On my thermally-limited laptop, aes-128-ctr runs at over 9 GB/s. If pure speed is the goal, then AES-NI is faster than the fastest PRNG. Seek to a deterministic point by advancing the counter. Choose random seed with a fresh key. What more could you want? ("portable speed!")
You can eek out another 10% or so if you dial it back to the recommendations of the "too much crypto" paper:
9x AES rounds (versus 10).
You can eek out another 10% or so if you dial it back to the recommendations of the "too much crypto" paper: 9x AES rounds (versus 10).
https://eprint.iacr.org/2019/1492