271: Random port libraries

by Wolfgang Corcoran-Mathe

Status

This SRFI is currently in draft status. Here is an explanation of each status that a SRFI can hold. To provide input on this SRFI, please send email to srfi-271@nospamsrfi.schemers.org. To subscribe to the list, follow these instructions. You can access previous messages via the mailing list archive.

• Received: 2026-05-03
• 60-day deadline: 2026-07-02
• Draft #1 published: 2026-05-03

Abstract

This SRFI proposes a pattern of libraries for binary input ports that produce random bytes. Libraries are divided into “cryptographic” and “repeatable” categories to address different uses of random data. The design leaves the details of random number generation to the implementer and the transformation of bytes to other types (floats, etc.) to higher-level libraries. A mechanism for saving random-port states as bytevectors and for propagating those states to new ports is also provided.

Contents

1. Issues
2. Rationale
3. Specification
   1. Terminology
   2. Libraries
      1. Library protocol
      2. Additional libraries
      3. Discussion
   3. Interface
      1. All libraries
      2. repeatable libraries
   4. Example repeatable library names
4. Implementation
5. Compatibility
6. Acknowledgements
7. References
8. Copyright

Issues

None at present.

Rationale

As a foundation for random-number generation, the well-known (and excellent) SRFI 27 includes both too little and too much. On the one hand, it makes no distinction between sources of cryptographic-quality pseudorandom data and sources of the deterministic pseudorandom data sometimes needed for testing and other purposes. On the other, it includes forms for defining new random sources and for parameterizing library procedures over them, thus adding avoidable complexity to the specification.

In this SRFI I take a different tack and try to describe a framework for random-byte generation that adds as little as necessary to the language. This SRFI:

• Uses binary input ports, rather than a novel type, for random sources.

• Uses the Scheme library system — and only the Scheme library system — to distinguish between cryptographic-quality sources and repeatable sources, as well as between different kinds of cryptographic and repeatable sources.

• Specifies no procedures for drawing random data. The random-byte-seeking user is pointed in the direction of read-u8 and read-bytevector; those in search of other kinds of random data will find a profusion of options in SRFI 194. (But see the compatibility notes.)

Random port states

Everyone agrees that it is sometimes useful to generate the same random sequence several times, e.g. on each run of a test suite. Whether to allow random number generators to be “seeded”, and what forms those seeds should take, is controversial. Initializing one kind of source may require more “seed” data than another would, so we can’t take the one-size-fits-all approach of srand(3) (C23 section 7.24.3.2) and other obsolete systems.

SRFI 27 allows random-source states to be manipulated as opaque objects, which does most of the job — you can save the sate of a SRFI 27 source and restore it later, although the SRFI doesn’t guarantee that states support an equivalence relation or have datum representations. These properties are essential for allowing random states to be written to disk and read back in during a later session.

In this SRFI I go a step further and propose bytevectors as a common representation of random-port states. While this may pose a challenge to adoption (current random source implementations use a wide range of state representations), it has many benefits. Bytevectors can be written, read, and compared for equality, which makes them a good vehicle for saving and restoring states. We also gain the ability to seed one random port from the output of another, obviating the need for procedures like SRFI 27’s random-source-randomize!. (To create a source with a hard-to-predict initial state, simply seed it with a cryptographic-quality port.)

Why ports?

Input ports have been in the Scheme Reports since the early days (the R2RS); thus they fit easily into existing programs, and they come with a wealth of standard inspection procedures (u8-ready?, etc.). In contrast, an opaque type like SRFI 27's random-source needs a fair amount of wheel-reinvention — procedures like the utterly elementary read-u8 have to be specified anew.

SRFI 194's generator-based interface is another option. SRFI 158 generators, however, are ill-defined, being no more than nullary Scheme procedures. There is no portable way to distinguish a generator from any other procedure. They mimic input ports in several ways, but there are important port operations that they cannot support in current Scheme. For example, it isn’t possible to write peek or ready? procedures for generators. Some have suggested adding general language features to address these weaknesses. We can look forward to a future Scheme in which ports and generators have all of the same features and compete, pointlessly, for control of every I/O domain.

Back to the point. Some of the standard port operations that are not available for SRFI 158 generators are useful for random ports. For example, in some cases it may be necessary for a random source to block, e.g. until sufficient entropy is available. With random ports, applying u8-ready? should be enough to alert you of this situation.

Specification

(call-with-port (crypto:make-random-port)
                make-random-port)

Compatibility

SRFI 27

SRFI 27’s random sources are very much like random ports, but they support a few operations that cannot be directly implemented in terms of SRFI 271 forms:

random-source?

Why not: Random ports are input ports, but SRFI 27 requires that random sources be of a disjoint type.

random-source-state-set!

random-source-randomize!

random-source-pseudo-randomize!

Why not: SRFI 271 does not provide operations for directly changing the state of an existing random port.

The state-mutation procedures, while rather ugly, pose no real difficulty and could be added as an extension of SRFI 271. There is, however, no way to satisfy SRFI 27’s type-disjointness requirement.

SRFI 194

Since SRFI 194 is built on SRFI 27’s random sources, it is not directly compatible with SRFI 271, but could be adapted to random ports without substantial changes. The missing pieces are, as far as I can tell, the default-random-source parameter (easily added), and procedures for drawing arbitrary integers or floating-point numbers from random ports. Implementing these procedures isn't trivial — getting a uniform distribution of floats from a random byte sequence is particularly tricky — but they will be a practical necessity, in any case, for all users of SRFI 271. (In view of this, a revision of SRFI 194 based on random-byte sources might be a Good Thing.)

Implementation

A portable implementation of random ports is currently impossible. A sample implementation of SRFI 271 developed for Gauche (running on POSIX systems) is available in the SRFI repository.

Acknowledgements

Thanks to John W. Cowan for helping to chip away everything in this SRFI that did not look like an elephant.

Thanks to Taylor Campbell and Alaric Snell-Pym for suggestions and elucidations. In particular, the definition of a cryptographic-quality source was adapted from Alaric’s description of the desirable properties of such a source; any inaccuracies in the SRFI’s version are my own doing.

Thanks to Peter McGoron and the other members of the R7RS Second Working Group for advice and discussion.

Thanks to those who provided feedback via the SRFI mailing list or on the #scheme IRC channel.

Of course, none of this should be taken to suggest that any of the people mentioned above endorse this SRFI.

References

S. Bradner, Key words for use in RFCs to Indicate Requirement Levels (RFC 2119), 1997. https://datatracker.ietf.org/doc/html/rfc2119

Hal Abelson et al, Revised Revised Report on Scheme (R2RS), August 1985.

Alex Shinn, John Cowan, & Arthur A. Gleckler, eds., Revised⁷ Report on the Algorithmic Language Scheme (R7RS Small), 2013. https://small.r7rs.org

Sebastiano Vigna, A PRNG shootout, (no publication date given). https://prng.di.unimi.it

ISO/IEC 9899:2024. Programming languages — C (C23). ISO/IEC, 2024.

Alaric Snell-Pym. Some thoughts on random number generation. Communication to the R7RS WG2 mailing list, March 2026.

Sebastian Egner. SRFI 27: Sources of random bits. https://srfi.schemers.org/srfi-27/, 2002.

Shiro Kawai, John Cowan, and Thomas Gilray. SRFI 158: Generators and Accumulators. https://srfi.schemers.org/srfi-158/, 2017.

Shiro Kawai, Arvydas Silanskas, Linas Vepštas, and John Cowan. SRFI 194: Random data generators. https://srfi.schemers.org/srfi-194/, 2020.

Taylor Campbell. Personal communication, 2025. Available on the R7RS issue tracker.

Copyright

© 2026 Wolfgang Corcoran-Mathe.

Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions:

The above copyright notice and this permission notice (including the next paragraph) shall be included in all copies or substantial portions of the Software.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.