Feistel Networks – Do They Have to use XOR?

If you have no idea what a Feistel network is, but like cryptography and/or random number generation algorithms, read this link first:
Fast & Lightweight Random “Shuffle” Functionality – FIXED!

As a quick refresher, to encrypt data with a Feistel network, you break the plain text data into a left and a right side and do N rounds of this operation:

```Left[i+1]  = Right[i];
Right[i+1] = Left[i] ^ RoundFunction(Right[i], key);```

Where RoundFunction is ideally some chaotic function that returns some pseudo-random-esque number based on the inputs. For instance, RoundFunction could be MD5 so that it returned the MD5 hash of the data and the key, where the key could be considered the salt of the hash. The better the round function, the better your encryption algorithm will be.

To decrypt data with a Feistel network, you break the data into a left and right side and do the same number of rounds of this operation:

```Right[i] = Left[i+1];
Left[i] = Right[i+1] ^ RoundFunction(Left[i+1], key);```

Ok, onto the question….

Does it Have to use XOR?

Recently a friend of mine was using Feistel networks for something pretty amazing (so amazing, I can’t even talk about it), but in doing so, he asked me an interesting question. He asked “do you think this HAS to be XOR here, where we combine the round functions result back into the data?”. Well, it turns out, it doesn’t!

The operation has to be a reversible operation though, and you have to do the reverse operation when decrypting that you did while encrypting.

For instance, when encrypting you could add the round function result in, but then when decrypting, you would have to subtract the round function result out.

Or, you could do bitwise rotation left when encrypting, and right when decrypting perhaps.

Basically, anything that has a reverse operation can be used.

You have to be careful though because you might be lured into the trap of thinking that this includes something like multiplication and division.

If you multiply when you encrypt, you might get an integer overflow and lose data that can’t be corrected by doing a divide. For instance, if you multiply 255*2 in an unsigned 8 bit number you get 254 as a result. If you divide 254 by 2 to “undo” the multiplication, you get 127 which is obviously not 255, so we’ve lost some data. In an unsigned 8 bit number, ((255*2)/2) = 127.

If you go the other way and divide on encryption, and multiply on decryption, that doesn’t work either. For instance, when you divide 3 by 2, you get 1 with integer math, and when you multiply by 2, you get 2. So, with integers… ((3/2)*2) = 2.

Confusing note: you ARE able to do irreversible operations within the round function though. Feel free to do a divide or whatever you want in there. If that is difficult to understand how that could possibly work, you aren’t alone. Step through the code a bit by hand with a simple round function and a low number of rounds and you might be able to understand better how it does what it does.

I’m really not sure if anyone else out there does this variation on the traditional Feistel networks or not, but it is pretty interesting to combine the RoundFunction result back into the data with something other than XOR.

Source Code

Here’s some simple C++ code below to play with if you want to mess around with this stuff.

```#include
#include
#include

static const unsigned int c_numRounds = 4;

void PrimeRandomNumberPump ()
{
// https://blog.demofox.org/2013/06/18/wtf-rand/
srand((unsigned)time(NULL));
for (unsigned int index = 0; index < 20; ++index)
rand();
}

unsigned char RoundFunction (unsigned char value, unsigned char key)
{
// Not a particularly effective round function, but the round function
// isn't the point of this code.
// If you want a better round function, try plugging in a hash function
// or another chaotic function that has big changes in output for
// small changes in input.  Also, you could change c_numRounds to a
// higher number if you want better encryption.
return value + key | (value * key) + 3;
}

void Encrypt (unsigned char &left, unsigned char &right, unsigned char key)
{
for (unsigned int index = 0; index < c_numRounds; ++index)
{
// Feistel Network Encryption:
//  Left[i+1]  = Right[i];
//  Right[i+1] = Left[i] ^ RoundFunction(Right[i], key);

// let's do addition to combine the value of the round function on
// encryption, instead of doing xor.  Xor is used in feistel networks
// because xor is it's own inverse operation.
unsigned char oldLeft = left;
left = right;
right = oldLeft + RoundFunction(right, key);
}
}

void Decrypt (unsigned char &left, unsigned char &right, unsigned char key)
{
for (unsigned int index = 0; index < c_numRounds; ++index)
{
// Feistel Network Decryption:
//  Right[i] = Left[i+1];
//  Left[i] = Right[i+1] ^ RoundFunction(Left[i+1], key);

// let's do subtraction to combine the value of the round function on
// decryption, instead of doing xor.  Xor is used in feistel networks
// because xor is it's own inverse operation.
unsigned char oldRight = right;
right = left;
left = oldRight - RoundFunction(left, key);
}
}

void DoTest (unsigned char plainText1, unsigned char plainText2, unsigned char key, int &tests, int &errors)
{
// encrypt the plaintext
unsigned char cipherText1 = plainText1;
unsigned char cipherText2 = plainText2;
Encrypt(cipherText1, cipherText2, key);

// decrypt the cipher text
unsigned char decryptedData1 = cipherText1;
unsigned char decryptedData2 = cipherText2;
Decrypt(decryptedData1, decryptedData2, key);

// if the decrypted data doesn't match the plaintext data, count it as an error
// and show the details
tests++;
if (decryptedData1 != plainText1 || decryptedData2 != plainText2)
{
errors++;
printf("plaintext = 0x%02X%02Xrn", (unsigned int)plainText1, (unsigned int)plainText2);
printf("ciphertext = 0x%02X%02Xrn", (unsigned int)cipherText1, (unsigned int)cipherText2);
printf("decrypteddata = 0x%02X%02Xrnrn", (unsigned int)decryptedData1, (unsigned int)decryptedData2);
}
}

void main (void)
{
// generate a key
PrimeRandomNumberPump();
unsigned char key = (unsigned char)rand();

// run tests with the key
int errors = 0;
int tests = 0;
for (unsigned int y = 0; y < 256; ++y)
for (unsigned int x = 0; x < 256; ++x)
DoTest((unsigned char)y, (unsigned char)x, key, tests, errors);

// display the test results
printf("%i tests ran, %i errors encountered. key = 0x%02Xrn", tests, errors, key);
}
```

Bezier Curves

Bezier curves are pretty cool. They were invented in the 1950s by Pierre Bezier while he was working at the car company Renault. He created them as a succinct way of describing curves mathematically that could be shared easily with other people, or programmed into machines to make curves that matched the ones created by human designers.

I’m only going to go over bezier curves at the very high level, and give some links to html5 demos I’ve made to let you play around with them and understand how they work, so you too can implement them easily in your own software.

If you want more detailed information, I strongly recommend this book: Focus on Curves and Surfaces

Quadratic bezier curves have 3 control points. The first control point is where the curve begins, the second control point is a true control point to influence the curve, and the third control point is where the curve ends. Click the image below to be taken to my quadratic bezier curve demo.

A quadratic bezier curve has the following parameters:

• t – the “time” parameter, this parameter goes from 0 to 1 to get the points of the curve.
• A – the first control point, which is also where the curve begins.
• B – the second control point.
• C – the third control point, which is also where the curve ends.

To calculate a point on the curve given those parameters, you just sum up the result of these 3 functions:

1. A * (1-t)^2
2. B * 2t(1-t)
3. C * t^2

In otherwords, the equation looks like this:

CurvePoint = A*(1-t)^2 + B*2t(1-t) + C*t^2

To make an entire curve, you would start with t=0 to get the starting point, t=1 to get the end point, and a bunch of values in between to get the points on the curve itself.

Cubic Bezier Curves

Cubic bezier curves have 4 control points. The first control point is where the curve begins, the second and third control points are true control point to influence the curve, and the fourth control point is where the curve ends. Click the image below to be taken to my cubic bezier curve demo.

A cubic bezier curve has the following parameters:

• t – the “time” parameter, this parameter goes from 0 to 1 to get the points of the curve.
• A – the first control point, which is also where the curve begins.
• B – the second control point.
• C – the second control point.
• D – the fourth control point, which is also where the curve ends.

To calculate a point on the curve given those parameters, you just sum up the result of these 4 functions:

1. A * (1-t)^3
2. B * 3t(1-t)^2
3. C * 3t^2(1-t)
4. D * t^3

In otherwords, the equation looks like this:

CurvePoint = A*(1-t)^3 + B*3t(1-t)^2 + C*3t^2(1-t) + D*t^3

Math

You might think the math behind these curves has to be pretty complex and non intuitive but that is not the case at all – seriously! The curves are based entirely on linear interpolation.

Here are 2 ways you may have seen linear interpolation before.

1. value = min + percent * (max – min)
2. value = percent * max + (1 – percent) * min

We are going to use the 2nd form and replace “percent” with “t” but they have the same meaning.

Ok so considering quadratic bezier curves, we have 3 control points: A, B and C.

The formula for linearly interpolating between point A and B is this:
point = t * B + (1-t) * A

The formula for linearly interpolating between point B and C is this:
point = t * C + (1-t) * B

Now, here’s where the magic comes in. What’s the formula for interpolating between the AB formula and the BC formulas above? Well, let’s use the AB formula as min, and the BC formula as max. If you plug the formulas into the linear interpolation formula you get this:

point = t * (t * C + (1-t) * B) + (1-t) * (t * B + (1-t) * A)

if you expand that and simplify it you will end up with this equation:
point = A*(1-t)^2 + B*2t(1-t) + C*t^2

which as you may remember is the formula for a quadratic bezier curve. There you have it… a quadratic bezier curve is just a linear interpolation between 2 other linear interpolations.

Cubic bezier curves work in a similar way, there is just a 4th point to deal with.

Next Up

The demos above are in 2d, but you could easily move to 3d (or higher dimensions!) and use the same equations. Also, there are higher order bezier curves (more control points), but as you add control points, the computational complexity increases, so people usually stick to quadratic or cubic bezier curves, and just string them together. When you put curves end to end like that, they call it a spline.

Next up, be on the look out for posts and demos for b-splines and nurbs!

How to Test Randomness of Numbers

At first i said the answer was to check this out: Diehard Battery of Tests of Randomness which is linked to by this page which may also be of interest: Tests for Random Number Generators.

But apparently that is the “old way” and there is a new program from NIST that you can get here: NIST test suite for random numbers, which subsequently is linked to from random.org: Random.org Statistical Analysis.

Getting that program from NIST to compile was a little bit of a chore for me on msvc 2010. The biggest hurdle i hit was that msvc 2010 doesnt have erf() and erfc() so i had to google “erf.cpp” and find an implementation. If you can’t find one, erf and erfc are part of gcc which is open sourced so you can always go that route if you need to!

After compiling, i was able to run the test on my numbers but couldn’t make much sense of the results very easily. There were a few p scores and presumably some chi squared scores somewhere, but the “summary file” was very cryptic (pun intended) so i wasn’t really sure…

Anyways, just wanted to put it here for myself and others if anyone’s looking for this in the future 😛

Thanks to my buddy James for the correction and links to the newer NIST program. Thanks man!

Bottom Line

Interestingly, the tests above use the source number data to do a bunch of different things, and then measure the statistics of the results.

For instance, it will use the numbers to shuffle a deck of cards, and then it will play poker and see if there is any bias of cards dealt, or players winning.

Or, it will use the numbers as the source of numbers for a roulette wheel and see if players win at the right rate statistically.

I guess the bottom line lesson for testing random numbers is that you should use the numbers how you intend to use them, and see if there’s any statistical anomalies.

There doesn’t seem to be a magic bullet test that works for generic randomness, but I’m guessing it’s just sort of… check for patterns in every way you can, or every way you care about, and if you don’t find any, consider it random. If you are using it for purposes where randomness really matters – like security or gambling – you then hope nobody else finds a pattern you didn’t! 😛

On that topic, check this out: Wikipedia: Michael Larson

Alloca and Realloc – Useful Tools, Not Ancient Relics

If you are a C/C++ programmer, you are likely familiar with malloc() and free(), the predecessors to C++’s new and delete operators, as well as the existence of the variations of malloc such as calloc, realloc and alloca.

If you are like me, you probably thought for a long while that malloc and it’s variations were relics of days gone by, only actually useful in a few very limited situations. Some of these guys still have use though, and don’t really have equivalents in C++ to replace them.

First the boring ones…
malloc – Allocates memory. Precursor to new operator.
calloc – Allocates memory and sets the contents to zero. C’s answer to the problem of uninitialized memory that constructors solve in C++.

Now the more interesting ones!

Alloca

Believe it or not, alloca actually allocates memory on the stack. When your function goes out of scope, the stack memory is automatically returned to the stack due to the nature of how the stack and stack pointer work. No need to free the memory allocated with alloca, and in fact if you tried, you’d probably get a crash 😛

If you are a programmer who writes high performance applications, you are probably familiar with the benefits of using the stack instead of allocating memory on the heap with new or malloc.

The benefits of using the stack include…

• Quicker allocations – Allocating memory can be a relatively costly operation in terms of time, especially if you have multiple threads running using the same (thread safe) allocator. Allocating memory on the stack is essentially the same cost as defining a local variable. Under the hood, it’s just moving the stack pointer a little farther and gives you that empty space to use.
• No memory leaks – when the function you’ve allocated the stack memory in exits, that memory is automatically freed. This is because the stack pointer just “moves back” to what it used to be. There is not really any memory to free.
• Less memory fragmentation – When mixing large and small memory allocations and frees, sometimes you end up with your memory in a state where there is a lot of memory free, but just not all together in one place. For instance, your program might need to allocate 50MB, and there may be 300MB free on the heap total, but if there are small 16 byte allocations littered in the memory every 10MB, your program won’t be able to find a single 50MB region to allocate and the allocation will fail. One common cause of this problem is small allocations used for things like relatively small arrays or small string buffer allocations that exist temporarily to copy or transform some data, but are not meant to stick around very long. If you can put these on the stack instead of the heap, those small allocations don’t hit the heap, and your memory will be less fragmented in the end.
• Increased performance (fewer cache misses) – the contents of the stack are likely already in the CPU cache, so putting your data there means less information for the CPU to have to gather from RAM which is a slow operation.

However, there are some dangers when allocating memory on the stack as well

• If you keep a pointer to the memory, that memory could be “freed” and re-used, getting filled with other random data (local variables). That can cause crashes, memory corruption or other strange program behavior.
• If you allocate too much on the stack you could run out of stack space. The stack isn’t really meant to hold large amounts of allocated data. You can adjust your programs stack size though if this is a route you want to pursue.

Alternatives

There are some common techniques I’ve seen people use in places that could have also used alloca instead. These include…

• Small Pool Allocators – To get around the memory fragmentation problem, sometimes people will have different memory allocators based on the size of memory being allocated. This way, small temporary allocations for things like temporary string buffers will all be allocated from one place, while larger allocations for things like textures will be allocated elsewhere. This dramatically improves the memory fragmentation issue.
• Object Pools – Object pools are similar to small pool allocators but they work by allocating some amount of memory for specific types of objects, and have a way to remember which objects are used and which ones are free. For instance, you may dynamically allocate an array of 100 SMyStruct objects and have a flag for each to know which ones are in use and which ones aren’t. This way, the program can ask for a new object, and it can find one currently not in use and return it to the caller without needing to hit the ACTUAL memory allocator to get the data (unless all objects are spoken for, at which point it can choose to fail, or allocate a new “page” of objects to be able to hand out). This also has an interesting side effect that cache misses can drop quite a bit since the same kinds of objects will be nearer to eachother in memory.
• DIY Stack Allocator – When I was working at Midway, a friend (Hi Shawn!) profiled the animation code and found that a lot of time was spent in allocating temporary buffers to blend bone data together. To fix this, he rolled his own stack allocator, where there was one contiguous piece of memory on the heap that could be allocated from. There was an internal index keeping track of where the “top of the stack” was, and when memory was allocated, that stack index would just move up by however many bytes were asked for. At the end of the frame, the stack index was reset to zero, thus “freeing” the memory. This dramatically improved the animation system performance by making the temporary bone blend buffer allocations essentially free.

Lastly, there’s another common trick to avoid dynamic allocations involving templates, check it out!

```// define the CStaticArray class
template
class CStaticArray
{
public:
T m_values[N];

// you could put functions in here to do operations on the array data to make it look more like a standard
// data type, instead of a plain vanilla array
unsigned int Count () { return N; }

void SomeOtherFunction () { }
};

void MyFunc ()
{
// make an array of 32 floats
CStaticArray m_floatArray;

// make an array of 128 SSomeStructs
CStaticArray m_objectArray;

for (unsigned int index = 0; index < m_objectArray.Count(); ++index)
{
m_objectArray.m_values[index].DoSomething();
}
}
```

The above really shines if you have a standard API for strings or dynamic arrays in your code base. You can make a version like the above which works without dynamic allocations, but gives the same interface so it's easier for fellow programmers to use and swap in and out as needed.

Another nice benefit to the above technique is that it works for stack allocations, but you can also make them member variables of other objects. In this way, you can minimize dynamic allocations. Instead of having to dynamically allocate an object, and then dynamically allocate the array inside of it, you do a single allocation to get all the memory needed.

That is the closest thing in C++ that I've seen to alloca, but even so, alloca has the advantage that you can decide how much memory to allocate at run time. With the template method, you have to know at compile time which is fine for a lot of cases, but othertimes is a deal breaker, forcing you to have to go back to dynamic allocations (or perhaps now, alloca instead?)

Realloc

Realloc is the other interesting memory allocation function.

Like I was mentioning above, the fewer allocations you can do, the better off you are in terms of performance, and also memory fragmentation.

By writing smart containers (dynamic arrays, dynamic strings, etc) you can make it so when someone tries to make a container smaller, that instead of allocating new memory that’s smaller, copying the data over, and freeing the old memory, that instead it just remembers the new size but keeps the old, larger memory around.

Then later on, if the container was told to grow, if it was smaller than the larger size from the past, it could just use some of that old memory again.

However, if that container grows larger than it used to be, you are going to have to allocate, copy, and free (costly etc) to grow the container.

Down in the guts of your computer however, there may be memory right after the current memory that’s not being used by anything else. Wouldn’t it be great if you could just say “hey… use that memory too, i don’t want to reallocate!”.

Well, realloc does ALL of the above for you without you having to write special code.

When you realloc memory, you give the old pointer and the new size, and if it’s able to, it won’t do any allocations whatsoever, and will just return you your old pointer back to you. It may allocate the next memory block for you if the new size is larger, but would still return the old pointer value in this case. Or, if the new amount of memory is smaller, it may return you back the same memory without doing anything internally (it depends on your compiler’s specific implementation of realloc what it does when)

If realloc does have to allocate new memory though, it will copy over all the old data to the new memory that it returns to you and free the old memory. So, you don’t have to CARE whether the pointer returned is old or new, just store the return value and continue on with your life.

It’s pretty cool and can help reduce actual memory allocations, lowering memory fragmentation and increasing performance.

Is pre-increment really faster than post increment? Part 2

In the first part of this blog post (Is pre-increment really faster than post increment? Part 1) I showed that it really doesn’t seem to matter if you use post or pre increment with simple integer types.

I then promised an example of where the choice of pre or post increment DOES matter, and here it is.

The long and the short of it is this…

• When you pre increment a variable, you are changing the value of a variable, and the new value will be used for whatever code the pre increment is part of.
• When you post increment a variable, you are changing the value of a variable, but the OLD value is used for whatever code the post increment is part of.

To make post increment work that way, it essentially needs to make a copy of the variable before the increment and return the copy for use by the code of which the post increment is a part of.

A pre increment has no such need, it modifies the value and everything uses the same variable. There is no copy needed.

The compiler / optimizer apparently does a good job of figuring out when it does or does not need to make a copy of integral types, but it doesn’t do as well with complex objects. Here’s some sample code to demonstrate this and the output that it generates in both debug and release.

Test Code

```#include
#include
#include

//=============================================================
class CScopeMessage
{
public:
CScopeMessage(const char *label)
{
PrintIndent();
printf("%srn", label);
s_indentLevel++;
}

CScopeMessage(const char *label, int objectId)
{
PrintIndent();
printf("%s obj %irn", label, objectId);
s_indentLevel++;
}

CScopeMessage(const char *label, int objectId, int copyObjectId)
{
PrintIndent();
printf("%s (obj %i) to obj %irn", label, objectId, copyObjectId);
s_indentLevel++;
}

~CScopeMessage()
{
s_indentLevel--;
}

static void StartNewTest()
{
s_indentLevel = 0;
s_lineNumber = 0;
printf("rn");
}

private:
void PrintIndent()
{
s_lineNumber++;
printf("%2i:  ", s_lineNumber);
for(int index = 0; index < s_indentLevel; ++index)
printf("  ");
}

private:
static int s_indentLevel;
static int s_lineNumber;
};

int CScopeMessage::s_indentLevel = 0;
int CScopeMessage::s_lineNumber = 0;

//=============================================================
class CTestClass
{
public:
CTestClass()
{
m_objectID = s_objectID;
s_objectID++;

// this is just noise in the test, but feel free to
// comment out if you want to see for yourself
//CScopeMessage msg("Constructing", m_objectID);
m_value = new char[4];
strcpy(m_value, "one");
}

CTestClass(const CTestClass &other)
{
m_objectID = s_objectID;
s_objectID++;

CScopeMessage msg("Copy Constructing", other.m_objectID, m_objectID);
m_value = new char[strlen(other.m_value) + 1];
strcpy(m_value, other.m_value);
}

~CTestClass()
{
CScopeMessage msg("Destroying", m_objectID);
delete[] m_value;
}

// preincrement
CTestClass &operator++()
{
CScopeMessage msg("Pre Increment", m_objectID);
DoIncrement();
return *this;
}

// postincrement
CTestClass operator++(int)
{
CScopeMessage msg("Post Increment", m_objectID);
CTestClass result(*this);
DoIncrement();
return result;
}

void DoIncrement()
{
CScopeMessage msg("Doing Increment", m_objectID);
}

private:
char *m_value;
int m_objectID;

static int s_objectID;
};

int CTestClass::s_objectID = 0;

//=============================================================
int main (int argc, char **argv)
{
CTestClass test;
{
CScopeMessage msg("--Post Increment--");
test++;
}

CScopeMessage::StartNewTest();
{
CScopeMessage msg("--Post Increment Assign--");
CTestClass testB = test++;
}

CScopeMessage::StartNewTest();
{
CScopeMessage msg("--Pre Increment--");
++test;
}

CScopeMessage::StartNewTest();
{
CScopeMessage msg("--Pre Increment Assign--");
CTestClass testB = ++test;
}

system("pause");
return 0;
}
```

Debug

Here’s the debug output:

You can see that in the post increment operator, it calls the copy constructor not once but twice! The first copy constructor is called to create the “result” object, and the second copy constructor is called to return it by value to the caller.

```CTestClass operator++(int)
{
CScopeMessage msg("Post Increment", m_objectID);
CTestClass result(*this);
DoIncrement();
return result;
}
```

Note that it can’t return the copy by reference because it’s a local variable. C++11’s “std::move” and xvalue type functionality is there to help with this stuff, but if you can’t use that tech yet, it isn’t much help hehe.

Interestingly, we can see that 2 copy constructors get called whether or not we assign the value returned or not.

On the pre-increment side, you can see that it only does a copy construction call if you assign the result. This is nice and is what we want. We don’t want extra object copies or memory allocations and deallocations.

Release

Things are a little bit better in release, but not by much. The optimizer seems to have figured out that it doesn’t really need to do 2 object copies, since it only ever wants at most one REAL copy of the object, so it gets away with doing one object copy in both situations instead of two.

That’s an improvement, but still not as good as the pre-increment case which hasn’t visibly changed in release (not sure about the assembly of these guys, but if you look and find something interesting, post a comment!)

Summary

As always, you should check your own assembled code, or test your compiler with printf output like this post does to ensure you really know what your code is doing.

But… it seems like you might want to use pre-increment if you ever use increment operators for heavy weight objects (such as iterators), but if you want to use post increment for integral types, it ought to be fine.

That said, a lot of people say “just use pre-increment” because at worst it’ll be the same as a post increment, but at best it will be a lot more efficient.

You do whatever you want, so long as you are aware of the implications of going one way or the other 😛

A Super Tiny Random Number Generator

When I posted the last blog post about shuffling on the GameProgrammer.com mailing list, someone responded back with a super tiny random number generator that is actually pretty damn good. It is this:

```x+=(x*x) | 5;
```

The high bit of X is the source of your random numbers, so if you want to generate an 8 bit random number, you have to call it 8 times. Apparently it passes a lot of tests for randomness really well and is a pretty high quality PRNG. Check this out for more info: http://www.woodmann.com/forum/showthread.php?3100-super-tiny-PRNG

You can start x at whatever you want, but it might take a few iterations to “warm up” especially if you start with a small seed (ie you may want to throw away the first 5-10 random bits it generates as they may not be that random). I adapted it into an example program below, along with some example output. I use time() to set the initial value of x.

```#include
#include
#include
#include

// A super tiny prng
//
unsigned int seed = 0;
unsigned int GenerateRandomBit()
{
seed += (seed * seed) | 5;
return seed & 0x80000000;
}

template
void GenerateRandom(T& value)
{
memset(&value, 0, sizeof(T));
const unsigned int numBits = sizeof(T) * 8;
unsigned int* dataPointer = (unsigned int *)&value;
for (unsigned int index = 0; index < numBits; ++index)
{
if(GenerateRandomBit()) {
unsigned int pointerIndex = index / 32;
unsigned int mask = 1 << index % 32;
}
}
}

int main(int argc, char **argv)
{
seed = (unsigned int)time(NULL);
printf("seed = %urn", seed);

printf("9 random uints...rn");

for (unsigned int index = 0; index < 9; ++index)
{
unsigned int random;
GenerateRandom(random);
printf("%2u: %10u (%x)rn", index, random, random);
}

printf("3 random floats...rn");
for (unsigned int index = 0; index < 3; ++index)
{
float f;
GenerateRandom(f);
printf("%2u: %f (%x)rn", index, f, *((unsigned int*)&f));
}

printf("8 random characters...rn");
char text[8];
GenerateRandom(text);
for (unsigned int index = 0; index < 8; ++index)
{
printf("%2u: %crn", index, text[index]);
}
system("pause");
return 0;
}
```

Fast & Lightweight Random “Shuffle” Functionality – FIXED!

In this post I’m going to show a way to make an iterator that will visit items in a list in a random order, only visit each item once, and tell you when it’s visited all items and is finished. It does this without storing a shuffled list, and it also doesn’t have to keep track of which items it has already visited.

This means you could have a list that is a million items long and no matter how many you have visited, it will only take two uint32s to store the current state of the iterator, and it will be very fast to get the next item in the list (somewhere around 1 to 4 times the cost of calling the rand() function!).

This is a follow up post to an older post called Fast & Lightweight Random “Shuffle” Functionality.

In that older post, things didn’t work quite like I expected them to so it was back to the drawing board for a little while to do some research and experimentation to find a better solution. I’m not going to go back over the basics I talked about in that article so go back and have a read there first if anything is confusing.

High Level

In the last post on this topic we talked about how the high level goal was to map the index to a random number, and because we were randomizing the bits in a deterministic (and non destructive) way, we needed to iterate over the whole “next power of 2” items and reject any that were too large. Only doing this could we be sure that we visited every index. The problem I hit last time though was that I could not get the numbers to look random enough.

To solve this, i decided what i needed to do was ENCRYPT the index with a block cipher. When you encrypt data, it should come out looking like random data, even though the data you put in may be sequential or have other easily seen patterns. What else is great, is that when using a block cipher, each unique input should equate to a unique output which means that if we encrypt the full power of 2 range as input, we will get the full power of 2 range out as output, but just in a different order.

Once I realized this was a good solution, my next problem to tackle was that I knew of no block algorithms that would work for a variable number of bits. There are block cipher algorithms that will work for LARGE number of bits, but there is no algorithm I knew of where you can tell it “hey, i only want to use 4 bits” or “i only want to use 5 bits”.

In the end the answer I found was to roll my own, but use existing, well established technology to do so. In my specific case, I’m also aiming for high speed functions since I want this functionality used in real time gaming applications.

What I came up with in the end is not cryptographically secure, but using the same techniques I have laid out, you should be able to drop in a different block cipher algorithm if that is a requirement.

Feistel Network

As it turns out, there is a basic primitive of cryptography called a Feistel Network. It’s used by quite a number of modern ciphers and hash functions, and it is surprisingly simple.

For a balanced Feistel Network, you split the data into a left and a right side, and do the following, which consists of a single round (you can do as many rounds as you like):

```Left[i+1]  = Right[i];
Right[i+1] = Left[i] ^ RoundFunction(Right[i], key);
```

After performing however many rounds you wish, you combine the left and the right sides again to get your encrypted data.

To unencrypt, the feistel network works much the same but only in reverse, looking like the below:

```Right[i] = Left[i+1];
Left[i] = Right[i+1] ^ RoundFunction(Left[i+1], key);
```

The neat thing about Feistel Networks is that the round function can be any deterministic function that performs whatever operations it wants – even destructive and irreversible operations such as division or bit shifts. Even so, the feistel network as a whole is reversible, no matter what you do in the round function, and you can unencrypt to get your origional data back.

This threw me for quite a loop and I couldn’t get my head around why this worked for a long while until I found a webpage that explained it pretty well. unfortunately I lost the link and cannot find it again but the basic idea is this… For each round of encryption, the right side is encrypted using the key and the left side. This means that at any point, no matter how many rounds you’ve done on your data, the right side should be able to be decrypted using the key and the left side. If you have the key, and you know how many rounds were used in encryption, you have all the data you need to decrypt it again. Hopefully that makes sense… I had to work it out on paper a little bit to see it fully.

The other great thing about Feistel Networks is that you can make them be however many bits you want. So, if i want each side of the Feistel Network to be 1 bit, I can do that. Or, if i want each side to be 128 bits, I can do that too!

You can also tune the quality / performance a bit by doing less or more rounds.

BTW the Tiny Encryption Algorithm uses a Feistel Network if you want to see a simple example in action.

With the “variable bit size support” problem solved, next I needed to come up with a round function that did a good job of taking sequential numbers as input and spitting out seemingly random numbers as output. Thanks to what I was saying before, the round function doesn’t need to be reversible, so there are a lot of options available.

I ended up deciding to go with a hash function, specifically Murmur Hash 2 (which I actually also used in my last post if you’d like to see some more information on it! The Incredible Time Traveling Random Number Generator).

Since the hash spits out numbers that might be anything in the range of an unsigned int, but I only want N bits, I just AND the hash against a mask to get the number of bits I want. There’s probably a higher quality method of smashing down the bits using XOR or something, but my quality needs aren’t very high so I just opted to AND it.

A downside of going with the balanced Feistel Network approach is that before this, I only had to round up to the next power of 2, but now, since each half of the data needs to be a power of 2, I actually have to make sure I have an even number of bits and have to round up to the next power of 4. This means that when it’s looking for valid indices to return in the shuffle, it may have to calculate up to 4 different indices on average before it finds a valid one. Not the greatest thing in the world, but also not the worst and definitely not a deal breaker in my eyes.

The Code

At long last, here is the code! Use it in good health (:

There are some example runs of the program below it as well.

```#include
#include
#include

// MurmurHash code was taken from https://sites.google.com/site/murmurhash/
//-----------------------------------------------------------------------------
// MurmurHash2, by Austin Appleby

// Note - This code makes a few assumptions about how your machine behaves -

// 1. We can read a 4-byte value from any address without crashing
// 2. sizeof(int) == 4

// And it has a few limitations -

// 1. It will not work incrementally.
// 2. It will not produce the same results on little-endian and big-endian
//    machines.

unsigned int MurmurHash2 ( const void * key, int len, unsigned int seed )
{
// 'm' and 'r' are mixing constants generated offline.
// They're not really 'magic', they just happen to work well.

const unsigned int m = 0x5bd1e995;
const int r = 24;

// Initialize the hash to a 'random' value

unsigned int h = seed ^ len;

// Mix 4 bytes at a time into the hash

const unsigned char * data = (const unsigned char *)key;

while(len >= 4)
{
unsigned int k = *(unsigned int *)data;

k *= m;
k ^= k >> r;
k *= m;

h *= m;
h ^= k;

data += 4;
len -= 4;
}

// Handle the last few bytes of the input array

switch(len)
{
case 3: h ^= data[2] << 16;
case 2: h ^= data[1] <> 13;
h *= m;
h ^= h >> 15;

return h;
}

struct SShuffler
{
public:
SShuffler(unsigned int numItems, unsigned int seed)
{
// initialize our state
m_numItems = numItems;
m_index = 0;
m_seed = seed;

// calculate next power of 4.  Needed sice the balanced feistel network needs
// an even number of bits to work with
m_nextPow4 = 4;
while (m_numItems > m_nextPow4)
m_nextPow4 *= 4;

// find out how many bits we need to store this power of 4
unsigned int numBits = 0;
unsigned int mask = m_nextPow4 - 1;
{
numBits++;
}

// calculate our left and right masks to split our indices for the feistel
// network
m_halfNumBits = numBits / 2;
m_rightMask = (1 << m_halfNumBits) - 1;
}

void Restart()
{
Restart(m_seed);
}

void Restart(unsigned int seed)
{
// store the seed we were given
m_seed = seed;

// reset our index
m_index = 0;
}

// Get the next index in the shuffle.  Returning false means the shuffle
// is finished and you should call Restart() if you want to start a new one.
bool Shuffle(unsigned int &shuffleIndex)
{
// m_index is the index to start searching for the next number at
while (m_index < m_nextPow4)
{
// get the next number
shuffleIndex = NextNumber();

// if we found a valid index, return success!
if (shuffleIndex  1)
{
// get the last number
shuffleIndex = LastNumber();

// if we found a valid index, return success!
if (shuffleIndex > m_halfNumBits;
unsigned int right = (index & m_rightMask);

// do 4 feistel rounds
for (int index = 0; index < 4; ++index)
{
unsigned int newLeft = right;
unsigned int newRight = left ^ (MurmurHash2(&right, sizeof(right), m_seed) & m_rightMask);
left = newLeft;
right = newRight;
}

// put the left and right back together to form the encrypted index
return (left << m_halfNumBits) | right;
}

private:

// precalculated values
unsigned int m_nextPow4;
unsigned int m_halfNumBits;

// member vars
unsigned int m_index;
unsigned int m_seed;
unsigned int m_numItems;

// m_index assumptions:
//   1) m_index is where to start looking for next valid number
//   2) m_index - 2 is where to start looking for last valid number
};

// our songs that we are going to shuffle through
const unsigned int g_numSongs = 10;
const char *g_SongList[g_numSongs] =
{
" 1. Head Like a Hole",
" 2. Terrible Lie",
" 3. Down in It",
" 4. Sanctified",
" 5. Something I Can Never Have",
" 6. Kinda I Want to",
" 7. Sin",
" 8. That's What I Get",
" 9. The Only Time",
"10. Ringfinger"
};

int main(void)
{
// create and seed our shuffler.  If two similar numbers are hashed they should give
// very different results usually, so for a seed, we can hash the time in seconds,
// even though that number should be really similar from run to run
unsigned int currentTime = time(NULL);
unsigned int seed = MurmurHash2(&currentTime, sizeof(currentTime), 0x1337beef);
SShuffler shuffler(g_numSongs, seed);

// shuffle play the songs
printf("Listen to Pretty Hate Machine (seed = %u)rn", seed);
unsigned int shuffleIndex = 0;
while(shuffler.Shuffle(shuffleIndex))
printf("%srn",g_SongList[shuffleIndex]);

system("pause");
return 0;
}
```

The Incredible Time Traveling Random Number Generator

It isn’t very often that you need a pseudo random number generator (PRNG) that can go forwards or backwards in time, or skip to specific points in the future or the past. However, if you are ever writing a game like Braid and do end up needing one, here’s one way to do it.

At the core of how this is going to work, we are going to keep track of an index, and have some way to convert that index into a random number. if we want to move forward in time, we will just increment the index. If we want to move backwards in time, we will just decrement the index. It’s super simple from a high level, but how are we going to convert an index into a random number?

There are lots of pseudo random number generators out there that we could leverage for this purpose, the most famous being C++’s built in “rand()” function, and another one famous in the game dev world is the Mersenne Twister.

I’m going to do something a little differently though as it leads well into the next post I want to write, and may be a little bit different than some people are used to seeing; I want to use a hash function.

Murmur Hash 2

Good hash functions have the property that small changes in input give large changes in output. This means that if we hash the number 1 and then hash the number 2, that they ought not to be similar output, they ought to be wildly different numbers in the usual case. Sometimes, just like real random numbers, we might get 2 of the same numbers in a row, but that is the desired behavior to have the output act like real random sequences.

There are varying levels of quality of hash functions, ranging from a simple string “hash” function of using the first character of a string (super low quality hash function, but super fast) all the way up to cryptographic quality hash functions like MD5 and SHA-1 which are a lot higher quality but also take a lot longer to generate.

In our usage case, I’m going to assume this random number generator is going to be used for game use, where if the player can discover the pattern in the random numbers, they won’t be able to gain anything meaningful or useful from that, other than at most be able to cheat at their own single player game. However, I really do want the numbers to be fairly random to the casual eye. I don’t want visible patterns to be noticeable since that would decrease the quality of the gameplay. I would also like my hash to run as quickly as possible to keep game performance up.

Because of that level of quality I’m aiming for, I opted to go with a fast, non cryptographic hash function called Murmur Hash 2. It runs pretty quick and it gives pretty decent quality results too – in fact the official Murmur Hash Website claims that it passes the Chi Squared Test for “practically all keysets & bucket sizes”.

If you need a higher quality set of random numbers, you can easily drop in a higher quality hash in place of Murmur Hash. Or, if you need to go the other way and have faster code at the expensive of random number quality, you can do that too.

Speed Comparison

How fast is it? Here’s some sample code to compare it vs C++’s built in rand() function, as well as an implementation of the Mersenne Twister I found online that seems to preform pretty well.

```#include
#include
#include
#include
#include "tinymt32.h" // from http://www.math.sci.hiroshima-u.ac.jp/~m-mat/MT/TINYMT/index.html

// how many numbers to generate
#define NUMBERCOUNT 10000000  // Generate 10 million random numbers

// profiling macros
#define PROFILE_BEGIN
{
LARGE_INTEGER freq;
LARGE_INTEGER start;
QueryPerformanceFrequency(&freq);
QueryPerformanceCounter(&start);

#define PROFILE_END(label)
LARGE_INTEGER end;
QueryPerformanceCounter(&end);
}

// MurmurHash code was taken from https://sites.google.com/site/murmurhash/
//-----------------------------------------------------------------------------
// MurmurHash2, by Austin Appleby

// Note - This code makes a few assumptions about how your machine behaves -

// 1. We can read a 4-byte value from any address without crashing
// 2. sizeof(int) == 4

// And it has a few limitations -

// 1. It will not work incrementally.
// 2. It will not produce the same results on little-endian and big-endian
//    machines.

unsigned int MurmurHash2 ( const void * key, int len, unsigned int seed )
{
// 'm' and 'r' are mixing constants generated offline.
// They're not really 'magic', they just happen to work well.

const unsigned int m = 0x5bd1e995;
const int r = 24;

// Initialize the hash to a 'random' value

unsigned int h = seed ^ len;

// Mix 4 bytes at a time into the hash

const unsigned char * data = (const unsigned char *)key;

while(len >= 4)
{
unsigned int k = *(unsigned int *)data;

k *= m;
k ^= k >> r;
k *= m;

h *= m;
h ^= k;

data += 4;
len -= 4;
}

// Handle the last few bytes of the input array

switch(len)
{
case 3: h ^= data[2] << 16;
case 2: h ^= data[1] <> 13;
h *= m;
h ^= h >> 15;

return h;
}

void RandTest()
{
for(int index = 0; index < NUMBERCOUNT; ++index)
int i = rand();
}

unsigned int MurmurTest()
{
unsigned int key = 0;
for(int index = 0; index < NUMBERCOUNT; ++index)
key = MurmurHash2(&key,sizeof(key),0);
return key;
}

// g_twister is global and inited in main so it doesnt count towards timing
tinymt32_t g_twister;
unsigned int TwisterTest()
{
unsigned int ret = 0;
for(int index = 0; index < NUMBERCOUNT; ++index)
ret = tinymt32_generate_uint32(&g_twister);
return ret;
}

int main(int argc, char**argv)
{
// rand() test
PROFILE_BEGIN;
RandTest();
PROFILE_END("rand()");

// hash test
unsigned int murmurhash;
PROFILE_BEGIN;
murmurhash = MurmurTest();
PROFILE_END("Murmur Hash 2");

// twister test
g_twister.mat1 = 0;
g_twister.mat2 = 0;
tinymt32_init(&g_twister, 0);
unsigned int twister;
PROFILE_BEGIN;
twister = TwisterTest();
PROFILE_END("Mersenne Twister");

// show the results
system("pause");

// this is here so that the murmur and twister code doesn't get optimized away
printf("%u %urn", murmurhash, twister);

return 0;
}
```

Here's the output of that code run in release on my machine, generating 10 million random numbers of each type. You can see that murmurhash takes about 1/3 as long as rand() but is not quite as fast as the Mersenne Twister. I ran this several times and got similar results, so all in all, Murmur Hash 2 is pretty fast!

Final Code & Sample Output

Performance looks good but how about the time traveling part, and how about seeing some example output?

Here’s the finalized code:

```#include
#include
#include

// MurmurHash code was taken from https://sites.google.com/site/murmurhash/
//-----------------------------------------------------------------------------
// MurmurHash2, by Austin Appleby

// Note - This code makes a few assumptions about how your machine behaves -

// 1. We can read a 4-byte value from any address without crashing
// 2. sizeof(int) == 4

// And it has a few limitations -

// 1. It will not work incrementally.
// 2. It will not produce the same results on little-endian and big-endian
//    machines.

unsigned int MurmurHash2 ( const void * key, int len, unsigned int seed )
{
// 'm' and 'r' are mixing constants generated offline.
// They're not really 'magic', they just happen to work well.

const unsigned int m = 0x5bd1e995;
const int r = 24;

// Initialize the hash to a 'random' value

unsigned int h = seed ^ len;

// Mix 4 bytes at a time into the hash

const unsigned char * data = (const unsigned char *)key;

while(len >= 4)
{
unsigned int k = *(unsigned int *)data;

k *= m;
k ^= k >> r;
k *= m;

h *= m;
h ^= k;

data += 4;
len -= 4;
}

// Handle the last few bytes of the input array

switch(len)
{
case 3: h ^= data[2] << 16;
case 2: h ^= data[1] <> 13;
h *= m;
h ^= h >> 15;

return h;
}

class CReversablePRNG
{
public:
CReversablePRNG()
{
m_index = 0;
m_seed = 0;
}

unsigned int NextNumber()
{
unsigned int ret = MurmurHash2(&m_index, sizeof(m_index), m_seed);
m_index++;
return ret;
}

unsigned int LastNumber()
{
unsigned int lastIndex = m_index - 2;
unsigned int ret = MurmurHash2(&lastIndex, sizeof(lastIndex), m_seed);
m_index--;
return ret;
}

// to be able to save / restore state for a save game or whatever else
void GetState(unsigned int &index, unsigned int &seed)
{
index = m_index;
seed = m_seed;
}

void SetState(unsigned int index, unsigned int seed)
{
m_index = index;
m_seed = seed;
}

private:
unsigned int m_index;
unsigned int m_seed;
};

int main(int argc, char**argv)
{
// create and seed our random number generator.  If two similar numbers are hashed
// they should give very different results usually, so for a seed, we can hash the
// time in seconds, even though the number from run to run should be really similar
CReversablePRNG prng;
unsigned int currentTime = time(NULL);
unsigned int seed = MurmurHash2(&currentTime, sizeof(currentTime), 0x1337beef);
prng.SetState(0, seed);

// display our seed and our table header
printf("seed = %urn", seed);
printf("index | raw number | mod 10rn");
printf("---------------------------rn");

// generate 10 numbers forward
for (int index = 0; index < 10; ++index)
{
unsigned int nextNumber = prng.NextNumber();
printf("%2i    | %10u | %urn", index, nextNumber, nextNumber % 10);
}

// generate 3 numbers back
printf("rn");
for (int index = 0; index < 3; ++index)
{
unsigned int lastNumber = prng.LastNumber();
printf("%2i    | %10u | %urn", 8 - index, lastNumber, lastNumber % 10);
}

// generate 5 numbers forward
printf("rn");
for (int index = 0; index < 5; ++index)
{
unsigned int nextNumber = prng.NextNumber();
printf("%2i    | %10u | %urn", 7 + index, nextNumber, nextNumber % 10);
}

system("pause");

return 0;
}
```

Next Up

Hopefully you enjoyed this post!

Next up I’m going to be applying this code to the problem of shuffling to continue on from the post where I tried to do that before: Fast & Lightweight Random “Shuffle” Functionality.

Why do you hate me rand()?!

TL;DR – I’ve always heard rand() sucked for generating (cryptographically strong) random numbers, but it turns out it’s just kind of bad in general too LOL.

OK so this is bizarre, I made a default settings console project in MSVC 2012 with the code below:

```#include
#include
#include

int main(int argc, char** argv)
{
time_t thetime = 0;
time(&thetime);
srand(thetime);
int a = rand();
int b = rand();
int c = rand();
int d = rand();

printf("time = %llu (%llu)rna = %irnb = %irnc =t %irnd = %irn", thetime, thetime % RAND_MAX, a, b, c, d);
return 0;
}
```

Here are some sample outputs, can you see what’s wrong?!

```time = 1371620230 (26377)
a = 11108
b = 28489
c = 18911
d = 15679
```
```time = 1371620268 (26415)
a = 11232
b = 10944
c = 9621
d = 12581
```
```time = 1371620289 (26436)
a = 11301
b = 7285
c = 24321
d = 26390
```
```time = 1371620310 (26457)
a = 11369
b = 3625
c = 6252
d = 7432
```
```time = 1371620332 (26479)
a = 11441
b = 10714
c = 6048
d = 12537
```

5 times in a row you can see that the first number randomly generated is in the 11,000’s. You can also see that it’s steadily increasing.

I included the time modulo RAND_MAX in case that was the first number returned but it isn’t. I also looked at the numbers in hex and there isn’t a clear pattern there either. I can’t really discern the correlation between the time and the first random number, but there is definitely a pattern of some kind.

You always hear you shouldn’t use rand() if you need really high quality random numbers (like used for encryption), but i always figured if you use srand() with time, your number will be good enough for games at least. Turns out, you might want to throw out the first random number rand gives you before using the stuff for your games too. Maybe throw out a couple just in case! 😛

You might wonder why b,c,d are seemingly more random then a, but that’s likely due to the Avalanche Effect aka “sensitivity to initial conditions” which as it turns out is a nice property of cryptographic algorithms as well as pseudo random number generators. That is also a fundamental idea from Chaos Theory.

Essentially, as you ask for more random numbers, they ought to be more unpredictable, and more “random”. You just get some trash in the beginning.

Anyways… I’m super surprised by just how bad rand() is… I guess I never looked at it like this before (or maybe this is some new bad behavior in MSVC 2012?). Also, RAND_MAX is defined for me as 0x7fff. Ouchies, where are the rest of our numbers? 😛

Fast & Lightweight Random “Shuffle” Functionality

NOTE: THIS ARTICLE ENDS IN FAILURE. IF YOU WANT TO SKIP AHEAD TO THE SUCCESSFUL METHOD CHECK OUT THIS POST: Fast & Lightweight Random “Shuffle” Functionality – FIXED

Sometimes in game development we have a list of things that we want to choose from randomly, but we want to make sure and only choose each thing one time.

For instance, let’s say you are making a game where the player gets quests randomly from an NPC, but when they finish the current group of quests, they can then move onto the next group of quests (because the next group is harder than the first group).

Here’s some obvious ways you might implement this:

• Make a list of the items you want to choose randomly from. When you choose an item from the list, remove it from the list so that it won’t be chosen from next time. You have to allocate and maintain (and maybe serialize) a list which is a little bit of a bummer, but it gets the job done.
• Add a flag or bool to each item to remember whether it’s been chosen from. When you randomly choose an item, if it has already been chosen, roll a random number again. If it hasn’t been chosen, mark it as having been chosen and use it. The bummer here is that it isn’t constant time. If you have a lot of items to choose from, when you get near the end and only have a few items left unused, you’ll have to roll a bunch of random numbers before you find a valid one to use.
• Taking a cue from the last article Efficiently Generate Random Numbers Without Repeats, you could go with the 2nd option, but count how many unused items there are, roll a random number for the number of unused items, and then count through the list again to find which unused item you rolled. This is nicer, but it might be costly to have to traverse the list, especially if the list has a lot of items in it.

Computer Science Magic

Computer science has some neat things to it that could help you out here. Most notably, there are various algorithms for traversing numbers or multidimensional spaces in ways other than sequentially, for various reasons. Here are 2 such things for example (but there are many more out there waiting for you to find them!):

You could likely leverage something like these guys to traverse the items in a list in a way that looked random to a player, but would actually be well defined and have a pattern to them. The unfortunate thing about these is that they may be the same “random” every time though. With some creativity and programming alchemy you might be able to get around that problem though.

If something like this works well enough for you, it might be your solution!

XOR Magic

XOR is a magical thing. I started game development back in 16 bit CPU days before hardware accelerated graphics, and when GL (and later directX) first appeared, my first question was “this is all very neat, but how do i XOR pixels?” Sadly, the answer was that I couldn’t, and as far as I know, we still don’t have that ability with shaders and it makes me sad LOL.

Anyways, besides making really snazzy “programmer art” style graphics (and selection boxes), XOR is one of the corner stones of encryption and other cryptography. (Like Cryptography? I have a bunch of posts on it, go check em out! Cryptography 101)

For instance, the “one time pad” is the ONLY mathematically proven uncrackable encryption scheme, and it uses XOR. In fact, it ONLY uses XOR.

One property of XOR that makes it useful for cryptography also makes it useful to us here in our shuffle code. That property is this: If you have a random number, and a non random number, when you XOR them together, the result will be a random number too. (BTW the other property that makes it useful for cryptography is that it’s reversible, but we don’t care about that right now).

Think about that for a minute… that means that if you have a random number, and you count from 1 to 10, XORing each number by the same random number, the resulting numbers ought to be random too. What else is great is that thanks to the fact that Boolean math is deterministic (1 xor 0 is always 1, every time you do it), the numbers you get out will all be unique and not repeat. TA-DA! There are some problems left to solve, but we now have the basis for our shuffle algorithm!

Are you down with the SHUF?

Ok so the basic idea for shuffling is this: We are going to loop through the list normally, but we are going to xor each index against a pre-rolled random number so that it randomizes the index for us in a way that will have no repeats. Let’s pretend that we have 5 things to loop through and that our random number is 3. Let’s try it out:

```index 0: 0 ^ 3 == 3
index 1: 1 ^ 3 == 2
index 2: 2 ^ 3 == 1
index 3: 3 ^ 3 == 0
index 4: 4 ^ 3 == 7
```

Our last number ended up being 7, what the heck happened? Well, the issue here is that it’s randomizing the bits in our indices, not really shuffling our 5 items. With 5 items to loop through, that means there are 3 bits that it is randomizing, which means that we might encounter any 3 bit value at any time (including 7, the highest one!), and that we would need to iterate through all 3 bit values to encounter all the indices that we are looking for (0 through 5). We’ll just have to loop through all 3 bit indices and ignore anything too large. Here’s all of the values:

```index 0: 0 ^ 3 == 3
index 1: 1 ^ 3 == 2
index 2: 2 ^ 3 == 1
index 3: 3 ^ 3 == 0
index 4: 4 ^ 3 == 7 (ignore)
index 5: 5 ^ 3 == 6 (ignore)
index 6: 6 ^ 3 == 5 (ignore)
index 7: 7 ^ 3 == 4
```

Looks like we solved that issue.

The other issue that comes up is that the random number can be any number that can fit in an unsigned int. When we xor a huge number by our small indices, we’ll get giant numbers out as a result.

For instance if our random number was 15367, xoring that against index 3 would give us 15364.

To fix that, we can just use the lowest 3 bits of the random number (& against 7). That way, the random number can only have bits set in the lowest 3 bits, and our index already can only have bits set in the lowest 3 bits, so the end result can also only have bits set in the lowest 3 bits.

I think we are ready to write some code!

The Source Code

```#include
#include
#include

template
struct SShuffler
{
public:
SShuffler()
{
Start();
}

// start a new shuffle
void Start()
{
m_index = (unsigned int)-1;
m_randomNumber = ((unsigned int)rand()) & c_numItemsNextPow2Mask;
}

// whether or not the shuffle is finished
bool IsDone()
{
return m_index == c_numItemsNextPow2;
}

// Get the next index in the shuffle
bool Shuffle(unsigned int &shuffleIndex)
{
// increment our index until we reach our max index,
// or we find a valid index
do
{
m_index++;
shuffleIndex = m_index ^ m_randomNumber;
}
while (m_index = c_numItems);

// if we haven't reached the max index, our shuffle was successful
return m_index > 1;
static const unsigned int c_B = c_A | c_A >> 2;
static const unsigned int c_C = c_B | c_B >> 4;
static const unsigned int c_D = c_C | c_C >> 8;
static const unsigned int c_numItemsNextPow2Mask = c_D | c_D >> 16;
static const unsigned int c_numItemsNextPow2 = c_numItemsNextPow2Mask + 1;

// member vars
unsigned int m_index;
unsigned int m_randomNumber;
};

// our songs that we are going to shuffle through
const unsigned int g_numSongs = 10;
const char *g_SongList[g_numSongs] =
{
"2. Terrible Lie",
"3. Down in It",
"4. Sanctified",
"5. Something I Can Never Have",
"6. Kinda I Want to",
"7. Sin",
"8. That's What I Get",
"9. The Only Time",
"10. Ringfinger"
};

int main(void)
{
// use the current time as a seed for our random number generator
srand((unsigned)time(0));

// declare a shuffler object
SShuffler shuffler;

// shuffle play once
printf("I wanna listen to some NIN...(seed = %i)rnrn", shuffler.DebugGetSeed());
unsigned int shuffleIndex = 0;
while(!shuffler.IsDone())
{
if (shuffler.Shuffle(shuffleIndex))
printf("%srn",g_SongList[shuffleIndex]);
}

// shuffle play again
shuffler.Start();
printf("rnThat was great, let's listen again! (seed = %i)rnrn", shuffler.DebugGetSeed());
while(!shuffler.IsDone())
{
if (shuffler.Shuffle(shuffleIndex))
printf("%srn",g_SongList[shuffleIndex]);
}

printf("rn");
system("pause");
return 0;
}
```

Example Run

Here’s the output of an example run of this program. Note that if ever you encounter seed 0, it will not shuffle at all. Also, if you encounter seed 15, it will play the list exactly backwards!

Something Weird Going On

After playing with this stuff a bit, it looks like even though this technique works “ok”, that it actually doesn’t randomize the list as much as I thought it was. It looks like no matter what my seed is, adjacent numbers seem to “pair up”. Like 1 and 2 will always be next to each other but will change which comes first. Same with 3 and 4, 5 and 6, etc.

I think the problem is that if you have a set of numbers in order, that for each possible order those numbers can be in, there doesn’t exist a number you can XOR the set of numbers to get to be in that order. I think that even though a simple XOR can re-arrange the numbers, it can’t give you all possible combinations (which makes sense… 16 seeds is a lot less than 10 factorial, which is how many combinations there ought to be!)

I have to play around with it some more and think about it a little more though. There might be a way at least to make it better, maybe using some more bits from the random number to do more math operations on the index or something.