I think you've misunderstood my point. From ocular inspection of the code, the current 16 word value in the 2MB array is 'hashed' by applying AES encryption and this produces a new value and index into the array to store. Thus the uniform, random oracle, and thus non-patterned distribution of indices is assumed, otherwise an algorithm similar to a birthday attack can be applied to reduce the storage requirements in order to fun it faster on for example a GPU because more instances could be run simultaneously.
So, I'm trying to understand -- AES does not take in completely random input size and value, and output a consistent length string, but instead takes in a consistent length random value string, and outputs a consistent size string? The effect being that you have limited your sources of particular outputs (inputs) to strings of size 'x' rather than strings of any size?
If you are not concerned with keeping it CPU-only, then why call it "CPU only"? There are so many altcoins which have deceived on this point.
I would like to see a bounty raised for GPU miner, to prevent deception or groupthinking. Putting it in the headline gives the implication that it will be permanent to people seeing it for the first time.