanche_effect).\nOn a set of 216553 English words, pair-wise hash comparisons give average\n50.0% difference in resulting hash bits, which fully satisfies the strict\navalanche criterion.\n\nThis streamed hash function produces hash values that are different to the\n`prvhash64` hash function. It is incorrect to use both of these hash function\nimplementations on the same data set. While `prvhash64` can be used as a hash\nfor hash-tables and in-memory data blocks, `prvhash64s` can be used to create\nhashes of large data blocks like files, in streamed mode.\n\nA proposed short name for hashes created with `prvhash64s.h` is `PRH64S-N`,\nwhere `N` is the hash length in bits (e.g., `PRH64S-256`). Or simply, `SH4-N`,\n`Secure Hash 4`.\n\n## Minimal PRNG for Everyday Use ##\n\nThe core function can be easily integrated into your applications, to be used\nas an effective PRNG. The period of this minimal PRNG is at least\n2\u003csup\u003e159\u003c/sup\u003e. The initial parameters can be varied at will, and won't\n\"break\" the PRNG. Setting only the `Seed` value guarantees a random start\npoint within the whole PRNG period, with at least 2\u003csup\u003e64\u003c/sup\u003e spacing.\nThe code follows.\n\n```c\n#include \"prvhash_core.h\"\n#include \u003cstdio.h\u003e\n\nint main()\n{\n    uint64_t Seed = 0;\n    uint64_t lcg = 0;\n    uint64_t Hash = 0;\n\n    uint64_t v = 0;\n    uint64_t i;\n\n    for( i = 0; i \u003c ( (uint64_t) 1 \u003c\u003c 28 ); i++ )\n    {\n        v = prvhash_core64( \u0026Seed, \u0026lcg, \u0026Hash );\n    }\n\n    printf( \"%llu\\n\", v );\n}\n```\n\nFor implementation assurance, here are the first 16 output values in hex\n(starting from the all-zeroes state):\n\n```\n0x5555555555555555 0x00000000DB6DB6DB 0x2492492192492492 0x75D75DA0AAAAAA79\n0x93064E905C127FE5 0xE2585C9CA95671A3 0x28A44B31D428179E 0x11B0B6A8D4BA3A73\n0x195C6A4C23EE71AD 0x5AA47859226BA23E 0xA7D42121695056D4 0x142D7CD5D83342F2\n0x3D42E83328C09C8F 0x7E691C66BAC23222 0x82E1032F441F23A5 0xA4BDE5C4A05E6256\n```\n\nNote that such minimal 1-hashword PRNG is most definitely not\ncryptographically-secure: its state can be solved by a SAT solver pretty fast;\nthis applies to other arrangements (\"fused\", \"parallel\", multiple hashwords;\nwith daisy-chaining being harder to solve). The known way to make PRNG\nconsiderably harder to solve for a SAT solver, with complexity corresponding\nto system's size, is to combine two adjacent PRNG outputs via XOR operation;\nthis obviously has a speed impact and produces output with more than 1\nsolution (most probably, 2). This, however, does not measurably increase the\nprobability of PRNG output overlap, which stays below\n1/2\u003csup\u003esys_size_bits\u003c/sup\u003e; in tests, practically undetectable.\n\nSo, the basic PRNG with some, currently not formally-proven, security is as\nfollows (XOR two adjacent outputs to produce a single \"compressed\" PRNG\noutput):\n\n```c\nv = prvhash_core64( \u0026Seed, \u0026lcg, \u0026Hash );\nv ^= prvhash_core64( \u0026Seed, \u0026lcg, \u0026Hash );\n```\n\nA similar approach is to simply skip the next generated random number, but it\nis slightly less secure. It is likely that PRVHASH's k-equidistribution of\nseparate outputs is implicitly secure. The reason is that skipping or XORing\ncreates uncertainty or entanglement of current output with system's state\n\"hashword array length\" of outputs back. 3 XORs are needed to provide preimage\nresistance, or resistance against selection of entropy input that leads to\na desired output. The security becomes effective only after system's\ninitialization: initial \"conditioning\" rounds and a full hashword array pass.\n\n## TPDF Dithering ##\n\nThe core function can be used to implement a \"statistically-good\" and\n\"neutrally-sounding\" dithering noise for audio signals; for both\nfloating-point to fixed-point, and bit-depth conversions.\n\n```c\nuint64_t rv = prvhash_core64( \u0026Seed, \u0026lcg, \u0026Hash );\ndouble tpdf = ( (int64_t) (uint32_t) rv - (int64_t) ( rv \u003e\u003e 32 )) * 0x1p-32;\n```\n\n## Floating-Point PRNG ##\n\nThe following expression can be used to convert 64-bit unsigned value to\nfull-mantissa floating-point value, without a truncation bias:\n\n```c\nuint64_t rv = prvhash_core64( \u0026Seed, \u0026lcg, \u0026Hash );\ndouble v = ( rv \u003e\u003e ( 64 - 53 )) * 0x1p-53;\n```\n\n## Gradilac PRNG (C++) ##\n\nThe `gradilac.h` file includes the Gradilac C++ class which is a generalized\ntemplated implementation of PRVHASH PRNG that provides integer, single bit,\nfloating-point, TPDF, Normal random number generation with a straight-forward\nfront-end to specify PRVHASH system's properties. Supports on-the-go\nre-seeding, including re-seeding using sparse entropy (for CSPRNG uses). Does\nnot require other PRVHASH header files.\n\nUse `Gradilac\u003c 316 \u003e` to match Mersenne Twister's PRNG period.\n\nNote that this class may not be as efficient for \"bulk\" random number\ngeneration as a custom-written code. Nevertheless, Gradilac PRNG class, with\nits 1.0 cycles/byte floating-point performance (at default template settings),\nis competitive among other C++ PRNGs.\n\n## Entropy PRNG ##\n\nPRVHASH can be also used as an efficient general-purpose PRNG with an external\nentropy source injections (like how the `/dev/urandom` works on Unix): this\nwas tested, and works well when 8-bit true entropy injections are done\ninbetween 8 to 2048 generated random bytes (delay is also obtained via the\nentropy source). An example generator is implemented in the `prvrng.h` file:\nsimply call the `prvrng_test64p2()` function.\n\n`prvrng_gen64p2()`-based generator passes [`PractRand`](http://pracrand.sourceforge.net/)\n32 TB threshold with rare non-systematic \"unusual\" evaluations. Which suggests\nit is the working randomness extractor that can \"recycle\" entropy of any\nstatistical quality, probably the first in the world.\n\nNote that due to the structure of the core function the probability of PRNG\ncompletely \"stopping\", or \"stalling\", or losing internal entropy, is absent.\n\nThe core function, without external entropy injections, with any initial\ncombination of `lcg`, `Seed`, and `Hash` eventually converges into one of\nrandom number sub-sequences. These are mostly time-delayed versions of only a\nsmaller set of unique sequences. There are structural limits in this PRNG\nsystem which can be reached if there is only a small number of hashwords in\nthe system. PRNG will continously produce non-repeating random sequences given\nexternal entropy input, but their statistical quality on a larger frames will\nbe limited by the size of `lcg` and `Seed` variables, and the number of\nhashwords in the system, and the combinatorial capacity of the external\nentropy. A way to increase the structural limit is to use the \"fused\" PRNG\narrangement demonstrated in the `prvhash64s.h` file, which additionally\nincreases the security exponentially. Also any non-constant entropy input\nusually increases the period of randomness, which, when extrapolated to\nhashing, means that the period increases by message's combinatorial capacity\n(or the number of various combinations of its bits). The maximal PRNG period's\n2\u003csup\u003eN\u003c/sup\u003e exponent is hard to approximate exactly, but in most tests it\nwas equal to at least system's size in bits, minus the number of hashwords in\nthe system, minus 1/4 of `lcg` and `Seed` variables' size (e.g., `159` for a\nminimal PRNG).\n\nMoreover, the PRVHASH systems can be freely daisy-chained by feeding their\noutputs to `Seed`/`lcg` inputs, adding some security firewalls, and increasing\nthe PRNG period of the final output accordingly. Note that any external PRNG\noutput can be inputted via `Seed`, or via both `Seed` and `lcg`, yielding PRNG\nperiod exponent summation. For hashing and external unstructured entropy, only\nsimultaneous input via `Seed` and `lcg` works in practice (period's exponent\nincrease occurs as well).\n\nWhile `lcg`, `Seed`, and `Hash` variables are best initialized with good\nentropy source (however, structurally, they can accept just about any entropy\nquality while only requiring an initial \"conditioning\"), the message can be\nsparsely-random: even an increasing counter can be considered as having a\nsuitable sparse entropy.\n\n## Two-Bit PRNG ##\n\nThis is a \"just for fun\" example, but it passes 256 MB PractRand threshold.\nYou CAN generate pseudo-random numbers by using 2-bit shuffles; moreover, you\ncan input external entropy into the system.\n\n```c\n#include \u003cstdio.h\u003e\n#include \"prvhash_core.h\"\n#define PH_HASH_COUNT 42\n\nint main()\n{\n    uint8_t Seed = 0;\n    uint8_t lcg = 0;\n    uint8_t Hash[ PH_HASH_COUNT ] = { 0 };\n    int HashPos = 0;\n    int l;\n\n    for( l = 0; l \u003c 256; l++ )\n    {\n        uint8_t r = 0;\n        int k;\n\n        for( k = 0; k \u003c 4; k++ )\n        {\n            r \u003c\u003c= 2;\n            r |= prvhash_core2( \u0026Seed, \u0026lcg, Hash + HashPos );\n\n            HashPos++;\n\n            if( HashPos == PH_HASH_COUNT )\n            {\n                HashPos = 0;\n            }\n        }\n\n        if( l \u003e PH_HASH_COUNT / 3 ) // Skip PRNG initialization.\n        {\n            printf( \"%4i \", (int) r );\n        }\n    }\n}\n```\n\n## Description ##\n\nHere is the author's vision on how the core function works. In actuality,\ncoming up with this solution was accompanied by a lot of trial and error.\nIt was especially hard to find a better \"hashing finalization\" solution.\n\n```c\nSeed ^= msgw; lcg ^= msgw; // Mix in external entropy (or daisy-chain).\n\nSeed *= lcg * 2 + 1; // Multiply random by random, without multiply by zero.\nconst uint64_t rs = Seed \u003e\u003e 32 | Seed \u003c\u003c 32; // Produce halves-swapped copy.\nHash += rs + 0xAAAAAAAAAAAAAAAA; // Accumulate to hash, add raw entropy (self-start).\nlcg += Seed + 0x5555555555555555; // Output-bound entropy accumulation, add raw entropy.\nSeed ^= Hash; // Mix new seed value with hash. Entropy feedback.\nconst uint64_t out = lcg ^ rs; // Produce \"compressed\" output.\n```\n\n(for even better statistical results, the `rs` variable should receive a\nbit-reversed `Seed` value, with `lcg ^= msgw;` operation performed after the\n`out` is obtained)\n\nThis function can be arbitrarily scaled to any even-sized variables: 2-, 4-,\n8-, 16-, 32-, 64-bit variable sizes were tested, with similar statistical\nresults. Since mathematical structure of the function does not depend on the\nvariables' size, statistical analysis can be performed using smaller variable\nsizes, with the results being extrapolatable to larger variable sizes, with a\nhigh probability (the function is invariant to the variable size). Also note\nthat the `0xAAAA...` constant is not an arbitrary constant since it should be\nproduced algorithmically by replicating the `10` bit-pairs, to match the\nvariable size; it represents the \"raw entropy bit-train\". The same applies to\nthe `0x5555...` constant. An essential property of these bit-trains is that\nthey are uncorrelated to any uniformly-random bit-sequences, at all times.\nPractically, `10` and `01` bit-pairs can be also used as constants, without\nreplication, but this does not provide conclusively better results for PRNG,\nand does not work well for hashing; also, self-starting period becomes\nlonger. A conceptual aspect of replicated bit-pairs is that they represent the\nsimplest maximum-entropy number that lacks information (bit-pair is a minimal\nsequence that can exhibit entropy, with replication count bound to state\nvariable size). While \"magic numbers\" can be used instead of these bit-trains\n(at least for PRNG), they do not posses the property of not having an\ninformation (zero spectrum beside DC and Nyquist components).\n\nIt is important to point out that the presence of the `0xAAAA...` and\n`0x5555...` constants logically assure that the `Seed` and `lcg` variables\nquickly recover from the \"zero-state\". Beside that, these constants logically\nprohibit synchronous control over `Seed` and `lcg` variables: different bits\nof the input entropy will reach these variables. When the system starts from\nthe \"zero-state\", with many hashwords in the system, it is practically\nimpossible to find a preimage (including a repetitious one) that stalls the\nsystem, and thus it is impossible to perform a multi-collision attack.\nHowever, since this risk cannot be estimated exactly, the `prvhash64s` hash\nfunction adds a message length value to the end of the data stream.\n\nHow does it work? First of all, this PRNG system, represented by the core\nfunction, does not work with numbers in a common sense: it works with\n[entropy](https://en.wikipedia.org/wiki/Entropy_(information_theory)),\nor random sequences of bits. The current \"expression\" of system's overall\ninternal entropy - the `Seed` - gets multiplied (\"smeared\") by a supporting,\noutput-bound variable - `lcg`, - which is also a random value, transformed in\nan LCG-alike manner. As a result, a new random value is produced which\nrepresents two independent random variables (in lower and higher parts of the\nregister), a sort of \"entropy stream sub-division\" happens. This result is\nthen halves-swapped, and is accumulated in the `Hash` together with the `10`\nbit-train which adds the \"raw entropy\", allowing the system to be\nself-starting. The original multiplication result is accumulated in the `lcg`\nvariable. The `Seed` is then updated with the hashword produced on previous\nrounds. The reason the message's entropy (which may be sparse or non-random)\ndoes not destabilize the system is because the message becomes hidden in the\ninternal entropy (alike to a cryptographic one-time-pad); message's\ndistribution becomes unimportant, and system's state remains statistically\ncontinuous. Both accumulations - of the halves-swapped and the original\nresult of multiplication - produce a uniformly-distributed value in the\ncorresponding variables; a sort of \"de-sub-division\" happens in these.\n\nThe two instructions - `Seed *= lcg * 2 + 1`, `lcg += Seed` - represent an\n\"ideal\" bit-shuffler: this construct represents a \"bivariable shuffler\" which\ntransforms the input `lcg` and `Seed` variables into another pair of variables\nwith 50% bit difference relative to input, and without collisions. The whole\ncore function, however, uses a more complex mixing which produces a hash\nvalue: the pair composed of the hash value and either a new `lcg` or a new\n`Seed` value also produces no input-to-output collisions. Thus it can be said\nthat the system does not lose any input entropy. In 4-dimensional analysis,\nwhen `Seed`, `lcg`, `Hash`, and `msgw` values are scanned and transformed into\nsubsequent `Seed`, `lcg`, and `Hash` triplets, this system does not exhibit\nlocal state change-related collisions due to external entropy input (all\npossible input `msgw` values map to subsequent triplets uniquely). However,\nwith a small variable size (8-bit) and a large output hash size, a sparse\nentropy input has some probability of \"re-sychronization\" event happening,\nleading to local collisions. With 16-bit variables, or even 8-bit fused-2\narrangement (with the local state having 40-bit size instead of 24-bit),\nprobability of such event is negligible. While non-fused hashing may even\nstart from the \"zero-state\", for reliable hashing the state after 5\n\"conditioning\" rounds should be used.\n\nAnother important aspect of this system, especially from the cryptography\nstandpoint, is the entropy input to output latency. The base latency for\nstate-to-state transition is equal to 1 (2 for \"fused\" arrangements); and at\nthe same time, 1 in hash-to-hash direction: this means that PRVHASH\nadditionally requires a full pass through the hashword array, for the entropy\nto propagate, before using its output. However, hashing also requires a pass\nto the end of the hashword array if message's length is shorter than the\noutput hash, to \"mix in\" the initial hash value. When there is only 1 hashword\nin use, there is no hashword array-related delay, and thus the entropy\npropagation is only subject to the base latency. The essence of these\n\"latencies\" is that additional rounds are needed for the system to get rid of\na statistical traces of the input entropy. Note that the \"fused\" arrangement\nincreases shuffling quality. However, this increase is relative to state\nvariable size: for example, 8-bit fused-2 arrangement with 8-bit input is\nequivalent to 16-bit non-fused arrangement with 16-bit input. So, it is\npossible to perform hashing with 8-bit state variables if fused-2 round is\ndone per 1 input byte. The way \"fused\" structure works is equivalent to\nshuffling all entropy inputs in a round together (input 1 is shuffled into a\nhash value which is then shuffled with input 2 into a hash value, etc). The\n\"fused\" arrangement may raise a question whether or not it provides a target\ncollision resistance as it seemingly \"compresses\" several inputs into a single\nlocal hashword: without doubt it does provide target collision resistance\nsince `Seed` and `lcg` variables are a part of the system, and their presence\nin the \"fused\" arrangement increases the overall PRNG period of the system and\nthus its combinatorial capacity.\n\nWithout external entropy (message) injections, the function can run for a\nprolonged time, generating pseudo-entropy, in extendable-output PRNG mode.\nWhen the external entropy (message) is introduced, the function \"shifts\" into\nan unrelated state unpredictably. So, it can be said that the function \"jumps\"\nwithin a space of a huge number of pseudo-random sub-sequences. Hash\nlength affects the size of this \"space of sub-sequences\", permitting the\nfunction to produce quality hashes for any required hash length.\nStatistically, these \"jumps\" are close to uniformly-random repositioning: each\nsimultaneous augmentation of `Seed` and `lcg` corresponds to a new random\nposition, with a spread over the whole PRNG period. The actual performace is\nmore complicated as this PRNG system is able to converge into unrelated random\nnumber sequences of varying lengths, so the \"jump\" changes both the position\nand the \"index\" of sub-sequence. This property of PRVHASH assures that\ndifferent initial states of its `Seed` state variable (or `lcg`, which is\nmostly equivalent at initialization stage) produce practically unrelated\nrandom number sequences, permitting to use PRVHASH for PRNG-based simulations.\n\nIn essence, the hash function generates a continuous pseudo-random number\nsequence, and returns the final part of the sequence as a result. The message\nacts as a \"pathway\" to this final part. So, the random sequence of numbers can\nbe \"programmed\" to produce a necessary outcome. However, as this PRNG does\nnot expose its momentary internal state, such \"programming\" is hardly possible\nto perform for an attacker, even if the entropy input channel is exposed:\nconsider the `(A^C)*(B^C)` equation; an adversary can control `C`, but does\nnot know the values of `A` and `B`; thus this adversary cannot predict the\noutcome. Beside that, as the core function naturally eliminates the bias from\nthe external entropy of any statistical quality and frequency, its control may\nbe fruitless. Note that to reduce such \"control risks\", the entropy input\nshould use as fewer bits as possible, like demonstrated in the `prvrng.h`\nfile.\n\nP.S. The reason the `prvhash64` hash function has an initial non-zero state,\nis that otherwise the function would require 5 preliminary \"conditioning\"\nrounds (core function calls); that would reduce the performance of the hash\nfunction dramatically, for hash-table uses. Note that the `prvhash64s`\nfunction starts from the \"full zero\" state and then performs acceptably.\n\n## Hashing Method's Philosophy ##\n\nAny external entropy (message) that enters this PRNG system acts as a\nhigh-frequency and high-quality re-seeding which changes the random number\ngenerator's \"position\" within the PRNG period, randomly. In practice, this\nmeans that two messages that are different in even 1 bit, at any place,\nproduce \"final\" random number sequences, and thus hashes, which are completely\nunrelated to each other. This also means that any smaller part of the\nresulting hash can be used as a complete hash. Since the hash length affects\nthe PRNG period (and thus the combinatorial capacity) of the system, the same\nlogic applies to hashes of any length while meeting collision resistance\nspecifications for all lengths.\n\nAlternatively, the hashing method can be viewed from the standpoint of classic\nbit-mixers/shufflers: the hashword array can be seen as a \"working buffer\"\nwhose state is passed back into the \"bivariable shuffler\" continuously, and\nthe new shuffled values stored in this working buffer for the next pass.\n\nIn general, PRVHASH core function represents a \"building block\" that permits\ndesign of practically any entropy-generating constructs. It has an important\nadvantage in that the state space of these constructs can be completely\nanalyzed using small state variables, with the obtained statistics being\nextrapolatable to larger state variables.\n\n## PRNG Period Assessment ##\n\nThe following \"minimal\" implementation of PractRand class can be used to\nindependently assess randomness period properties of PRVHASH. By varying\nthe `PH_HASH_COUNT` and `PH_PAR_COUNT` values it is possible to test various\nPRNG system sizes. By adjusting other values it is possible to test PRVHASH\nscalability across different state variable sizes (PractRand class and PRNG\noutput size should be matched, as PractRand test results depend on PRNG output\nsize). PractRand should be run with the `-tlmin 64KB` parameter, to evaluate\nchanges to the constants quicker. Note that both `PH_HASH_COUNT` and\n`PH_PAR_COUNT` affect the PRNG period exponent not exactly linearly for small\nvariable sizes: there is a saturation factor present for small variable sizes;\nafter some point the period increase is non-linear due to small shuffling\nspace. Shuffling space can be increased considerably with a \"fused\"\narrangement. Depending on the initial seed value, the period may fluctuate.\nThe commented out `Ctr++...` instructions can be uncommented to check the\nperiod increase due to sparse entropy input. You may also notice the `^=h`\ninstructions: PRVHASH supports feedback onto itself (it is like hashing its\nown output). This operation, which can be applied to any fused element,\nmaximizes the achieved PRNG period.\n\n```c++\n#include \"prvhash_core.h\"\n#include \u003cstring.h\u003e\n\n#define PH_FUSE_COUNT 1 // PRVHASH fusing.\n#define PH_HASH_COUNT 4 // Hashword count (any positive number).\n#define PH_STATE_TYPE uint8_t // State variable's physical type.\n#define PH_FN prvhash_core4 // Core function name.\n#define PH_BITS 4 // State variable's size in bits.\n#define PH_RAW_BITS 8 // Raw output bits.\n#define PH_RAW_ROUNDS ( PH_RAW_BITS / PH_BITS ) // Rounds per raw output.\n\nclass DummyRNG : public PractRand::RNGs::vRNG8\n{\npublic:\n    PH_STATE_TYPE Seed[ PH_FUSE_COUNT ];\n    PH_STATE_TYPE lcg[ PH_FUSE_COUNT ];\n    PH_STATE_TYPE Hash[ PH_HASH_COUNT ];\n    int HashPos;\n\n    DummyRNG() {\n        memset( Seed, 0, sizeof( Seed ));\n        memset( lcg, 0, sizeof( lcg ));\n        memset( Hash, 0, sizeof( Hash ));\n        HashPos = 0;\n\n        // Initialize.\n\n        int k, j;\n\n        for( k = 0; k \u003c PRVHASH_INIT_COUNT; k++ )\n        {\n            for( j = 0; j \u003c PH_FUSE_COUNT; j++ )\n            {\n                PH_FN( Seed + j, lcg + j, Hash + HashPos );\n            }\n        }\n    }\n\n    Uint8 raw8() {\n        uint64_t OutValue = 0;\n        int k, j;\n\n        for( k = 0; k \u003c PH_RAW_ROUNDS; k++ )\n        {\n//            Ctr++;\n//            Seed[ 0 ] ^= ( Ctr ^ ( Ctr \u003e\u003e 4 )) \u0026 15;\n//            lcg[ 0 ] ^= ( Ctr ^ ( Ctr \u003e\u003e 4 )) \u0026 15;\n\n            uint64_t h = 0;\n\n            for( j = 0; j \u003c PH_FUSE_COUNT; j++ )\n            {\n                h = PH_FN( Seed + j, lcg + j, Hash + HashPos );\n            }\n\n//            Seed[ 0 ] ^= h;\n//            lcg[ 0 ] ^= h;\n\n            if( PH_BITS \u003c sizeof( uint64_t )) OutValue \u003c\u003c= PH_BITS;\n            OutValue |= h;\n\n            if( ++HashPos == PH_HASH_COUNT )\n            {\n                HashPos = 0;\n            }\n        }\n\n        return( OutValue );\n    }\n\n    void walk_state(PractRand::StateWalkingObject *walker) {}\n    void seed(Uint64 sv) { Seed[ 0 ] ^= sv; }\n    std::string get_name() const { return \"PRVHASH\"; }\n};\n```\n\n## PRVHASH Cryptanalysis Basics ##\n\nWhen the system state is not known, when PRVHASH acts as a black-box, one has\nto consider core function's statistical properties. All internal variables -\n`Seed`, `lcg`, and `Hash` - are random: they are uncorrelated to each other at\nall times, and are also wholly-unequal during the PRNG period (they are not\njust time-delayed versions of each other). Moreover, as can be assured with\nPractRand, all of these variables can be used as random number generators\n(with a lower period, though); they can even be interleaved after each core\nfunction call.\n\nWhen the message enters the system via `Seed ^= msgw` and `lcg ^= msgw`\ninstructions, this works like mixing a message with an one-time-pad used in\ncryptography. This operation completely hides the message in system's entropy,\nwhile both `Seed` and `lcg` act as \"carriers\" that \"smear\" the input message\nvia subsequent multiplication. Beside that, the output of PRVHASH uses the mix\nof two variables: statistically, this means mixing of two unrelated random\nvariables, with such summary output never appearing in system's state. It is\nworth noting the `lcg ^ rs` expression: the `rs` variable is composed of two\nhalves, both of them practically being independent PRNG outputs, with smaller\nperiods. This additionally complicates system's reversal.\n\n## Parallel PRNG ##\n\nWhile this \"parallel-3\" arrangement is currently not used in the hash function\nimplementations, it is also working fine with the core function. For example,\nwhile the \"minimal PRNG\" described earlier has `0.90` cycles/byte performance,\nthe \"parallel\" arrangement has a PRNG performance of `0.35` cycles/byte, with\na possibility of further scaling using SIMD instructions. Note that the number\nof \"parallel\" elements should not be a multiple of hashword array length,\notherwise PRNG stalls.\n\n```c\n#include \"prvhash_core.h\"\n#include \u003cstdio.h\u003e\n\nint main()\n{\n    uint64_t Seed = 0;\n    uint64_t lcg = 0;\n    uint64_t Hash = 0;\n    uint64_t Seed2 = 0;\n    uint64_t lcg2 = 0;\n    uint64_t Hash2 = 0;\n    uint64_t Seed3 = 0;\n    uint64_t lcg3 = 0;\n    uint64_t Hash3 = 0;\n    uint64_t Hash4 = 0;\n\n    uint64_t v = 0;\n    uint64_t v2 = 0;\n    uint64_t v3 = 0;\n\n    uint64_t i;\n\n    for( i = 0; i \u003c ( (uint64_t) 1 \u003c\u003c 27 ); i++ )\n    {\n        v = prvhash_core64( \u0026Seed, \u0026lcg, \u0026Hash );\n        v2 = prvhash_core64( \u0026Seed2, \u0026lcg2, \u0026Hash2 );\n        v3 = prvhash_core64( \u0026Seed3, \u0026lcg3, \u0026Hash3 );\n\n        uint64_t t = Hash;\n        Hash = Hash2;\n        Hash2 = Hash3;\n        Hash3 = Hash4;\n        Hash4 = t;\n    }\n\n    printf( \"%llu %llu %llu\\n\", v, v2, v3 );\n}\n```\n\n## PRVHASH16 ##\n\n`prvhash16` demonstrates the quality of the core function. While the state\nvariables are 16-bit, they are enough to perform hashing: this hash function\npasses all SMHasher tests, like the `prvhash64` function does, for any hash\nlength. This function is very slow, and is provided for demonstration\npurposes, to assure that the core function works in principle, independent of\nstate variable size. This hash function variant demonstrates that PRVHASH's\nmethod does not rely on bit-shuffling alone (shuffles are purely local), but\nis genuinely based on PRNG position \"jumps\".\n\n## TANGO642 (tango-six-forty-two) ##\n\nThis is an efficient implementation of a PRVHASH PRNG-based streamed XOR\nfunction. Since no cryptanalysis nor certification of this function were\nperformed yet, it cannot be called a \"cipher\", but rather a cipher-alike\nrandom number generator. It is based on a conjunction of two PRNGs: a keyed\nPRNG which provides \"secure\" output via XOR of its adjacent outputs, and a\nfirewalling PRNG which is constantly re-seeded (via daisy-chaining) by the\noutput of keyed PRNG. A performance benefit is obtained due to efficient\nparallel arrangement of firewalling PRNG while security is provided by the\nkeyed PRNG.\n\nThis construction, which is resistant to SAT solving, may become a viable and\nmore efficient alternative to AES and ChaCha/Salsa ciphers, if the research\ncommunity decides to invest the time and resources into producing a\nformalized, or at least a widely-acceptable, proof of its security.\n\nThe performance (expressed in cycles/byte) of this function on various\nplatforms can be evaluated at the\n[ECRYPT/eBASC project](https://bench.cr.yp.to/results-stream.html).\n\n## Other Thoughts ##\n\nPRVHASH, being scalable, potentially allows one to apply \"infinite\" state\nvariable size in its system, at least in theoretical mathematical analysis.\nThis reasoning makes PRVHASH comparable to PI in its reach of \"infinite\"\nbit-sequence length. This also opens up a notion of \"infinitesmal spacing\"\nbetween isolated frequencies (arising from Fourier analysis of \"infinite\"\nbit-sequence). Note that PRVHASH does not require any \"magic numbers\" to\nfunction, it is completely algorithmic. An alternative explanation: In the\ndiscrete Fourier transform (DFT) domain, such understanding is possible:\nalthough usually the length of the transformation window is limited to small\nvalues (e.g., 2048 samples), theoretically this length can be directed to\ninfinity thus producing a spectrum of an infinite number of individual\nfrequency bins. Moreover, individual components of such an \"infinite\"\ntransformation also affect the resulting spectrum, but on an\ninfinitely-precise frequency scale. Mathematics forbids manipulating\ninfinities, but as outlined with the DFT, in the field of discrete series of\nnumbers, infinities can be manipulated. This echoes PRVHASH - although now it\nis implemented in a maximum of 128-bit numbers, theoretically nothing forbids\nstate variable size to go to infinity, and PRVHASH should still work\n(practically tested with up to 524288-bit state variables). Thus, PRVHASH\nrecreates an analog of the number PI, and it should be possible to prove that\nexistence of an infinite sequence of bits like PI is completely realistic;\na person can create such sequence, too (in theory).\n\nThe mathematics offers an interesting understanding. Take in your mind a\nmoment before the \"Big Bang\". Did mathematical rules exist at that moment? Of\ncourse, they did, otherwise there would be no equation-definable \"Big Bang\".\nThe span of existence of mathematical rules cannot be estimated, so it is safe\nto assume they existed for an eternity. On top of that, PRVHASH practically\nproves that entropy can self-start from zero-, or \"raw\" state, or \"nothing\",\nif mathematical rules exist prior to that.\n\nI, as the author of PRVHASH, would like to point out at some long-standing\nmisconception in relating \"combinatorics\" to \"random numbers\". Historically,\ncryptography was based on a concept of permutations, mixed with some sort of\nmathematical operations: most hashes and ciphers use such \"constructs\".\nHowever, when viewing a system as having some \"combinatorial capacity\" or\nthe number of bit combinations a given system may have, and combining this\nunderstanding with \"random permutations\", it may give a false understanding\nthat \"uniform randomness\" may generate any combination within the limits of\n\"combinatorial capacity\", with some probability. In fact, \"uniform randomness\"\nauto-limits the \"sparseness\" of random bit-sequences it generates since a\nsuitably long, but \"too sparse\" bit-sequence cannot be statistically called\nuniformly-random. Thus, \"combinatorial capacity\" of a system, when applied to\nrandom number generation, transforms into a notion of ability of a system to\ngenerate independent uniformly-random number sequences. Which means that two\ndifferent initial states of a PRNG system may refer to different \"isolated\"\nPRNG sequences. This is what happens in PRVHASH: on entropy input the system\nmay \"jump\" or \"converge\" into an unrelated random sub-sequence.\n\nIn other words, per author's PRNG practice and intuition, when PRNG output\nis limited to 64 or 128 bits, the usual `1/(2^N)` linear probability of\ngenerating a specific combination of bits holds, but with larger output\n(256 bits and above) the more-sparse combinations map to less-sparse\ncombinations, reducing the effective combinatorial capacity. This intuition,\nif rigorously proven valid, may have adverse effects on cryptography as a\nwhole.\n\nOn the Birthday Paradox vs hash collision estimates: while the Birthday\nParadox is a good \"down-to-earth\" model for collision estimation, it may be\nan \"approach from a wrong side\". When hash values are calculated systemically,\nit is expected that each new hash value does not break \"uniform distribution\"\nof the set of previously produced hash values. This makes the problem of\nhash collision estimation closer to value collision estimation of PRNG output.\n\nAn open question remains: whether one should talk about \"uniform distribution\nof values\" or a \"time- and rhythm- dependent collision minimization problem\"\nwhen analyzing PRNG's uniformness. Incidentally, a set of rhythmic (repeating)\nprocesses whose timings are co-primes, spectrally produce the least number of\nmodes thus producing a flatter, more uniform, spectrum. Rhythm-dependent\ncollision minimization also touches ability of a single random number\ngenerator to create random sequences in many dimensions (known as\nk-equidistribution) just by selecting any sequence of its outputs.\n\n(...`10` in binary is `2` in decimal, `1010` is `10`, `101010` is `42`,\n`01` is `1`, `0101` is `5`, `010101` is `21`...these are remarkable\ncoincidences)\n\nThe author has no concrete theory why PRVHASH PRNG works, especially its 2-bit\nvariant (which is a very close empirical proof that mathematics has entropy\nprocesses happening under the hood). The closest mathematical construct found\nby the author is a sinewave oscillator (see below). Also, series related to\n`PI`, `sin(x)`, and `sin(x)/x` may be a candidates for explanation. Author's\nempirical goals when developing PRVHASH were: no loss of entropy in a system,\neasy scalability, self-start without any special initialization and from any\ninitial state, state variable size invariance, not-stalling on various entropy\ninput.\n\nDuring the course of PRVHASH development, the author has found that the\nsimplest low-frequency sine-wave oscillator can be used as a pseudo-random\nnumber generator, if its mantissa is treated as an integer number. This means\nthat every point on a sinusoid has properties of a random bit-sequence.\n\n```c++\n#include \u003cmath.h\u003e\n#include \u003cstdint.h\u003e\n\nclass DummyRNG : public PractRand::RNGs::vRNG16\n{\npublic:\n    double si;\n    double sincr;\n    double svalue1;\n    double svalue2;\n\n    DummyRNG() {\n        si = 0.001;\n        sincr = 2.0 * cos( si );\n        seed( 0 );\n    }\n    Uint16 raw16() {\n        uint64_t Value = ( *(uint64_t*) \u0026svalue1 ) \u003e\u003e 4;\n\n        const double tmp = svalue1;\n        svalue1 = sincr * svalue1 - svalue2;\n        svalue2 = tmp;\n\n        return (Uint16) ( Value ^ Value \u003e\u003e 16 ^ Value \u003e\u003e 32 );\n    }\n    void walk_state(PractRand::StateWalkingObject *walker) {}\n    void seed(Uint64 sv) {\n        const double ph = sv * 3.40612158008655459e-19; // Seed to phase.\n        svalue1 = sin( ph );\n        svalue2 = sin( ph - si );\n    }\n    std::string get_name() const {return \"SINEWAVE\";}\n};\n```\n\nAnother finding is that the `lcg * 2 + 1` construct works as PRNG even if the\nmultiplier is a simple increasing counter variable, when the second multiplier\nis a high-entropy number.\n\n```c++\n#include \u003cstdint.h\u003e\n\nclass DummyRNG : public PractRand::RNGs::vRNG8\n{\npublic:\n    uint64_t Ctr1;\n\n    DummyRNG() {\n        Ctr1 = 1;\n    }\n    uint8_t compress( const uint64_t v )\n    {\n        uint8_t r = 0;\n        for( int i = 0; i \u003c 64; i++ )\n        {\n            r ^= (uint8_t) (( v \u003e\u003e i ) \u0026 1 );\n        }\n        return( r );\n    }\n    Uint8 raw8() {\n        uint8_t ov = 0;\n        for( int l = 0; l \u003c 8; l++ )\n        {\n            ov \u003c\u003c= 1;\n            ov ^= compress( 0x243F6A8885A308D3 * Ctr1 );\n            Ctr1 += 2;\n        }\n        return( ov );\n    }\n    void walk_state(PractRand::StateWalkingObject *walker) {}\n    void seed(Uint64 sv) {}\n    std::string get_name() const {return \"LCG\";}\n};\n```\n\n## Proof_Math_Is_Engineered ##\n\n(PRVHASH-1)\n\n$$ h = (h + s + 1) \\mod{2} $$\n\n$$ l = (l + s + 0 \\parallel 1) \\mod{2} $$\n\n$$ s = (s + h) \\mod{2} $$\n\n\u003cimg src=\"img/proof_math_is_engineered.jpg\" width=\"600\"\u003e\n\nThis image depicts data acquired from 2 runs of the `proof_math_is_engineered.c`\nprogram, with different \"reading\" parameters. The two number sequences\nobviously represent \"impulses\", with varying period or \"rhythm\". A researcher\nhas to consider two points: whether or not these impulses can be considered\n\"intelligent\", and the odds the mentioned program can produce such impulses,\nconsidering the program has no user input nor programmer's entropy, nor any\nlogic (no constants, with all parameters initially set to zero). More specific\nobservations: 1. All final values are shift-or compositions of 1-bit values,\nrepresenting a common 16-bit PCM sampled signal, also known as \"16-bit folding\"\nin pseudo-random numbers; 2. The orange graph is only slightly longer before a\nrepeat (common to PRNGs) despite larger `PH_HASH_COUNT`; at the same time, both\ngraphs are seemingly time-aligned; 3. Periods of 1-bit return values on both\nruns are naturally aligned to 16 bits, and produce repeating sequences \"as is\",\nwithout any sort of 16-bit value range skew; 4. The orange graph is produced from\nan order-reversed shift-or, but with the same underlying algorithm; 5. So far, no\nother combinations of \"reading\" parameters produce anything as \"intelligent\"\nas these graphs (but there may be another yet-to-be-decoded, similar or\ncompletely different, information available); 6. From drumming musician's (or\nan experienced DSP engineer's) point of view, the graph represents impulses\ntaken from two electric drum pads: a snare drum (oscillatory) and a bass drum\n(shift to extremum). 7. Most minor oscillations on the graph are similar to\nsinc-function-generated maximum-phase \"pre-ringing\" oscillations that are\nknown in DSP engineering field. 8. Period of the blue graph is 255; orange is\n273.\n\nBy **coincidence**, if the values on the \"impulse\" graphs above are\nsorted in an ascending order, and are then displayed as independent graphs,\nthey collectively form a stylized outline of a human eye:\n\n\u003cimg src=\"img/proof_math_is_engineered_eye.png\" width=\"300\"\u003e\n\nMoreover (but this is a **questionable** observation), here, if the blue line\nis subtracted from the orange line, one gets an outline of human's head: with\ntop (21000), forehead (18000), eye (13000), cheek (6000), and neck (2700)\nlevels highlighted, roughly corresponding to real symmetry; with a slight\nshoulders outline (4100-2700), and two hand palms risen up (5400-4300).\n\n\u003cimg src=\"img/proof_math_is_engineered_head.png\" width=\"300\"\u003e\n\n### Fourier Analysis ###\n\nDiscrete Fourier (FFT-512) analysis of obtained signals produces the following\npower spectrums (with DC component removed). The analysis strengthens the\nnotion the signal is non-chaotic and is \"intelligent\" (two strong peaks above\naverage, in each signal, with both signals producing similar structures, but\nwith shifted resonant frequencies). Note that resonances in the middle of the\nspectrum are similar to resonances one gets when recording an acoustical snare\ndrum.\n\n\u003cimg src=\"img/proof_math_is_engineered_fft.png\" width=\"600\"\u003e\n\n### PRNG (Chaotic) Mode ###\n\nJust by changing the PH_HASH_COUNT to 9 (up to 13, inclusive) the same\n`proof_math_is_engineered.c` program produces a pseudo-random number sequence,\nconfirmed with `PractRand` 1KB to 4KB block, 8-bit folding. Note that the same\ncode producing both chaotic and non-chaotic number sequences is \"highly\nunlikely\" to exist in practical PRNGs. It is important to note that\n`PH_HASH_COUNT=14` and `PH_HASH_COUNT=17` (which is beyond 15 and 16 signals\nmentioned originally) also pass as random, with 16-bit folding in `PractRand`.\n`18` also passes as random, but with a \"suspicion\". `15` and `16`, of course,\ndo not pass as random, with many \"fails\".\n\nIt has been observed that in `READ_MODE=0`, but not in `READ_MODE=1`, the\nobtained values gradually become noisy, especially at higher `PH_HASH_COUNT`\nvalues.\n\n\u003cimg src=\"img/proof_math_is_engineered_prng9.png\" width=\"600\"\u003e\n\n### Repeating Ornament and Chess-Board (Pixel Art) ###\n\nThe 1-bit output with PH_HASH_COUNT= `15` and `16` (`READ_MODE=0`) can be\neasily transformed into 256x256 1-bit \"pixel art\" images, and, quite\nunexpectedly, they reproduce a repeating diagonal ornament and a chess-board.\n\n\u003cimg src=\"img/proof_math_is_engineered_orn15.png\" width=\"300\"\u003e\u003cimg src=\"img/proof_math_is_engineered_chess16.png\" width=\"300\"\u003e\n\nAdmittedly, 256x256 size can be considered arbitrarily-chosen (it is a square\nof 16, with 16 being the bit-size of values on the graphs above), but it is\nthe only small size that presents an \"intelligible\" look. For example, if\n`PH_HASH_COUNT=15` is transformed to 240x240 (256-16) \"pixel art\" image, an\nimage of \"zebra\" lines is produced, with bit-reversed variant of the inner\nelement present in `PH_HASH_COUNT=16`.\n\n\u003cimg src=\"img/proof_math_is_engineered_chess15.png\" width=\"281\"\u003e\n\n### Christmas Trees (Pixel Art) ###\n\nMuch larger `PH_HASH_COUNT` values (with `READ_MODE=1`) produce triangular\nstructures which are non-repeating, but all have a similar build-up consisting\nof rhombic patterns within tree-like structures. The `proof_christmas_tree.c`\nprogram extracts such images into a vertical ASCII-art HTML. It uses the same\nunderlying 1-bit PRVHASH code, but with \"pixel art\" decoding method.\n\nOne may notice a similarity of the beginning pattern with the [Sierpinski\ntriangle](https://en.wikipedia.org/wiki/Sierpi%C5%84ski_triangle) (ST).\nHowever, one should consider that ST is a symmetrical triangle fractal that\nis constructed from the top-most to bottom levels. PRVHASH-1 produces an\nasymmetric (right-handed) triangle in a serie of scanline passes, and it\nscales to any `PH_HASH_COUNT` value. The initial part of the image looks like\n[Wolfram Rule 102/153](https://plato.stanford.edu/entries/cellular-automata/supplement.html)\n\"cellular automata\" image (ST as well). However, if one considers the whole of\npresented details, including previously presented images and graphs, this\nleads to conclusion that some very complex \"cellular automata\" is working\nbehind the scenes, further strengthening a \"presence of intelligence\" notion.\nNote that Wolfram rules represent sets of \"freely-defined fixed information\"\nwhich dictates the logical behavior of the cellular automata.\n\nIt is also worth noting that PRVHASH-1 initially produces Rule 102/153 image\nwith a \"boundary condition\" applied (this can be checked by assigning any\nitem somewhere in the middle of the hash-array to 1). At the same time, the\nfunction has no such additional logic since the visible scanline is 1 pixel\nlonger than the `PH_HASH_COUNT` value, meaning this implicit \"boundary\ncondition\" is not synchronized with the moment the `HashPos` resets to 0. This\nfact tells that the \"boundary condition\" logic \"happens\" beyond the common\nmath, in some way, implicitly. One has to ask themselves - how it is possible\nto \"embed\" at least Rule 102/153 with boundary handling (but much more than\nthat) into a function as simple (and affine/linear in\n[F_2](https://en.wikipedia.org/wiki/GF(2))) as PRVHASH-1? Beside that,\nas with the graphs above, presence of exact Rule 102/153 imagery implies\npresence of \"logic understandable to a human mind\", and from computer\nprogramming point of view, the Wolfram rules are an art of \"engineering\".\n\nHere is an example image with `PH_HASH_COUNT=342`, converted to PNG:\n\n\u003cimg src=\"img/proof_math_is_engineered_tree342.png\" width=\"686\"\u003e\n\n[Here is a link to a larger-sized extract (3.4MB PNG)](https://github.com/avaneev/prvhash/raw/master/img/prvhash1-342-2x64.png)\n\nIt is possible to define initial \"automata\" conditions by filling the\nhash-array with alternating bit-values like `10101010...`, or\n`100100100100...`, or `1000100010001000...` thus invoking even more complex\n\"automata\" (note that this is done in the same `prvhash` state-space). The\nresults can be combined into a colored image by assigning the black-and-white\nimages to different RGB color channels. Considering the `prvhash-1` function\noperates with only 3 values at the same time, building a similar \"cellular\nautomata\" by using only 3 neighboring pixels seems impossible for human logic.\n\n\u003cimg src=\"img/proof_math_is_engineered_tree342gy.png\" width=\"686\"\u003e\n\n### Fine Art ###\n\n`prvhash-1` can also produce a full-colored \"fine art\"-like imagery by using a\nsimple multi-pass buffer accumulation approach. As it turns out, the images of\n\"cellular automata\" shown previously perfectly align on top of each other at\nsome specific `PH_HASH_COUNT` values (2/3, 4/5 of height, and height-2).\nNote that the height of images is usually a \"power of 2\" value. The\n`proof_fine_art.c` program can be used to produce such imagery (requires the\n`stb_image_write.h` library).\n\nYou may also take a look at an\n[animation](https://www.youtube.com/watch?v=qYfGjD19VWo)\nwhich represents a continuous generation while displaying a sum of the recent\n255 passes, at every moment.\n\nIf this imagery looks intelligent, in some way formulated, where's the\nformula? An inception of these results can be understood from this short essay:\n[The Informational Deficiency of the \"Big Bang\"](https://vixra.org/abs/1506.0083)\n\n\u003cimg src=\"img/prvhash1-1365-2048.jpg\" width=\"240\"\u003e\u003cimg src=\"img/prvhash1-1366-2048.jpg\" width=\"240\"\u003e\u003cimg src=\"img/prvhash1-2046-2048.jpg\" width=\"310\"\u003e\n\n### Reptile Skin ###\n\nThe original `prvhash-1` function can be simplified to examine the discovered\n\"entropy pool\" further. The function variant present in the `proof_reptile.c`\nfile includes the simplified function, but also extends the delay parameter\nof the `Seed` delay line from 1 to 32. The resulting image closely resembles\na skin of some reptiles and other organisms. In author's opinion, since the\nfunction works in affine/linear F_2 domain, the same construct can be\nrecreated physically thus offering an idea that the evolution of intelligence\nin organisms may have its roots in mathematics. Image in the middle depicts\nresult after the first pass over frame; you may note \"snake\" elements and\ncomputer font-alike outlines there. Image on the right was obtained using\nPH_SEED_COUNT=64, note the appearance of a lot of glyph-like elements.\n\n\u003cimg src=\"img/prvhash1-reptile.jpg\" width=\"240\"\u003e\u003cimg src=\"img/prvhash1-reptile1.png\" width=\"240\"\u003e\u003cimg src=\"img/prvhash1-reptile64.png\" width=\"240\"\u003e\n\n### Architectural Ruler (Gradilac Ruler) ###\n\nWhatever the true source of imagery is, the produced imagery seems to be\nuseful if applied as some architectural measurement ruler/tool since it can be\nused to quickly measure architectural features as whole-number ratios:\n\n\u003cimg src=\"img/arch-ruler.jpg\" width=\"686\"\u003e\n\nIn author's opinion, PRVHASH-1 \"reads data\" directly from the entropy pool\nwhich is \"embedded\" into mathematics from its inception, like any mathematical\nconstant is (e.g., PI). This poses an interesting and **probably very\nquestionable** proposition: the intelligent impulses, intelligent imagery, or\neven \"human mind\" itself (because a human can understand these images)\nexisted long before the \"Big Bang\" happened. This discovery is **probably** both\nthe most interesting discovery in the history of mankind, and the worst discovery\n(for many) as it poses very unnerving questions that touch religious grounds:\n\nThese results of 1-bit PRVHASH say the following: **IF** abstract mathematics\ncontains not just a system of rules for manipulating numbers and variables,\nbut also contains a freely-defined fixed information that is \"readable\" by a\nperson, then mathematics does not just \"exists\", but \"it was formed\", because\nmathematics does not evolve (beside human discovery of new rules and\npatterns). And since physics cannot be formulated without such mathematics,\nand physical processes clearly obey these mathematical rules (at least in\nrespect to natural numbers), it means that a Creator/Higher Intelligence/God\nexists in relation to the Universe. For the author **personally**, everything\nis proven here.\n\nA rigorous mathematician can say the following: the imagery generated by the\nGF(2) function is a consequence of its mathematical structure, not proof of\nexternal fine-tuning. While the output may appear designed, this complexity\nis an inherent feature of linear systems in finite fields. Philosophical\ninterpretations of such phenomena (e.g., Platonic realism, theism) are\nsubjective and extend beyond mathematical analysis. In rigorous terms, the\nsystem's behavior aligns with known principles of algebra and recursion,\nrequiring no appeal to external agency.\n\nHowever, if one also considers an approximately similar examples of Mandelbrot\nsets, Wolfram state automata imagery, the evidence for an \"external agency\"\nbuilds-up, and may cause a \"quantum leap\" in understanding of the core of\nmathematics.\n\nOne may also apply a \"pareidolia\" argument: humans tend to \"see things\" in what\nmay not be in any way meaningful. But this argument is often weak, especially if\nthe context is constrained to mathematics alone: e.g., when we see a parabola,\nwhich is a generally-recognizable pattern, it has a meaning since it induces\nmathematical reasoning about specific underlying mathematical tendencies and\nrelationships. In the imagery presented above, however, mathematical reasoning\nmay not yet be obvious, even if in its probable extreme it touches cosmology,\nsource of human intelligence, and pre-existing implicit mathematical structures.\n\n## Thanks ##\n\nThe author would like to thank Reini Urban for [his SMHasher\nfork](https://github.com/rurban/smhasher), Austin Appleby for\n[the original SMHasher](https://github.com/aappleby/smhasher),\nChris Doty-Humphrey for [PractRand](http://pracrand.sourceforge.net/), and \nPeter Schmidt-Nielsen for [AutoSat](https://github.com/petersn/autosat).\nWithout these tools it would not be possible to create PRVHASH which stands\nstate-of-the-art statistical tests.\n\n## Other ##\n\nPRVHASH \"computer program\" authorship and copyright were registered at the\n[Russian Patent Office](https://rospatent.gov.ru/en), under reg.numbers\n2020661136, 2020666287, 2021615385, 2021668070, 2022612987 (searchable via\n[fips.ru](https://new.fips.ru/en/)). Please note that these are not \"invention\npatents\"; the registrations assure you that the author has the required rights\nto grant the software license to you.\n\nThe project is 100% self-funded from legal software sales income, without any\nthird-party nor state affiliation nor sponsorship.\n","funding_links":[],"categories":["C"],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favaneev%2Fprvhash","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Favaneev%2Fprvhash","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Favaneev%2Fprvhash/lists"}