Fast Splittable Pseudorandom Number Generators

Total Page:16

File Type:pdf, Size:1020Kb

Fast Splittable Pseudorandom Number Generators Fast Splittable Pseudorandom Number Generators Guy L. Steele Jr. Doug Lea Christine H. Flood Oracle Labs SUNY Oswego Red Hat Inc [email protected] [email protected] [email protected] Abstract 1. Introduction and Background We describe a new algorithm SPLITMIX for an object- Many programming language environments provide a pseu- oriented and splittable pseudorandom number generator dorandom number generator (PRNG), a deterministic algo- (PRNG) that is quite fast: 9 64-bit arithmetic/logical opera- rithm to generate a sequence of values that is likely to pass tions per 64 bits generated. A conventional linear PRNG ob- certain statistical tests for “randomness.” Such an algorithm ject provides a generate method that returns one pseudoran- is typically described as a finite-state machine defined by dom value and updates the state of the PRNG, but a splittable a transition function τ, an output function µ, and an ini- PRNG object also has a second operation, split, that replaces tial state (or seed) s0; the generated sequence is zj where the original PRNG object with two (seemingly) independent sj = τ(sj−1) and zj = µ(sj) for all j ≥ 1. (An alternate PRNG objects, by creating and returning a new such object formulation is sj = τ(sj−1) and zj = µ(sj−1) for all j ≥ 1, and updating the state of the original object. Splittable PRNG which may be more efficient when implemented on a super- objects make it easy to organize the use of pseudorandom scalar processor because it allows τ(sj−1) and µ(sj−1) to numbers in multithreaded programs structured using fork- be computed in parallel.) Because the state is finite, the se- join parallelism. No locking or synchronization is required quence of generated states, and therefore also the sequence (other than the usual memory fence immediately after ob- of generated values, will necessarily repeat, falling into a cy- ject creation). Because the generate method has no loops or cle (possibly after some initial subsequence that is not re- conditionals, it is suitable for SIMD or GPU implementation. peated, but in practice PRNG algorithms are designed so as We derive SPLITMIX from the DOTMIX algorithm of not to “waste state,” so that in fact any given initial state s0 Leiserson, Schardl, and Sukha by making a series of pro- will recur). The length L of the cycle is called the period of gram transformations and engineering improvements. The the PRNG, and si = sj iff i ≡ j mod L. end result is an object-oriented version of the purely func- Characteristics of PRNG algorithms and their implemen- tional API used in the Haskell library for over a decade, but tations that are of practical interest include period, speed, SPLITMIX is faster and produces pseudorandom sequences quality (ability to pass statistical tests), size of code, size of of higher quality; it is also far superior in quality and speed data (some algorithms require large tables or arrays), ease to java.util.Random, and has been included in Java JDK8 of jumping forward (skipping over intermediate states), par- as the class java.util.SplittableRandom. tionability or splittability (for use by multiple threads operat- We have tested the pseudorandom sequences produced ing in parallel), reproducibility (the ability to run a program by SPLITMIX using two standard statistical test suites twice from a specified starting state and get exactly the same (DieHarder and TestU01) and they appear to be adequate results, even if parallel computation is involved), and unpre- for “everyday” use, such as in Monte Carlo algorithms and dictability (how difficult it is to predict the next output given randomized data structures where speed is important. preceding outputs). These characteristics trade off, and so Categories and Subject Descriptors G.3 [Mathematics different applications typically require different algorithms. of Computing]: Random number generation; D.1.3 [Soft- A linear congruential generator (LCG) [13, x3.2.1] has ware]: Programming techniques—Concurrent programming as its state a nonnegative integer less than some modulus M General Terms Algorithms, Performance (which is typically either a prime number or a power of 2); Keywords collections, determinism, Java, multithreading, the transition function is τ(s) = (a · s + c) mod M and nondeterminism, object-oriented, parallel computing, pedi- the output function is just the identity function µ(s) = s. gree, pseudorandom, random number generator, recursive The Unix library function rand48 uses this algorithm with splitting, Scala, spliterator, splittable data structures, streams a = 25214903917 = 0x5DEECE66Dull, c = 11 = 0xB, and M = 248. Ever since the original JavaTM Language Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed Specification [10] in 1995, the class java.util.Random for profit or commercial advantage and that copies bear this notice and the full citation has been specified to use this same algorithm (see Figure 1). on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, This code is simple, concise, and adequate for its originally to post on servers or to redistribute to lists, requires prior specific permission and/or a intended purpose: to supply pseudorandomly generated val- fee. Request permissions from [email protected]. ues to be used relatively infrequently by a smallish number OOPSLA ’14, October 20–24, 2014, Portland, OR, USA. Copyright c 2014 ACM 978-1-4503-2585-1/14/10. $15.00. of concurrent threads running within a set-top box or web http://dx.doi.org/10.1145/2660193.2660195 453 public class Random { unsigned long xorwow() { protected long seed; static unsigned long public Random() { x=123456789, y=362436069, z=521288629, this(System.currentTimeMillis()); } w=88675123, v=5783321, d=6615241; public Random(long seed) { setSeed(seed); } unsigned long t=(x^(x>>2)); synchronized public void setSeed(long seed) { x=y; y=z; z=w; w=v; v=(v^(v<<4))^(t^(t<<1)); this.seed = (seed ^ 0x5DEECE66DL) return (d+=362437)+v; } & ((1L << 48) - 1); } synchronized protected int next(int bits) { The period of XORWOW is pretty good (232(2160 − 1) = seed = (seed * 0x5DEECE66DL + 0xBL) 2192 − 232), and generation of one 32-bit value requires just & ((1L << 48) - 1); 9 arithmetic operations: 3 shifts, 4 XORs, and 2 adds. (There return (int)(seed >>> (48 - bits)); } are also a number of assignment operations, which could be public int nextInt() { return next(32); } optimized away in the context of a suitably unrolled loop.) public int nextLong() { Unfortunately, while XORWOW is also fairly fast, very recent return ((long)next(32) << 32) + next(32); } testing [29] has also revealed statistical flaws. public double nextDouble() { There are other PRNG algorithms with much longer pe- return (((long)next(26) << 27) + next(27)) riod that produce sequences of much higher quality, but they / (double)(1L << 53); } are slower. These include the Mersenne Twister [23], which } is related to LFSR algorithms in relying on bit-shifting and Figure 1. The essence of java.util.Random bitwise operations, and MRG32k3a [9], which is related to LCG algorithms in relying on computation of linear formu- browser. It has a number of drawbacks, however, that make lae modulo prime numbers. There are also many PRNG algo- it inappropriate for use in “serious” applications: (1) Its short rithms, such as those in java.security.secureRandom, period (consider that 248 nanoseconds is less than 80 hours). that produce pseudorandom sequences of superb quality, (2) While the rand48 algorithm was considered to be of rel- suitable for use in cryptographic and security applications, atively high quality when introduced in 1982 [28], more re- but their algorithms are substantially slower. cent tests [17] have uncovered significant flaws in its statis- The algorithms we have described so far are sequential tical behavior. (3) While it is thread-safe, thanks to its use (single-threaded), but there is a need for algorithms that are of synchronization locks, it is not thread-efficient: if many effective in a parallel (SIMD or multi-threaded) computing threads share a single instance of Random, then contention environment. One approach is to partition the cycle of an for the lock may become a performance bottleneck. (4) On otherwise sequential PRNG algorithm. This is simple if there the other hand, if many instances of class Random are cre- is a cheap way to “jump forward” n steps from any given ated, one for each thread, there is no guarantee that the val- state s by using some computational shortcut to compute ues collectively generated by those many instances will be as τ n(s). (For example, if τ(s) = (a · s) mod M then τ n(s) = statistically pseudorandom as if they had been generated by (an mod M) · s mod M, and it may be possible to compute a single instance of class Random. (If 256 threads each have (or precompute) an mod M cheaply.) This approach works a Random object with its initial seed chosen at random, and well when the number of threads N to be used is known then each thread generates 232 values, it is more likely than at the start of a computation: if a PRNG has period L, then not, thanks to the Birthday Paradox, that two of the gener- a global initial state s0 is chosen and then the PRNG for ib L c ated sequences will have some overlap.) thread i is given initial state τ N (s0). The MRG32k3a Another kind of finite-state machine used for this purpose algorithm does have a good shortcut for jumping ahead (it is the linear feedback shift register (LFSR), in which the requires precomputation of two 3×3 matrices), and there is a state is a vector of bits contained in a shift register; the tran- software package RngStream that uses such jumping ahead sition function shifts the register by one position, shifting in for partitioning its cycle into streams and substreams [19].
Recommended publications
  • Analisis Dan Perbandingan Berbagai Algoritma Pembangkit Bilangan Acak
    Analisis dan Perbandingan berbagai Algoritma Pembangkit Bilangan Acak Micky Yudi Utama - 13514011 Program Studi Teknik Informatika Sekolah Teknik Elektro dan Informatika Institut Teknologi Bandung, Jl. Ganesha 10 Bandung 40132, Indonesia [email protected] Abstrak—Makalah ini bertujuan untuk membandingkan dan Terdapat banyak algoritma yang telah dibuat untuk menganalisis berbagai pembangkit bilangan acak yang sudah membangkitkan bilangan acak, seperti Mersenne Twister dan dibangun. Pembangkit bilangan acak memiliki peranan yang luas variannya, HC-256, ChaCha20, ISAAC64, PCG dan dalam berbagai bidang. Oleh karena itu, perlu diketahui variannya, xoroshiro128+, xorshift+, Random123, dll. Setiap kelebihan dan kekurangan dari setiap pembangkit bilangan acak, agar dapat ditentukan algoritma yang akan digunakan pada algoritma tentu memiliki kelebihan dan kelemahan domain tertentu. Algoritma yang akan dianalisis adalah masing-masing. Oleh karena itu, pada makalah ini, akan Mersenne Twister, xoroshiro128+, PCG, SplitMix, dan Lehmer. dilakukan eksperimen dan analisis terhadap beberapa algoritma Untuk masing-masing algoritma, akan dilakukan pengukuran PRNG. Algoritma yang dipilih adalah dua varian dari kualitas statistik dengan TestU01 dan kecepatannya. Selain itu, Mersenne Twister yakni MT19937 dan SFMT dikarenakan akan dianalisis kompleksitas, penggunaan memori, dan periode banyaknya penggunaan Mersenne Twister dalam berbagai dari masing-masing algoritma. aplikasi. Selain itu, dipilih juga xoroshiro128+ dan PCG yang dianggap sebagai dua algoritma terbaik saat ini. Kemudian, Kata kunci—Pembangkit bilangan acak, kelebihan, dipilih SplitMix sebagai salah satu algoritma yang cukup baru kekurangan, TestU01 dan terkenal. Yang terakhir, dipilih Lehmer64 yang merupakan I. PENDAHULUAN pengembangan dari LCG. Tujuan dari makalah ini adalah untuk mengetahui kelebihan Pembangkit bilangan acak merupakan salah satu aplikasi dan kekurangan dari masing-masing algoritma.
    [Show full text]
  • CUDA Toolkit 4.2 CURAND Guide
    CUDA Toolkit 4.2 CURAND Guide PG-05328-041_v01 | March 2012 Published by NVIDIA Corporation 2701 San Tomas Expressway Santa Clara, CA 95050 Notice ALL NVIDIA DESIGN SPECIFICATIONS, REFERENCE BOARDS, FILES, DRAWINGS, DIAGNOSTICS, LISTS, AND OTHER DOCUMENTS (TOGETHER AND SEPARATELY, "MATERIALS") ARE BEING PROVIDED "AS IS". NVIDIA MAKES NO WARRANTIES, EXPRESSED, IMPLIED, STATUTORY, OR OTHERWISE WITH RESPECT TO THE MATERIALS, AND EXPRESSLY DISCLAIMS ALL IMPLIED WARRANTIES OF NONINFRINGEMENT, MERCHANTABILITY, AND FITNESS FOR A PARTICULAR PURPOSE. Information furnished is believed to be accurate and reliable. However, NVIDIA Corporation assumes no responsibility for the consequences of use of such information or for any infringement of patents or other rights of third parties that may result from its use. No license is granted by implication or otherwise under any patent or patent rights of NVIDIA Corporation. Specifications mentioned in this publication are subject to change without notice. This publication supersedes and replaces all information previously supplied. NVIDIA Corporation products are not authorized for use as critical components in life support devices or systems without express written approval of NVIDIA Corporation. Trademarks NVIDIA, CUDA, and the NVIDIA logo are trademarks or registered trademarks of NVIDIA Corporation in the United States and other countries. Other company and product names may be trademarks of the respective companies with which they are associated. Copyright Copyright ©2005-2012 by NVIDIA Corporation. All rights reserved. CUDA Toolkit 4.2 CURAND Guide PG-05328-041_v01 | 1 Portions of the MTGP32 (Mersenne Twister for GPU) library routines are subject to the following copyright: Copyright ©2009, 2010 Mutsuo Saito, Makoto Matsumoto and Hiroshima University.
    [Show full text]
  • A Random Number Generator for Lightweight Authentication Protocols: Xorshiftr+
    Turkish Journal of Electrical Engineering & Computer Sciences Turk J Elec Eng & Comp Sci (2017) 25: 4818 { 4828 http://journals.tubitak.gov.tr/elektrik/ ⃝c TUB¨ ITAK_ Research Article doi:10.3906/elk-1703-361 A random number generator for lightweight authentication protocols: xorshiftR+ Umut Can C¸ABUK, Omer¨ AYDIN∗, G¨okhanDALKILIC¸ Department of Computer Engineering, Faculty of Engineering, Dokuz Eyl¨ulUniversity, Izmir,_ Turkey Received: 30.03.2017 • Accepted/Published Online: 05.09.2017 • Final Version: 03.12.2017 Abstract: This paper presents the results of research that aims to find a suitable, reliable, and lightweight pseudorandom number generator for constrained devices used in the Internet of things. Within the study, three reduced versions of the xorshift+ generator are built. They are tested using the TestU01 suite as well as the NIST suite to measure their ability to produce randomness and performance values along with some other existing generators. The best of our reduced variations according to our tests, called the xorshiftR+, demonstrated great suitability for lightweight devices considering its randomness, performance, and resource usage. Key words: TestU01, xorshift, lightweight cryptography, Internet of things 1. Introduction The rapidly emerging concept of the Internet of things (IoT) brings new approaches to everyday problems as well as industrial applications. These approaches rely on bundles of cheap, efficient, and dedicated networked devices that work and communicate continuously. These so-called lightweight devices of the IoT have limited power, space, and computation resources; hence, there is a huge need for developing suitable security protocols and methodologies tailored for those. Furthermore, most of the contemporary security protocols are not optimized for lightweight environments and require more sources than IoT devices may efficiently provide.
    [Show full text]
  • High-Performance Pseudo-Random Number Generation on Graphics Processing Units
    High-Performance Pseudo-Random Number Generation on Graphics Processing Units Nimalan Nandapalan1, Richard P. Brent1;2, Lawrence M. Murray3, and Alistair Rendell1 1 Research School of Computer Science, The Australian National University 2 Mathematical Sciences Institute, The Australian National University 3 CSIRO Mathematics, Informatics and Statistics Abstract. This work considers the deployment of pseudo-random num- ber generators (PRNGs) on graphics processing units (GPUs), devel- oping an approach based on the xorgens generator to rapidly produce pseudo-random numbers of high statistical quality. The chosen algorithm has configurable state size and period, making it ideal for tuning to the GPU architecture. We present a comparison of both speed and statistical quality with other common parallel, GPU-based PRNGs, demonstrating favourable performance of the xorgens-based approach. Keywords: Pseudo-random number generation, graphics processing units, Monte Carlo 1 Introduction Motivated by compute-intense Monte Carlo methods, this work considers the tailoring of pseudo-random number generation (PRNG) algorithms to graph- ics processing units (GPUs). Monte Carlo methods of interest include Markov chain Monte Carlo (MCMC) [5], sequential Monte Carlo [4] and most recently, particle MCMC [1], with numerous applications across the physical, biological and environmental sciences. These methods demand large numbers of random variates of high statistical quality. We have observed in our own work that, after acceleration of other components of a Monte Carlo program on GPU [13, 14], the PRNG component, still executing on the CPU, can bottleneck the whole pro- cedure, failing to produce numbers as fast as the GPU can consume them. The aim, then, is to also accelerate the PRNG component on the GPU, without com- promising the statistical quality of the random number sequence, as demanded by the target Monte Carlo applications.
    [Show full text]
  • Accelerating Probabilistic Computing with a Stochastic Processing Unit
    Accelerating Probabilistic Computing with a Stochastic Processing Unit by Xiangyu Zhang Department of Electrical and Computer Engineering Duke University Date: Approved: Alvin R. Lebeck, Advisor Hai Li Sayan Mukherjee Daniel J. Sorin Lisa Wu Wills Dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Department of Electrical and Computer Engineering in the Graduate School of Duke University 2020 Abstract Accelerating Probabilistic Computing with a Stochastic Processing Unit by Xiangyu Zhang Department of Electrical and Computer Engineering Duke University Date: Approved: Alvin R. Lebeck, Advisor Hai Li Sayan Mukherjee Daniel J. Sorin Lisa Wu Wills An abstract of a dissertation submitted in partial fulfillment of the requirements for the degree of Doctor of Philosophy in the Department of Electrical and Computer Engineering in the Graduate School of Duke University 2020 Copyright c 2020 by Xiangyu Zhang All rights reserved except the rights granted by the Creative Commons Attribution-Noncommercial Licence Abstract Statistical machine learning becomes a more important workload for computing sys- tems than ever before. Probabilistic computing is a popular approach in statistical machine learning, which solves problems by iteratively generating samples from pa- rameterized distributions. As an alternative to Deep Neural Networks, probabilistic computing provides conceptually simple, compositional, and interpretable models. However, probabilistic algorithms are often considered too slow on the conventional processors due to sampling overhead to 1) computing the parameters of a distribu- tion and 2) generating samples from the parameterized distribution. A specialized architecture is needed to address both the above aspects. In this dissertation, we claim a specialized architecture is necessary and feasible to efficiently support various probabilistic computing problems in statistical machine learning, while providing high-quality and robust results.
    [Show full text]
  • Arxiv:1811.04035V1 [Cs.CR] 3 Nov 2018 Generated Random Numbers for Various Purposes
    A Search for Good Pseudo-random Number Generators : Survey and Empirical Studies a a a, Kamalika Bhattacharjee , Krishnendu Maity , Sukanta Das ∗ aDepartment of Information Technology, Indian Institute of Engineering Science and Technology, Shibpur, West Bengal, India 711103 Abstract In today’s world, several applications demand numbers which appear random but are generated by a background algorithm; that is, pseudo-random num- bers. Since late 19th century, researchers have been working on pseudo-random number generators (PRNGs). Several PRNGs continue to develop, each one de- manding to be better than the previous ones. In this scenario, this paper targets to verify the claim of so-called good generators and rank the existing genera- tors based on strong empirical tests in same platforms. To do this, the genre of PRNGs developed so far has been explored and classified into three groups – linear congruential generator based, linear feedback shift register based and cellular automata based. From each group, well-known generators have been chosen for empirical testing. Two types of empirical testing has been done on each PRNG – blind statistical tests with Diehard battery of tests, TestU01 library and NIST statistical test-suite and graphical tests (lattice test and space- time diagram test). Finally, the selected 29 PRNGs are divided into 24 groups and are ranked according to their overall performance in all empirical tests. Keywords: Pseudo-random number generator (PRNG), Diehard, TestU01, NIST, Lattice Test, Space-time Diagram I. Introduction History of human race gives evidence that, since the ancient times, people has arXiv:1811.04035v1 [cs.CR] 3 Nov 2018 generated random numbers for various purposes.
    [Show full text]
  • A Guideline on Pseudorandom Number Generation (PRNG) in the Iot
    If you cite this paper, please use the ACM CSUR reference: P. Kietzmann, T. C. Schmidt, M. Wählisch. 2021. A Guideline on Pseudorandom Number Generation (PRNG) in the IoT. ACM Comput. Surv. 54, 6, Article 112 (July 2021), 38 pages. https://dl.acm.org/doi/10.1145/3453159 112 A Guideline on Pseudorandom Number Generation (PRNG) in the IoT PETER KIETZMANN and THOMAS C. SCHMIDT, HAW Hamburg, Germany MATTHIAS WÄHLISCH, Freie Universität Berlin, Germany Random numbers are an essential input to many functions on the Internet of Things (IoT). Common use cases of randomness range from low-level packet transmission to advanced algorithms of artificial intelligence as well as security and trust, which heavily rely on unpredictable random sources. In the constrained IoT, though, unpredictable random sources are a challenging desire due to limited resources, deterministic real-time operations, and frequent lack of a user interface. In this paper, we revisit the generation of randomness from the perspective of an IoT operating system (OS) that needs to support general purpose or crypto-secure random numbers. We analyse the potential attack surface, derive common requirements, and discuss the potentials and shortcomings of current IoT OSs. A systematic evaluation of current IoT hardware components and popular software generators based on well-established test suits and on experiments for measuring performance give rise to a set of clear recommendations on how to build such a random subsystem and which generators to use. CCS Concepts: • Computer systems organization → Embedded systems; • Mathematics of computing → Random number generation; • Software and its engineering → Operating systems; Additional Key Words and Phrases: Internet of Things, hardware random generator, cryptographically secure PRNG, physically unclonable function, statistical testing, performance evaluation, survey 1 INTRODUCTION Random numbers are essential in computer systems to enfold versatility and enable security.
    [Show full text]
  • A PCG: a Family of Simple Fast Space-Efficient Statistically Good Algorithms for Random Number Generation
    A PCG: A Family of Simple Fast Space-Efficient Statistically Good Algorithms for Random Number Generation MELISSA E. O’NEILL, Harvey Mudd College This paper presents a new uniform pseudorandom number generation scheme that is both extremely practical and statistically good (easily passing L’Ecuyer and Simard’s TestU01 suite). It has a number of important properties, including solid mathematical foundations, good time and space performance, small code size, multiple random streams, and better cryptographic properties than are typical for a general-purpose generator. The key idea is to pass the output of a fast well-understood “medium quality” random number generator to an efficient permutation function (a.k.a. hash function), built from composable primitives, that enhances the quality of the output. The algorithm can be applied at variety of bit sizes, including 64 and 128 bits (which provide 32- and 64-bit outputs, with periods of 264 and 2128). Optionally, we can provide each b-bit generator b 1 with a b 1 bit stream-selection constant, thereby providing 2 ¡ random streams, which are full period and ¡ b entirely distinct. An extension adds up to 2b-dimensional equidistribution for a total period of 2b2 . The construction of the permutation function and the period-extension technique are both founded on the idea of permutation functions on tuples. In its standard variants, b-bit generators use a 2b/2-to-1 function to produce b/2 bits of output. These functions can be designed to make it difficult for an adversary to discover the generator’s internal state by examining its output, and thus make it challenging to predict.
    [Show full text]
  • Monte Carlo Automatic Integration with Dynamic Parallelism in CUDA
    Monte Carlo Automatic Integration with Dynamic Parallelism in CUDA Elise de Doncker, John Kapenga and Rida Assaf Abstract The rapidly evolving CUDA environment is well suited for numerical in- tegration of high dimensional integrals, in particular by Monte Carlo or quasi-Monte Carlo methods. With some care, near peak performance can be obtained on impor- tant applications. A basis for efficient numerical integration using kernels in CUDA GPUs is presented, showing several ways to use CUDA features, provide automatic error control and prevention or detection of roundoff errors. This framework allows easy extension to multiple GPUs, clusters and clouds for addressing problems that were impractical to attack in the past, and is the basis for an update to the PARINT numerical integration package. 1 Introduction Problems in computational geometry, computational physics, computational fi- nance, and other fields give rise to computationally expensive integrals. This chap- ter will address applications of CUDA programming for Monte Carlo integration. A Monte Carlo method approximates the expected value of a stochastic process by sampling, i.e., by performing function evaluations over a large set of random points, and returns the sample average of the evaluations as the end result. The functions that are found in the application areas mentioned above are usually not smooth and may have singularities within the integration domain, which enforces the generation of large sets of random numbers. The algorithms described here will be incorporated in the PARINT multivariate integration package, where we are concerned with the automatic computation of an integral approximation Elise de Doncker, John Kapenga and Rida Assaf Western Michigan University, 1903 W.
    [Show full text]
  • It Is High Time We Let Go of the Mersenne Twister∗
    It Is High Time We Let Go Of The Mersenne Twister∗ SEBASTIANO VIGNA, Università degli Studi di Milano, Italy When the Mersenne Twister made his first appearance in 1997 it was a powerful example of how linear maps on F2 could be used to generate pseudorandom numbers. In particular, the easiness with which generators with long periods could be defined gave the Mersenne Twister a large following, in spite of the fact thatsuch long periods are not a measure of quality, and they require a large amount of memory. Even at the time of its publication, several defects of the Mersenne Twister were predictable, but they were somewhat obscured by other interesting properties. Today the Mersenne Twister is the default generator in C compilers, the Python language, the Maple mathematical computation system, and in many other environments. Nonetheless, knowledge accumulated in the last 20 years suggests that the Mersenne Twister has, in fact, severe defects, and should never be used as a general-purpose pseudorandom number generator. Many of these results are folklore, or are scattered through very specialized literature. This paper surveys these results for the non-specialist, providing new, simple, understandable examples, and it is intended as a guide for the final user, or for language implementors, so that they can take an informed decision about whether to use the Mersenne Twister or not. 1 INTRODUCTION “Mersenne Twister” [22] is the collective name of a family of PRNGs (pseudorandom number 1 generators) based on F2-linear maps. This means that the state of the generator is a vector of bits of size n interpreted as an n-dimensional vector on F2, the field with two elements, and the next-state function of the generator is an F2-linear map.
    [Show full text]
  • Curand Library
    cuRAND Library Programming Guide PG-05328-050_v11.4 | September 2021 Table of Contents Introduction.........................................................................................................................viii Chapter 1. Compatibility and Versioning..............................................................................1 Chapter 2. Host API Overview...............................................................................................2 2.1. Generator Types........................................................................................................................ 3 2.2. Generator Options..................................................................................................................... 3 2.2.1. Seed..................................................................................................................................... 3 2.2.2. Offset....................................................................................................................................3 2.2.3. Order....................................................................................................................................4 2.3. Return Values............................................................................................................................ 6 2.4. Generation Functions................................................................................................................ 7 2.5. Host API Example......................................................................................................................8
    [Show full text]
  • Survey on Hardware Implementation of Random
    Survey on hardware implementation of random number generators on FPGA: Theory and experimental analyses Mohammed Bakiri, Christophe Guyeux, Jean Couchot, Abdelkrim Oudjida To cite this version: Mohammed Bakiri, Christophe Guyeux, Jean Couchot, Abdelkrim Oudjida. Survey on hardware im- plementation of random number generators on FPGA: Theory and experimental analyses. Computer Science Review, Elsevier, 2018, 27, pp.135 - 153. hal-02182827 HAL Id: hal-02182827 https://hal.archives-ouvertes.fr/hal-02182827 Submitted on 13 Jul 2019 HAL is a multi-disciplinary open access L’archive ouverte pluridisciplinaire HAL, est archive for the deposit and dissemination of sci- destinée au dépôt et à la diffusion de documents entific research documents, whether they are pub- scientifiques de niveau recherche, publiés ou non, lished or not. The documents may come from émanant des établissements d’enseignement et de teaching and research institutions in France or recherche français ou étrangers, des laboratoires abroad, or from public or private research centers. publics ou privés. Survey on Hardware Implementation of Random Number Generators on FPGA: Theory and Experimental Analyses Mohammed Bakiria,b,∗, Christophe Guyeuxa, Jean-Fran¸coisCouchota, Abdelkrim Kamel Oudjidab aFemto-ST Institute, DISC Department, UMR 6174 CNRS, University of Bourgogne Franche-Comt´e,Belfort, 90010, France bCentre de D´eveloppement des Technologies Avanc´ees,ASM/DMN Department, Cit 20 aot 1956 Baba Hassen, B. P 17,16303, Alger, Algeria Abstract Random number generation refers to many applications such as simulation, nu- merical analysis, cryptography etc. Field Programmable Gate Array (FPGA) are reconfigurable hardware systems, which allow rapid prototyping. This re- search work is the first comprehensive survey on how random number generators are implemented on Field Programmable Gate Arrays (FPGAs).
    [Show full text]