XoroshiroEdit
Xoroshiro is a family of high-performance pseudorandom number generators (PRNGs) that rely on simple bitwise operations—xor, shifts, and rotations—to produce long sequences of numbers with good statistical properties for non-cryptographic use. The design goal is to deliver very fast throughput and small state while maintaining respectable randomness quality on modern CPUs. Because it emphasizes speed and simplicity over cryptographic strength, xoroshiro variants are widely adopted in games, simulations, procedural content generation, and other performance-critical software where determinism and repeatability matter.
The xoroshiro family builds on the older xorshift lineage, offering several state sizes and output modes to suit different workloads. The most common variants use 128-bit or 256-bit internal state. These configurations are designed to be fast on contemporary hardware, with minimal memory footprint and straightforward update rules. While highly suitable for many applications, they are not intended for cryptographic security; for security-critical tasks, developers should rely on cryptographically secure pseudorandom number generators and related primitives cryptographically secure pseudorandom number generator.
Design and Variants
[128-bit state] The core 128-bit-state variants include xoroshiro128+ and xoroshiro128*. In these, the generator maintains two 64-bit state words. The output is derived from a simple function of the internal state, and the state transition uses a small sequence of xor, rotate, and add operations. The “+” variant tends to emphasize uniformity of lower bits, while the “*” variant emphasizes different statistical characteristics through the output transformation.
[256-bit state] For larger workloads or to reduce correlation risk in parallel contexts, the 256-bit-state family—xoroshiro256+ and xoroshiro256**—extends the state to four 64-bit words. These variants preserve the same design philosophy: fast operations, compact state, and a practical balance of speed and statistical quality.
[Output functions] The xoroshiro family includes distinct output functions (e.g., the simple addition-based outputs and the star-star transformations) that trade off different aspects of distribution and speed. This mirrors a broader pattern in the xorshift lineage: small, well-understood transformations yield high performance with acceptable non-cryptographic randomness.
[Seeding and initialization] Good seeding is important to avoid trivial correlations. A common practice is to seed the state with a simple, robust non-cryptographic generator such as [splitmix64], which itself is designed to produce well-distributed initial states. See splitmix64 for more on this seeding approach.
[Relation to other families] Xoroshiro sits alongside other fast PRNG families like [xorshift] and [pcg], offering engineers a spectrum of trade-offs between speed, state size, and statistical behavior. For context, the [pseudo-random-number generator] landscape includes many designs optimized for different workloads and guarantees, and xoroshiro is one of the most performant options for general-purpose, non-cryptographic use.
Performance and Practicality
[Speed and locality] The core operations of xoroshiro—xor, shifts, and rotations—are extremely fast on modern CPUs and map well to SIMD workloads. This makes xoroshiro variants popular in game engines, physics simulations, and real-time graphics pipelines where latency and throughput are critical.
[State size and memory] With either 128-bit or 256-bit internal state, xoroshiro variants offer a small footprint relative to their performance. The modest state also simplifies storage, checkpointing, and deterministic replay scenarios.
[Portability] The simplicity of the arithmetic makes xoroshiro implementations portable across languages and platforms, from low-level systems programming in C/C++ to higher-level languages used in game development and data processing.
Seeding, Guarantees, and Use Cases
[Non-cryptographic nature] Xoroshiro is designed for speed and practical randomness in non-cryptographic contexts. It is not suitable for generating keys, nonces, or other security-sensitive material. For those purposes, developers should rely on a CSPRNG (cryptographically secure pseudorandom number generator) such as ChaCha-based constructions ChaCha20 or other vetted primitives.
[Common use cases] In software where reproducibility and performance matter, xoroshiro variants are used to drive procedural content generation, Monte Carlo simulations, randomized testing, and certain kinds of numerical experiments. The deterministic nature of the generator means that given the same seed, the same sequence will recur, which is valuable for debugging and validation.
[Initialization best practices] To avoid seed-related biases, it is typical to use a robust seeding routine (e.g., [splitmix64]) to derive the initial state, then switch to the xoroshiro core for generation. See splitmix64 for more on this approach.
Security, Controversies, and Debates
[Security boundaries] The consensus in the security community is clear: xoroshiro variants are not cryptographically secure. They should not be used where unpredictability must withstand adversarial observation. When security is a concern, practitioners prefer vetted CSPRNGs and standard constructions such as ChaCha-based generators or other approved designs cryptographically secure pseudorandom number generator.
[Performance trade-offs in policy and practice] In debates about software standards and performance, advocates of pragmatic engineering emphasize choosing fast, transparent, and well-understood primitives that are easy to audit and maintain. Proponents argue that xoroshiro’s simplicity and speed deliver clear value in performance-critical contexts, especially when security requirements are not the focus. Critics may push for stronger guarantees or broader standardization, but for many non-secure applications the practical balance offered by xoroshiro remains compelling.
[Testing and validation] Like all PRNGs, xoroshiro variants are validated with statistical test suites to assess non-cryptographic randomness. While they pass many standard tests, they are not a substitute for cryptographic evaluation. For developers, this means employing rigorous testing and avoiding assumptions about randomness quality beyond the intended use-case. See discussions around [test suites] such as BigCrush in the broader RNG literature when evaluating any algorithm.
[Open-source and transparency] A practical, pro-market angle highlights that xoroshiro implementations are accessible, open, and well-documented. This transparency supports independent validation, optimization by the community, and interoperability across platforms, aligning with a freedom-respecting approach to software development.