DOCSLIB.ORG

On Statistical Distance Based Testing of Pseudo Random Sequences and Experiments with PHP and * Debian Openssl

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
On Statistical Distance Based Testing of Pseudo Random Sequences and Experiments with PHP and * Debian Openssl computers & security 53 (2015) 44e64 Available online at www.sciencedirect.com ScienceDirect journal homepage: www.elsevier.com/locate/cose On statistical distance based testing of pseudo random sequences and experiments with PHP and * Debian OpenSSL * Yongge Wang a, , Tony Nicol b a Dept. SIS, UNC Charlotte, Charlotte, NC 28223, USA b University of Liverpool, UK article info abstract Article history: NIST SP800-22 (2010) proposed the state of the art statistical testing techniques for testing Received 10 July 2014 the quality of (pseudo) random generators. However, it is easy to construct natural func- Received in revised form tions that are considered as GOOD pseudorandom generators by the NIST SP800-22 test 10 April 2015 suite though the output of these functions is easily distinguishable from the uniform Accepted 21 May 2015 distribution. This paper proposes solutions to address this challenge by using statistical Available online 2 June 2015 distance based testing techniques. We carried out both NIST tests and LIL based tests on commonly deployed pseudorandom generators such as the standard C linear congruential Keywords: generator, Mersenne Twister pseudorandom generator, and Debian Linux (CVE-2008-0166) Statistical testing pseudorandom generator with OpenSSL 0.9.8c-1. Based on experimental results, we illus- Pseudorandom generators trate the advantages of our LIL based testing over NIST testing. It is known that Debian The law of the iterated logarithm Linux (CVE-2008-0166) pseudorandom generator based on OpenSSL 0.9.8c-1 is flawed and Web security the output sequences are predictable. Our LIL tests on these sequences discovered the NIST randomness testing flaws in Debian Linux implementation. However, NIST SP800-22 test suite is not able to Statistical distance detect this flaw using the NIST recommended parameters. It is concluded that NIST SP800- OpenSSL 22 test suite is not sufficient and distance based LIL test techniques be included in statis- PHP random generator tical testing practice. It is also recommended that all pseudorandom generator imple- mentations be comprehensively tested using state-of-the-art statistically robust testing tools. © 2015 Elsevier Ltd. All rights reserved. random number generator in Debian's OpenSSL release CVE- 1. Introduction 2008-0166 is predictable. The weakness in Debian pseudo- random generator affected the security of OpenSSH, Apache The weakness in pseudorandom generators could be used to (mod_sl), the onion router (TOR), OpenVPN, and other appli- mount a variety of attacks on Internet security. It is reported cations (see, e.g., (Ahmad, 2008)). These examples show that it in the Debian Security Advisory DSA-1571-1 [5] that the is important to improve the quality of pseudorandom * An extended abstract of this paper appeared in ESORICS 2014. * Corresponding author. E-mail addresses: [email protected] (Y. Wang), [email protected] (T. Nicol). URL: http://www.sis.uncc.edu/~yonwang/ http://dx.doi.org/10.1016/j.cose.2015.05.005 0167-4048/© 2015 Elsevier Ltd. All rights reserved. computers & security 53 (2015) 44e64 45 * generators by designing systematic testing techniques to respectively. S ¼ {0,1} is the binary alphabet, S is the set of discover these weak implementations in the early stage of (finite) binary strings, Sn is the set of binary strings of length n, ∞ system development. and S is the set of infinite binary sequences. The length of a * Statistical tests are commonly used as a first step in string x is denoted by jxj. For strings x,y2S , xy is the determining whether or not a generator produces high quality concatenation of x and y, x8y denotes that x is an initial * ∞ random bits. For example, NIST SP800-22 Revision 1A (Rukhin segment of y. For a sequence x2S ∪S and a natural number et al., 2010) proposed the state of art statistical testing tech- n 0, x^n ¼ x½0::n À 1 denotes the initial segment of length n niques for determining whether a random or pseudorandom of x (x^n ¼ x½0::n À 1¼x if jxj n) while x[n] denotes the nth bit generator is suitable for a particular cryptographic applica- of x, i.e., x[0..nÀ1]¼x[0]…x[nÀ1]. tion. In a statistical test of Rukhin et al. (2010), a significance The concept of “effective similarity” by Goldwasser and level a2[0.001,0.01] is chosen for each test. For each input Micali (Goldwasser and Micali, 1984) and Yao (Yao, 1982)is sequence, a P-value is calculated and the input string is defined as follows: Let X ¼ {Xn}n2N and Y ¼ {Yn}n2N be two accepted as pseudorandom if P-value a. A pseudorandom probability ensembles such that each of Xn and Yn is a distri- generator is considered good if, with probability a, the se- bution over Sn. We say that X and Y are computationally (or quences produced by the generator fail the test. For an in- statistically) indistinguishable if for every feasible algorithm A depth analysis, NIST SP800-22 recommends additional sta- (or every algorithm A), the difference dAðnÞ¼jProb½AðXnÞ¼1À tistical procedures such as the examination of P-value distri- Prob½AðYnÞ¼1j is a negligible function in n. butions (e.g., using c2-test). In Section 3, we will show that Let l:N / N with l(n) n for all n2N and G be a polynomial- NIST SP800-22 test suite has inherent limitations with time computable algorithm such that jGðxÞj ¼ lðjxjÞ for all * straightforward Type II errors. Furthermore, our extensive x2S . Then G is a polynomial-time pseudorandom generator experiments (based on over 200 TB of random bits generated) if the ensembles {G(Un)}n2N and {Ul(n)}n2N are computationally show that NIST SP800-22 techniques could not detect the indistinguishable. weakness in the above mentioned pseudorandom generators. In order to address the challenges faced by NIST SP800-22, this paper designs a “behavioristic” testing approach which is 3. Limitations of NIST SP800-22 based on statistical distances. Based on this approach, the details of LIL testing techniques are developed. As an example, In this section, we show that NIST SP800-22 test suite has we carried out LIL testing on the flawed Debian Linux (CVE- inherent limitations with straightforward Type II errors. Our 2008-0166) pseudorandom generator based on OpenSSL first example is based on the following observation: for a “ ” 0.9.8c-1 and on the standard C linear congruential generator. function F that mainly outputs random strings but, with a As we expected, both of these pseudorandom generators probability , outputs biased strings (e.g., strings consisting ' “ ” failed the LIL testing since we know that the sequences pro- mainly of 0 s), F will be considered as a good pseudo- duced by these two generators are strongly predictable. random generator by NIST SP800-22 test though the output However, as we have mentioned earlier, our experiments of F could be distinguished from the uniform distribution show that the sequences produced by these two generators (thus, F is not a pseudorandom generator by definition). Let pass the NIST SP800-22 test suite using the recommended RANDc,n be the sets of Kolmogorov c-random binary strings parameters. In other words, NIST SP800-22 test suite with the of length n,wherec 1. That is, for a universal Turing recommended parameters has no capability in detecting machine M,let these known deviations from randomness. Furthermore, it is n RANDc;n ¼fx2f0; 1g : if MðyÞ ¼ x thenjyjjxjcg: (1) shown that for several pseudorandom generators (e.g., the linear congruential generator), the LIL test results on output Let a be a given significance level of NIST SP800-22 test and ℛ ℛn∪ℛn strings start off fine but deteriorate as the string length in- 2n ¼ 1 2 where creases beyond that which NIST can handle since NIST testing ℛn3 ℛn n a 1 RAND2;2n and 1 ¼ 2 ð 1 À Þ tool package has an integer overflow issue. n ℛn3f0nx : x2f0; 1g g and ℛn ¼ 2na: The paper is organized as follows. Section 2 introduces 2 2 n notations. Section 3 points out the limitation of NIST SP800-22 Furthermore, let fn : f0; 1g /ℛ2n be an ensemble of testing tools. Section 4 discusses the law of iterated logarithm random functions (not necessarily computable) such that f(x) (LIL). Section 5 reviews the normal approximation to binomial is chosen uniformly at random from ℛ2n. Then for each n-bit distributions. Section 6 introduces statistical distance based string x, with probability 1Àa, fn(x) is Kolmogorov 2-random a 2ℛn LIL tests. Section 7 reports distance based LIL testing experi- and with probability , fnðxÞ 2. mental results, and Section 8 reports some experimental re- It should be noted that, for each given significance level sults on LIL curves of commonly used random generators. a 0.1 and each test T from the 15 NIST SP800-22 tests, the Section 9 contains general discussions on OpenSSL random following condition is satisfied: generators. 2n jfx2f0; 1gn : x fails test T at significance level agj cT 2. Notations and pseudorandom generators for a constant cT[10. Thus one can construct a Turing ma- chine Ma,T with the following properties: for each string x of In this paper, N and Rþ denotes the set of natural numbers length n that fails the test T at the significance level a, there (starting from 0) and the set of non-negative real numbers, exists another string y such that Ma,T(y)¼x and jyj n À 3. In 46 computers & security 53 (2015) 44e64 other words, we can compress x for at least 3 bits. It follows accurate in deviation detection and avoids above type II errors that all Kolmogorov 2-random strings are guaranteed to pass in NIST SP800-22.
Load more

Recommended publications
  • Conditional Central Limit Theorems for Gaussian Projections
    1 Conditional Central Limit Theorems for Gaussian Projections Galen Reeves Abstract—This paper addresses the question of when projec- The focus of this paper is on the typical behavior when the tions of a high-dimensional random vector are approximately projections are generated randomly and independently of the Gaussian. This problem has been studied previously in the context random variables. Given an n-dimensional random vector X, of high-dimensional data analysis, where the focus is on low- dimensional projections of high-dimensional point clouds. The the k-dimensional linear projection Z is defined according to focus of this paper is on the typical behavior when the projections Z =ΘX, (1) are generated by an i.i.d. Gaussian projection matrix. The main results are bounds on the deviation between the conditional where Θ is a k n random matrix that is independent of X. distribution of the projections and a Gaussian approximation, Throughout this× paper it assumed that X has finite second where the conditioning is on the projection matrix. The bounds are given in terms of the quadratic Wasserstein distance and moment and that the entries of Θ are i.i.d. Gaussian random relative entropy and are stated explicitly as a function of the variables with mean zero and variance 1/n. number of projections and certain key properties of the random Our main results are bounds on the deviation between the vector. The proof uses Talagrand’s transportation inequality and conditional distribution of Z given Θ and a Gaussian approx- a general integral-moment inequality for mutual information.
    [Show full text]
  • A Note on Random Number Generation
    A note on random number generation Christophe Dutang and Diethelm Wuertz September 2009 1 1 INTRODUCTION 2 \Nothing in Nature is random. number generation. By \random numbers", we a thing appears random only through mean random variates of the uniform U(0; 1) the incompleteness of our knowledge." distribution. More complex distributions can Spinoza, Ethics I1. be generated with uniform variates and rejection or inversion methods. Pseudo random number generation aims to seem random whereas quasi random number generation aims to be determin- istic but well equidistributed. 1 Introduction Those familiars with algorithms such as linear congruential generation, Mersenne-Twister type algorithms, and low discrepancy sequences should Random simulation has long been a very popular go directly to the next section. and well studied field of mathematics. There exists a wide range of applications in biology, finance, insurance, physics and many others. So 2.1 Pseudo random generation simulations of random numbers are crucial. In this note, we describe the most random number algorithms At the beginning of the nineties, there was no state-of-the-art algorithms to generate pseudo Let us recall the only things, that are truly ran- random numbers. And the article of Park & dom, are the measurement of physical phenomena Miller (1988) entitled Random generators: good such as thermal noises of semiconductor chips or ones are hard to find is a clear proof. radioactive sources2. Despite this fact, most users thought the rand The only way to simulate some randomness function they used was good, because of a short on computers are carried out by deterministic period and a term to term dependence.
    [Show full text]
  • Package 'Randtoolbox'
    Package ‘randtoolbox’ January 31, 2020 Type Package Title Toolbox for Pseudo and Quasi Random Number Generation and Random Generator Tests Version 1.30.1 Author R port by Yohan Chalabi, Christophe Dutang, Petr Savicky and Di- ethelm Wuertz with some underlying C codes of (i) the SFMT algorithm from M. Mat- sumoto and M. Saito, (ii) the Knuth-TAOCP RNG from D. Knuth. Maintainer Christophe Dutang <[email protected]> Description Provides (1) pseudo random generators - general linear congruential generators, multiple recursive generators and generalized feedback shift register (SF-Mersenne Twister algorithm and WELL generators); (2) quasi random generators - the Torus algorithm, the Sobol sequence, the Halton sequence (including the Van der Corput sequence) and (3) some generator tests - the gap test, the serial test, the poker test. See e.g. Gentle (2003) <doi:10.1007/b97336>. The package can be provided without the rngWELL dependency on demand. Take a look at the Distribution task view of types and tests of random number generators. Version in Memoriam of Diethelm and Barbara Wuertz. Depends rngWELL (>= 0.10-1) License BSD_3_clause + file LICENSE NeedsCompilation yes Repository CRAN Date/Publication 2020-01-31 10:17:00 UTC R topics documented: randtoolbox-package . .2 auxiliary . .3 coll.test . .4 coll.test.sparse . .6 freq.test . .8 gap.test . .9 get.primes . 11 1 2 randtoolbox-package getWELLState . 12 order.test . 12 poker.test . 14 pseudoRNG . 16 quasiRNG . 22 rngWELLScriptR . 26 runifInterface . 27 serial.test . 29 soboltestfunctions . 31 Index 33 randtoolbox-package General remarks on toolbox for pseudo and quasi random number generation Description The randtoolbox-package started in 2007 during an ISFA (France) working group.
    [Show full text]
  • Gretl User's Guide
    Gretl User’s Guide Gnu Regression, Econometrics and Time-series Allin Cottrell Department of Economics Wake Forest university Riccardo “Jack” Lucchetti Dipartimento di Economia Università Politecnica delle Marche December, 2008 Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation (see http://www.gnu.org/licenses/fdl.html). Contents 1 Introduction 1 1.1 Features at a glance ......................................... 1 1.2 Acknowledgements ......................................... 1 1.3 Installing the programs ....................................... 2 I Running the program 4 2 Getting started 5 2.1 Let’s run a regression ........................................ 5 2.2 Estimation output .......................................... 7 2.3 The main window menus ...................................... 8 2.4 Keyboard shortcuts ......................................... 11 2.5 The gretl toolbar ........................................... 11 3 Modes of working 13 3.1 Command scripts ........................................... 13 3.2 Saving script objects ......................................... 15 3.3 The gretl console ........................................... 15 3.4 The Session concept ......................................... 16 4 Data files 19 4.1 Native format ............................................. 19 4.2 Other data file formats ....................................... 19 4.3 Binary databases ..........................................
    [Show full text]
  • Multivariate Statistics Chapter 5: Multidimensional Scaling
    Multivariate Statistics Chapter 5: Multidimensional scaling Pedro Galeano Departamento de Estad´ıstica Universidad Carlos III de Madrid [email protected] Course 2017/2018 Master in Mathematical Engineering Pedro Galeano (Course 2017/2018) Multivariate Statistics - Chapter 5 Master in Mathematical Engineering 1 / 37 1 Introduction 2 Statistical distances 3 Metric MDS 4 Non-metric MDS Pedro Galeano (Course 2017/2018) Multivariate Statistics - Chapter 5 Master in Mathematical Engineering 2 / 37 Introduction As we have seen in previous chapters, principal components and factor analysis are important dimension reduction tools. However, in many applied sciences, data is recorded as ranked information. For example, in marketing, one may record \product A is better than product B". Multivariate observations therefore often have mixed data characteristics and contain information that would enable us to employ one of the multivariate techniques presented so far. Multidimensional scaling (MDS) is a method based on proximities between ob- jects, subjects, or stimuli used to produce a spatial representation of these items. MDS is a dimension reduction technique since the aim is to find a set of points in low dimension (typically two dimensions) that reflect the relative configuration of the high-dimensional data objects. Pedro Galeano (Course 2017/2018) Multivariate Statistics - Chapter 5 Master in Mathematical Engineering 3 / 37 Introduction The proximities between objects are defined as any set of numbers that express the amount of similarity or dissimilarity between pairs of objects. In contrast to the techniques considered so far, MDS does not start from a n×p dimensional data matrix, but from a n × n dimensional dissimilarity or distance 0 matrix, D, with elements δii 0 or dii 0 , respectively, for i; i = 1;:::; n.
    [Show full text]
  • Scope of Various Random Number Generators in Ant System Approach for Tsp
    AC 2007-458: SCOPE OF VARIOUS RANDOM NUMBER GENERATORS IN ANT SYSTEM APPROACH FOR TSP S.K. Sen, Florida Institute of Technology Syamal K Sen ([email protected]) is currently a professor in the Dept. of Mathematical Sciences, Florida Institute of Technology (FIT), Melbourne, Florida. He did his Ph.D. (Engg.) in Computational Science from the prestigious Indian Institute of Science (IISc), Bangalore, India in 1973 and then continued as a faculty of this institute for 33 years. He was a professor of Supercomputer Computer Education and Research Centre of IISc during 1996-2004 before joining FIT in January 2004. He held a Fulbright Fellowship for senior teachers in 1991 and worked in FIT. He also held faculty positions, on leave from IISc, in several universities around the globe including University of Mauritius (Professor, Maths., 1997-98), Mauritius, Florida Institute of Technology (Visiting Professor, Math. Sciences, 1995-96), Al-Fateh University (Associate Professor, Computer Engg, 1981-83.), Tripoli, Libya, University of the West Indies (Lecturer, Maths., 1975-76), Barbados.. He has published over 130 research articles in refereed international journals such as Nonlinear World, Appl. Maths. and Computation, J. of Math. Analysis and Application, Simulation, Int. J. of Computer Maths., Int. J Systems Sci., IEEE Trans. Computers, Internl. J. Control, Internat. J. Math. & Math. Sci., Matrix & Tensor Qrtly, Acta Applicande Mathematicae, J. Computational and Applied Mathematics, Advances in Modelling and Simulation, Int. J. Engineering Simulation, Neural, Parallel and Scientific Computations, Nonlinear Analysis, Computers and Mathematics with Applications, Mathematical and Computer Modelling, Int. J. Innovative Computing, Information and Control, J. Computational Methods in Sciences and Engineering, and Computers & Mathematics with Applications.
    [Show full text]
  • Gretl 1.6.0 and Its Numerical Accuracy - Technical Supplement
    GRETL 1.6.0 AND ITS NUMERICAL ACCURACY - TECHNICAL SUPPLEMENT A. Talha YALTA and A. Yasemin YALTA∗ Department of Economics, Fordham University, New York 2007-07-13 This supplement provides detailed information regarding both the procedure and the results of our testing GRETL using the univariate summary statistics, analysis of variance, linear regression, and nonlinear least squares benchmarks of the NIST Statis- tical Reference Datasets (StRD), as well as verification of the random number generator and the accuracy of statistical distributions used for calculating critical values. The numbers of accurate digits (NADs) for testing the StRD datasets are also supplied and compared with several commercial packages namely SAS v6.12, SPSS v7.5, S-Plus v4.0, Stata 7, and Gauss for Windows v3.2.37. We did not perform any accuracy tests of the latest versions of these programs and the results that we supply for packages other than GRETL 1.6.0 are those independently verified and published by McCullough (1999a), McCullough and Wilson (2002), and Vinod (2000) previously. Readers are also referred to McCullough (1999b) and Keeling and Pavur (2007), which examine software accuracy and supply the NADS across four and nine software packages at once respectively. Since all these programs perform calculations using 64-bit floating point arithmetic, discrepan- cies in results are caused by differences in algorithms used to perform various statistical operations. 1 Numerical tests of the NIST StRD benchmarks For the StRD reference data sets, NIST provides certified values calculated with multiple precision in 500 digits of accuracy, which were later rounded to 15 significant digits (11 for nonlinear least squares).
    [Show full text]
  • 3 Uniform Random Numbers 3 3.1 Random and Pseudo-Random Numbers
    Contents 3 Uniform random numbers 3 3.1 Random and pseudo-random numbers . 3 3.2 States, periods, seeds, and streams . 5 3.3 U(0; 1) random variables . 8 3.4 Inside a random number generator . 10 3.5 Uniformity measures . 12 3.6 Statistical tests of random numbers . 15 3.7 Pairwise independent random numbers . 17 End notes . 18 Exercises . 20 1 2 Contents © Art Owen 2009{2013 do not distribute or post electronically without author's permission 3 Uniform random numbers Monte Carlo methods require a source of randomness. For the convenience of the users, random numbers are delivered as a stream of independent U(0; 1) random variables. As we will see in later chapters, we can generate a vast assortment of random quantities starting with uniform random numbers. In practice, for reasons outlined below, it is usual to use simulated or pseudo- random numbers instead of genuinely random numbers. This chapter looks at how to make good use of random number generators. That begins with selecting a good one. Sometimes it ends there too, but in other cases we need to learn how best to set seeds and organize multiple streams and substreams of random numbers. This chapter also covers quality criteria for ran- dom number generators, briefly discusses the most commonly used algorithms, and points out some numerical issues that can trap the unwary. 3.1 Random and pseudo-random numbers It would be satisfying to generate random numbers from a process that accord- ing to well established understanding of physics is truly random.
    [Show full text]
  • A Recap of Randomness the Mersene Twister Xorshift Linear
    Programmatic Entropy: Exploring the Most Prominent PRNGs Jared Anderson, Evan Bause, Nick Pappas, Joshua Oberlin A Recap of Randomness Random number generating algorithms are rated by two primary measures: entropy - the measure of disorder in the numbers created and period - how long it takes before the PRNG begins to inevitably cycle its pattern. While high entropy and a long period are desirable traits, it is Xorshift sometimes necessary to settle for a less intense method of random Linear Congruential Generators Xorshift random number generators are an extremely fast and number generation to not sacrifice performance of the product the PRNG efficient type of PRNG discovered by George Marsaglia. An xorshift is required for. However, in the real world PRNGs must also be evaluated PRNG works by taking the exclusive or (xor) of a computer word with a for memory footprint, CPU requirements, and speed. shifted version of itself. For a single integer x, an xorshift operation can In this poster we will explore three of the major types of PRNGs, their produce a sequence of 232 - 1 random integers. For a pair of integers x, history, their inner workings, and their uses. y, it can produce a sequence of 264 - 1 random integers. For a triple x, y, z, it can produce a sequence of 296 - 1, and so on. The Mersene Twister The Mersenne Twister is the most widely used general purpose pseudorandom number generator today. A Mersenne prime is a prime number that is one less than a power of two, and in the case of a 19937 mersenne twister, is its chosen period length (most commonly 2 −1).
    [Show full text]
  • 1. Monte Carlo Integration
    1. Monte Carlo integration The most common use for Monte Carlo methods is the evaluation of integrals. This is also the basis of Monte Carlo simulations (which are actually integrations). The basic principles hold true in both cases. 1.1. Basics Basic idea becomes clear from the • “dartboard method” of integrating the area of an irregular domain: Choose points randomly within the rectangular box A # hits inside area = p(hit inside area) Abox # hits inside box as the # hits . ! 1 1 Buffon’s (1707–1788) needle experiment to determine π: • – Throw needles, length l, on a grid of lines l distance d apart. – Probability that a needle falls on a line: d 2l P = πd – Aside: Lazzarini 1901: Buffon’s experiment with 34080 throws: 355 π = 3:14159292 ≈ 113 Way too good result! (See “π through the ages”, http://www-groups.dcs.st-and.ac.uk/ history/HistTopics/Pi through the ages.html) ∼ 2 1.2. Standard Monte Carlo integration Let us consider an integral in d dimensions: • I = ddxf(x) ZV Let V be a d-dim hypercube, with 0 x 1 (for simplicity). ≤ µ ≤ Monte Carlo integration: • - Generate N random vectors x from flat distribution (0 (x ) 1). i ≤ i µ ≤ - As N , ! 1 V N f(xi) I : N iX=1 ! - Error: 1=pN independent of d! (Central limit) / “Normal” numerical integration methods (Numerical Recipes): • - Divide each axis in n evenly spaced intervals 3 - Total # of points N nd ≡ - Error: 1=n (Midpoint rule) / 1=n2 (Trapezoidal rule) / 1=n4 (Simpson) / If d is small, Monte Carlo integration has much larger errors than • standard methods.
    [Show full text]
  • Ziggurat Revisited
    Ziggurat Revisited Dirk Eddelbuettel RcppZiggurat version 0.1.3 as of July 25, 2015 Abstract Random numbers following a Standard Normal distribution are of great importance when using simulations as a means for investigation. The Ziggurat method (Marsaglia and Tsang, 2000; Leong, Zhang, Lee, Luk, and Villasenor, 2005) is one of the fastest methods to generate normally distributed random numbers while also providing excellent statistical properties. This note provides an updated implementations of the Ziggurat generator suitable for 32- and 64-bit operating system. It compares the original implementations to several popular Open Source implementations. A new implementation embeds the generator into an appropriate C++ class structure. The performance of the different generator is investigated both via extended timing and through a series of statistical tests, including a suggested new test for testing Normal deviates directly. Integration into other systems such as R is discussed as well. 1 Introduction Generating random number for use in simulation is a classic topic in scientific computing and about as old as the field itself. Most algorithms concentrate on the uniform distribution. Its values can be used to generate randomly distributed values from other distributions simply by using the relevant inverse function. Regarding terminology, all computational algorithms for generation of random numbers are by definition deterministic. Here, we follow standard convention and refer to such numbers as pseudo-random as they can always be recreated given the seed value for a given sequence. We are not concerned in this note with quasi-random numbers (also called low-discrepnancy sequences). We consider this topic to be subset of pseudo-random numbers subject to distributional constraints.
    [Show full text]
  • Gretl Manual
    Gretl Manual Gnu Regression, Econometrics and Time-series Library Allin Cottrell Department of Economics Wake Forest University August, 2005 Gretl Manual: Gnu Regression, Econometrics and Time-series Library by Allin Cottrell Copyright © 2001–2005 Allin Cottrell Permission is granted to copy, distribute and/or modify this document under the terms of the GNU Free Documentation License, Version 1.1 or any later version published by the Free Software Foundation (see http://www.gnu.org/licenses/fdl.html). iii Table of Contents 1. Introduction........................................................................................................................................... 1 Features at a glance ......................................................................................................................... 1 Acknowledgements .......................................................................................................................... 1 Installing the programs................................................................................................................... 2 2. Getting started ...................................................................................................................................... 4 Let’s run a regression ...................................................................................................................... 4 Estimation output............................................................................................................................. 6 The
    [Show full text]