Pseudorandom number generator: Difference between revisions

The Mersenne twister is a pseudorandom number generator (PRNG). It is, by far, the most widely used PRNG.^[1] Its name derives from the fact that its period length is chosen to be a Mersenne prime.

The Mersenne Twister was developed in 1997 by Template:Nihongo and Template:Nihongo.^[2] It was designed specifically to rectify most of the flaws found in older PRNGs. It was the first PRNG to provide fast generation of high-quality pseudorandom integers.

The most commonly-used version of the Mersenne Twister algorithm is based on the Mersenne prime 2¹⁹⁹³⁷−1. The standard implementation of that, MT19937, uses a 32-bit word length. There is another implementation that uses a 64-bit word length, MT19937-64; it generates a different sequence.

Adoption in software systems

The Mersenne Twister is the default PRNG for R,^[3] Python,^[4][5] Ruby,^[6] IDL,^[7] Free Pascal,^[8] PHP,^[9] Maple,^[10] MATLAB, GAUSS,^[11] CMU Common Lisp,^[12] the GNU Multiple Precision Arithmetic Library,^[13] and the GNU Scientific Library.^[14] It is also available in C++^[15] since C++11. Add-on implementations are provided by the Boost C++ Libraries,^[16] Glib,^[17] and the NAG Numerical Library.^[18]

The Mersenne Twister is one of two PRNGs in SPSS: the other generator is kept only for compatibility with older programs, and the Mersenne Twister is stated to be "more reliable".^[19] The Mersenne Twister is similarly one of the PRNGs in SAS: the other generators are older and deprecated.^[20]

Advantages

The commonly-used version of Mersenne Twister, MT19937, which produces a sequence of 32-bit integers, has the following desirable properties:

1. It has a very long period of 2¹⁹⁹³⁷ − 1. While a long period is not a guarantee of quality in a random number generator, short periods (such as the 2³² common in many older software packages) can be problematic.^[21]
2. It is k-distributed to 32-bit accuracy for every 1 ≤ k ≤ 623 (see definition below).
3. It passes numerous tests for statistical randomness, including the Diehard tests.

Disadvantages

It passes most, but not all, of the stringent TestU01 Crush randomness tests.^[22]

It can take a long time to turn a non-random initial state—particularly an initial state with many zeros—into output that passes randomness tests. A consequence of this is that two instances of the generator, started with an almost the same initial state will output nearly the same sequence for a long time before eventually diverging.

k-distribution

A pseudorandom sequence x_i of w-bit integers of period P is said to be k-distributed to v-bit accuracy if the following holds.

Let trunc_v(x) denote the number formed by the leading v bits of x, and consider P of the kv-bit vectors

${\displaystyle ({\text{trunc}}_v(x_i),{\text{trunc}}_v(x_{i+1}),...,{\text{trunc}}_v(x_{i+k-1}))(0\le i<P)}$.

Then each of the 2^kv possible combinations of bits occurs the same number of times in a period, except for the all-zero combination that occurs once less often.

Alternatives

The algorithm in its native form is not suitable for cryptography (unlike Blum Blum Shub). Observing a sufficient number of iterations (624 in the case of MT19937, since this is the size of the state vector from which future iterations are produced) allows one to predict all future iterations. A pair of cryptographic stream ciphers based on output from Mersenne Twister has been proposed by Makoto Matsumoto et al. The authors claim speeds 1.5 to 2 times faster than Advanced Encryption Standard in counter mode.^[23]

The Mersenne Twister is sensitive to poor initialization and can take a long time to recover from a zero-excess initial state. An alternative, WELL ("Well Equidistributed Long-period Linear"), has quicker recovery, the same or better performance and equal randomness.^[24]

Algorithmic detail

For a k-bit word length, the Mersenne Twister generates integers in the range [0, 2^k−1].

The Mersenne Twister algorithm is based on a matrix linear recurrence over a finite binary field F₂. The algorithm is a twisted generalised feedback shift register^[25] (twisted GFSR, or TGFSR) of rational normal form (TGFSR(R)), with state bit reflection and tempering. It is characterized by the following quantities:

• w: word size (in number of bits)
• n: degree of recurrence
• m: middle word, or the number of parallel sequences, 1 ≤ m ≤ n
• r: separation point of one word, or the number of bits of the lower bitmask, 0 ≤ r ≤ w - 1
• a: coefficients of the rational normal form twist matrix
• b, c: TGFSR(R) tempering bitmasks
• s, t: TGFSR(R) tempering bit shifts
• u, l: additional Mersenne Twister tempering bit shifts

with the restriction that 2^nw − r − 1 is a Mersenne prime. This choice simplifies the primitivity test and k-distribution test that are needed in the parameter search.

For a word x with w bit width, it is expressed as the recurrence relation

${\displaystyle x_{k+n}:=x_{k+m}\oplus ({x_k}^u\mid {x_{k+1}}^l)Ak=0,1,\dots }$

with | as the bitwise or and ${\displaystyle \oplus }$ as the bitwise exclusive or (XOR), x^u, x^l being x with upper and lower bitmasks applied. The twist transformation A is defined in rational normal form

${\displaystyle A=R=\left(\begin{array}{cc}0& I_{w-1}\\ a_{w-1}& (a_{w-2},\dots ,a_0)\end{array}\right)}$

with I_n − 1 as the (n − 1) × (n − 1) identity matrix (and in contrast to normal matrix multiplication, bitwise XOR replaces addition). The rational normal form has the benefit that it can be efficiently expressed as

${\displaystyle \mathit{x}A=\{\begin{array}{ll}\mathit{x}\gg 1& x_0=0\\ (\mathit{x}\gg 1)\oplus \mathit{a}& x_0=1\end{array}}$

where

${\displaystyle \mathit{x}:=({x_k}^u\mid {x_{k+1}}^l)k=0,1,\dots }$

In order to achieve the 2^nw − r − 1 theoretical upper limit of the period in a TGFSR, φ_B(t) must be a primitive polynomial, φ_B(t) being the characteristic polynomial of

${\displaystyle B=\left(\begin{array}{ccccc}0& I_w& \cdots & 0& 0\\ ⋮& & & & \\ I_w& ⋮& \ddots & ⋮& ⋮\\ ⋮& & & & \\ 0& 0& \cdots & I_w& 0\\ 0& 0& \cdots & 0& I_{w-r}\\ S& 0& \cdots & 0& 0\end{array}\right)\begin{array}{c}\\ \\ \leftarrow m\text{-th row}\\ \\ \\ \\ \end{array}}$

${\displaystyle S=\left(\begin{array}{cc}0& I_r\\ I_{w-r}& 0\end{array}\right)A}$

The twist transformation improves the classical GFSR with the following key properties:

• Period reaches the theoretical upper limit 2^nw − r − 1 (except if initialized with 0)
• Equidistribution in n dimensions (e.g. linear congruential generators can at best manage reasonable distribution in 5 dimensions)

As like TGFSR(R), the Mersenne Twister is cascaded with a tempering transform to compensate for the reduced dimensionality of equidistribution (because of the choice of A being in the rational normal form), which is equivalent to the transformation A = R → A = T⁻¹RT, T invertible. The tempering is defined in the case of Mersenne Twister as

y := x ⊕ (x >> u)

y := :y ⊕ ((y << s) & b)

y := :y ⊕ ((y << t) & c)

z := y ⊕ (y >> l)

with <<, >> as the bitwise left and right shifts, and & as the bitwise and. The first and last transforms are added in order to improve lower bit equidistribution. From the property of TGFSR, ${\displaystyle s+t\ge \lfloor w/2\rfloor -1}$ is required to reach the upper bound of equidistribution for the upper bits.

The coefficients for MT19937 are:

• (w, n, m, r) = (32, 624, 397, 31)
• a = 9908B0DF₁₆
• u = 11
• (s, b) = (7, 9D2C5680₁₆)
• (t, c) = (15, EFC60000₁₆)
• l = 18

A small lagged Fibonacci generator or linear congruential generator usually is used to seed the Mersenne Twister with random initial values.Potter or Ceramic Artist Truman Bedell from Rexton, has interests which include ceramics, best property developers in singapore developers in singapore and scrabble. Was especially enthused after visiting Alejandro de Humboldt National Park.

Pseudocode

The following piece of pseudocode generates uniformly distributed 32-bit integers in the range [0, 2³² − 1] with the MT19937 algorithm:

 // Create a length 624 array to store the state of the generator
 int[0..623] MT
 int index = 0
 
 // Initialize the generator from a seed
 function initialize_generator(int seed) {
     index := 0
     MT[0] := seed
     for i from 1 to 623 { // loop over each other element
         MT[i] := last 32 bits of(1812433253 * (MT[i-1] xor (right shift by 30 bits(MT[i-1]))) + i) // 0x6c078965
     }
 }
 
 // Extract a tempered pseudorandom number based on the index-th value,
 // calling generate_numbers() every 624 numbers
 function extract_number() {
     if index == 0 {
         generate_numbers()
     }
 
     int y := MT[index]
     y := y xor (right shift by 11 bits(y))
     y := y xor (left shift by 7 bits(y) and (2636928640)) // 0x9d2c5680
     y := y xor (left shift by 15 bits(y) and (4022730752)) // 0xefc60000
     y := y xor (right shift by 18 bits(y))

     index := (index + 1) mod 624
     return y
 }
 
 // Generate an array of 624 untempered numbers
 function generate_numbers() {
     for i from 0 to 623 {
         int y := (MT[i] and 0x80000000)                       // bit 31 (32nd bit) of MT[i]
                        + (MT[(i+1) mod 624] and 0x7fffffff)   // bits 0-30 (first 31 bits) of MT[...]
         MT[i] := MT[(i + 397) mod 624] xor (right shift by 1 bit(y))
         if (y mod 2) != 0 { // y is odd
             MT[i] := MT[i] xor (2567483615) // 0x9908b0df
         }
     }
 }

SFMT

Template:Expand section

SFMT, the SIMD-oriented Fast Mersenne Twister, is a variant of Mersenne Twister, introduced in 2006,^[26] designed to be fast when it runs on 128-bit SIMD.

• It is roughly twice as fast as Mersenne Twister.^[27]
• It has a better equidistribution property of v-bit accuracy than MT but worse than WELL ("Well Equidistributed Long-period Linear").
• It has quicker recovery from zero-excess initial state than MT, but slower than WELL.
• It supports various periods from 2⁶⁰⁷−1 to 2²¹⁶⁰⁹¹−1.

Intel SSE2 and PowerPC AltiVec are supported by SFMT. It is also used for games with the Cell BE in the PlayStation 3.^[28]

MTGP

MTGP is a variant of Mersenne Twister optimised for GPUs published by Mutsuo Saito and Makoto Matsumoto.^[29] The basic linear recurrence operations are extended from MT and parameters are chosen to allow many threads to compute the recursion in parallel, while sharing their state space to reduce memory load. Sample code [1] for CUDA includes parameter sets suitable for 256, 512 and 1024 parallel threads per block, and up to 200 blocks generating independent random streams. The paper claims improved equidistribution over MT and performance on a high specification GPU (Nvidia GTX260 with 192 cores) of 4.7ms for 5x10⁷ random 32-bit integers.

Implementations in various languages

References

43 year old Petroleum Engineer Harry from Deep River, usually spends time with hobbies and interests like renting movies, property developers in singapore new condominium and vehicle racing. Constantly enjoys going to destinations like Camino Real de Tierra Adentro.

External links

• The academic paper for MT, and related articles by Makoto Matsumoto
• Mersenne Twister home page, with codes in C, Fortran, Java, Lisp and some other languages
• SIMD-oriented Fast Mersenne Twister (SFMT)