Sum-discrepancy test on pseudorandom number generators

نویسندگان

  • Makoto Matsumoto
  • Takuji Nishimura
چکیده

We introduce a non-empirical test on pseudorandom number generators (prng), named sum-discrepancy test. We compute the distribution of the sum of consecutive m outputs of a prng to be tested, under the assumption that the initial state is uniformly randomly chosen. We measure its discrepancy from the ideal distribution, and then estimate the sample size which is necessary to reject the generator. These tests are effective to detect the structure of the outputs of multiple recursive generators with small coefficients, in particular that of lagged Fibonacci generators such as random() in BSD-C library, as well as add-with-carry and subtract-with-borrow generators like RCARRY. The tests show that these generators will be rejected if the sample size is of order 10. We tailor the test to generators with a discarding procedure, such as ran array and RANLUX, and exhibit empirical results. It is shown that ran array with half of the output discarded is rejected if the sample size is of the order of 4 × 10. RANLUX with luxury level 1 (i.e. half of the output discarded) is rejected if the sample size is of the order of 2×108, and RANLUX with luxury level 2 (i.e. roughly 3/4 is discarded) will be rejected for the sample size of the order of 2.4× 1018. In our previous work, we have dealt with the distribution of the Hamming weight function using discrete Fourier analysis. In this work we replace the Hamming weight with the continuous sum, using a classical Fourier analysis, i.e., Poisson’s summation formula and Levy’s inversion formula.

برای دانلود رایگان متن کامل این مقاله و بیش از 32 میلیون مقاله دیگر ابتدا ثبت نام کنید

ثبت نام

اگر عضو سایت هستید لطفا وارد حساب کاربری خود شوید

منابع مشابه

A Nonempirical Test on the Weight of Pseudorandom Number Generators

We introduce a theoretical test, named weight discrepancy test, on pseudorandom number generators. This test measures the χ-discrepancy between the distribution of the number of ones in some specified bits in the generated sequence and the binomial distribution, under the assumption that the initial value is randomly selected. This test can be performed for most generators based on a linear rec...

متن کامل

Cryptanalysis of Pseudorandom Generators

As a motivating application for the study of lattice in cryptography we consider the construction of pseudorandom generators. We recall that a pseudorandom generator is a program G(x) (computable in deterministic polynomial time) that maps bitstrings x ∈ {0, 1} to longer strings G(x) ∈ {0, 1} such that, if x is chosen uniformly at random and kept secret, then the output G(x) will “look” random ...

متن کامل

Discrepancy Sets and Pseudorandom Generators for Combinatorial Rectangles

A common subproblem of DNF approximate counting and derandomizing RL is the discrepancy problem for combinatorial rectangles. We explicitly construct a poly(n)-size sample space that approximates the volume of any combinatorial rectangle in [n] to within o(1) error (improving on the constructions of [EGLNV92]). The construction extends the techniques of [LLSZ95] for the analogous hitting set pr...

متن کامل

Discrepancy Sets and Pseudorandom Generators for Combinatorical Rectangles

A common subproblem of $DNF$ approximate counting and derandomizing $RL$ is the discrepancy problem for combinatorial rectangles. We explicitly construct a $poly(n)$size sample space that approximates the volume of any combinatorial rectangle in $[n]^n$ to within $o(1)$ error (improving on the constructions of [EGLNV92]). The construction extends the techniques of [LLSZ95] for the analogous hit...

متن کامل

Lower Bounds for the Discrepancy of Inversive Congruential Pseudorandom Numbers with Power of Two Modulus

The inversive congruential method with modulus m = 2W for the generation of uniform pseudorandom numbers has recently been introduced. The discrepancy Z)' L of A:-tuples of consecutive pseudorandom numbers generated by such a generator with maximal period length m/2 is the crucial quantity for the analysis of the statistical independence properties of these pseudorandom numbers by means of the ...

متن کامل

ذخیره در منابع من


  با ذخیره ی این منبع در منابع من، دسترسی به آن را برای استفاده های بعدی آسان تر کنید

عنوان ژورنال:
  • Mathematics and Computers in Simulation

دوره 62  شماره 

صفحات  -

تاریخ انتشار 2003