I just tried to implement ISAAC from scratch, using the Jean-Philippe Aumasson paper from 2007 as a reference.
This paper gives a definition of the original ISAAC algorithm as well as the improved ISAAC+ algorithm.
JPA states in this paper that there are several flaws in ISAAC, and that ISAAC+ would fix those.
However, I noticed a bug in JPAs definition of ISAAC: In Step 5, the result of "f()" should be XORed with "a" before the addition. This XOR is present in the FSE'96 original paper of Jenkins where ISAAC is defined, but it is missing in the JPA paper.
But the XOR is not just missing in the description of ISAAC in JPA's paper, but also in Step 5 of the new improved ISAAC+ algorithm.
Now I wonder:
Did JPA possibly find all the claimed flaws because he was examining an implementation based on his own incorrect definition of ISAAC?
Does ISAAC+ make the same mistake? In its step 5 there is no XOR-operation either.
Or does ISAAC+'s modifications to steps 6 and 7 perhaps fix the problem created by the omission in step 5, because XOR-operations have been added there?
My doubts are intensified that R. Jenkins, the author of the original algorithm, claims the supposed biases do not exist. If JPA and RJ were actually speaking of different algorithms because of the XOR-omission in step 5, different evaluation results were to be expected.
Unfortunately, I was unable to find any reference implementation of ISAAC+, yet alone test vectors for comparison.
Therefore I wonder whether the proposed ISAAC+ from the paper is correct, or whether it is another mistake because JPA was using an XOR in step 5 of his actual implementation.
Is ISAAC+ really an improvement, or does it just fix mistakes its author has found after examining an incorrect implementation of the original ISAAC?
I also wonder whether someone her knows where to find implementation source code for ISAAC+ or test vectors for it.
