Support .jump()?

[tabatkins]

A number of prng libraries support the ability to quickly "jump" a specified distance down the value sequence, without having to actually generate all the intermediate values manually.

Is this worth adding? It's somewhat dependent on the algo - some don't have any shortcut for this so the impl would end up just being a trivial for loop anyway. But I think the ChaCha algos do have a faster way to jump their states.

[bakkot]

If the state is very large, you want this so you can store seed+offset instead of the internal state and use that to resume later.

And if the period is small, you want this so you can use different sections of the output cycle on different threads and be guaranteed they don't overlap for some reasonable length of time.

But I'm not actually aware of a reason to want this when the state is small enough to be feasible to store and the PRNG has a large period, which it would be for ChaCha (in Go's implementation, 33 bytes and I'm not totally sure but something like 2**128, respectively).

Also, caveat, I don't think Go's implementation supports jumping, because it uses part of the output from every 16th block to re-key the cipher instead of just using the same key and incrementing a counter for every block. PCG does though. Or we could use Rust's implementation, for which jumping is trivial but then you don't get forward secrecy (i.e., having the state allows you to generate all previously-generated values).