Random-Number

Generation

2010 Raj Jain www.rajjain.com

26-1

Overview
Desired properties of a good generator
Linear-congruential generators
Tausworthe generators
Survey of random number generators
Seed selection
Myths about random number generation

2010 Raj Jain www.rajjain.com

26-2

Random-Number Generation
Random Number = Uniform (0, 1)
Random Variate = Other distributions
= Function(Random number)

2010 Raj Jain www.rajjain.com

26-3

A Sample Generator

For example,

Starting with x0=5:

The first 32 numbers obtained by the above procedure 10, 3, 0,

1, 6, 15, 12, 13, 2, 11, 8, 9, 14, 7, 4, 5 10, 3, 0, 1, 6, 15, 12, 13,
2, 11, 8, 9, 14, 7, 4, 5.
By dividing x's by 16:
0.6250, 0.1875, 0.0000, 0.0625, 0.3750, 0.9375, 0.7500,
0.8125, 0.1250, 0.6875, 0.5000, 0.5625, 0.8750, 0.4375,
0.2500, 0.3125, 0.6250, 0.1875, 0.0000, 0.0625, 0.3750,
0.9375, 0.7500, 0.8125, 0.1250, 0.6875, 0.5000, 0.5625,
0.8750, 0.4375, 0.2500, 0.3125.

2010 Raj Jain www.rajjain.com

26-4

Terminology

Seed = x0
Pseudo-Random: Deterministic yet would pass randomness
tests
Fully Random: Not repeatable
Cycle length, Tail, Period

2010 Raj Jain www.rajjain.com

26-5

Desired Properties of a Good Generator

It should be efficiently computable.
The period should be large.
The successive values should be independent and
uniformly distributed

2010 Raj Jain www.rajjain.com

26-6

Types of Random-number Generators

Linear congruential generators
Tausworthe generators
Extended Fibonacci generators
Combined generators

2010 Raj Jain www.rajjain.com

26-7

Linear-Congruential Generators

Discovered by D. H. Lehmer in 1951

The residues of successive powers of a number have good
randomness properties.

Equivalently,

a = multiplier
m = modulus

2010 Raj Jain www.rajjain.com

26-8

Linear-Congruential Generators (Cont)

Lehmer's choices: a = 23 and m = 108+1
Good for ENIAC, an 8-digit decimal machine.
Generalization:

Can be analyzed easily using the theory of

congruences
Mixed Linear-Congruential Generators
or Linear-Congruential Generators (LCG)
Mixed = both multiplication by a and addition of b

2010 Raj Jain www.rajjain.com

26-9

Selection of LCG Parameters

a, b, and m affect the period and autocorrelation

The modulus m should be large.

The period can never be more than m.

For mod m computation to be efficient, m should be a power

of 2 Mod m can be obtained by truncation.

2010 Raj Jain www.rajjain.com

26-10

Selection of LCG Parameters (Cont)

If b is nonzero, the maximum possible period m is

obtained if and only if:

Integers m and b are relatively prime, that is, have no common

factors other than 1.

Every prime number that is a factor of m is also a factor of a-1.

If integer m is a multiple of 4, a-1 should be a multiple of 4.

Notice that all of these conditions are met if m=2k, a = 4c + 1,

and b is odd. Here, c, b, and k are positive integers.

2010 Raj Jain www.rajjain.com

26-11

Period vs. Autocorrelation

A generator that has the maximum possible period is called a

full-period generator.

Lower autocorrelations between successive numbers are

preferable.
Both generators have the same full period, but the first one has
a correlation of 0.25 between xn-1 and xn, whereas the second
one has a negligible correlation of less than 2-18

2010 Raj Jain www.rajjain.com

26-12

Multiplicative LCG

Multiplicative LCG: b=0

Two types:
m = 2k
m 2k

2010 Raj Jain www.rajjain.com

26-13

Multiplicative LCG with m=2k

m = 2k trivial division
Maximum possible period 2k-2
Period achieved if multiplier a is of the form 8i 3,
and the initial seed is an odd integer
One-fourth the maximum possible may not be too
small
Low order bits of random numbers obtained using
multiplicative LCG's with m=2k have a cyclic pattern

2010 Raj Jain www.rajjain.com

26-14

Example 26.1a

Using a seed of x0=1:

5, 25, 29, 17, 21, 9, 13, 1, 5,
Period = 8 = 32/4
With x0 = 2, the sequence is: 10, 18, 26, 2, 10,
Here, the period is only 4.

2010 Raj Jain www.rajjain.com

26-15

Example 26.1b

Multiplier not of the form 8i 3:

Using a seed of x0 = 1, we get the sequence:

7, 17, 23, 1, 7,
The period is only 4

2010 Raj Jain www.rajjain.com

26-16

Multiplicative LCG with m 2k

Modulus m = prime number

With a proper multiplier a, period = m-1

Maximum possible period = m
If and only if the multiplier a is a primitive root of the modulus
m
a is a primitive root of m if and only if an mod m 1 for n = 1,
2, , m-2.

2010 Raj Jain www.rajjain.com

26-17

Example 26.2

Starting with a seed of x0=1:

1, 3, 9, 27, 19, 26, 16, 17, 20, 29, 25, 13, 8, 24, 10, 30, 28, 22,
4, 12, 5, 15, 14, 11, 2, 6, 18, 23, 7, 21, 1,
The period is 30
3 is a primitive root of 31
With a multiplier of a = 5: 1, 5, 25, 1,
The period is only 3 5 is not a primitive root of 31
Primitive roots of 31= 3, 11, 12, 13, 17, 21, 22, and 24.

2010 Raj Jain www.rajjain.com

26-18

Schrage's Method
PRN computation assumes:
No round-off errors, integer arithmetic and no overflows
Can't do it in BASIC
Product a xn-1 > Largest integer Overflow
Identity:
Where:
And:
Here, q = m div a, r = m mod a
`A div B' = dividing A by B and truncating the result.
For all x's in the range 1, 2, , m-1, computing g(x) involves
numbers less than m-1.
If r < q, h(x) is either 0 or 1, and it can be inferred from g(x);
h(x) is 1 if and only if g(x) is negative.

2010 Raj Jain www.rajjain.com

26-19

Example 26.3

231-1 = 2147483647 = prime number

75 = 16807 is one of its 534,600,000 primitive roots

The product a xn-1 can be as large as 16807 2147483647
1.03 245.

Need 46-bit integers

For a correct implementation, x0 = 1 x10000= 1,043,618,065.

2010 Raj Jain www.rajjain.com

26-20

Generator Using Integer Arithmetic

2010 Raj Jain www.rajjain.com

26-21

Generator Using Real Arithmetic

2010 Raj Jain www.rajjain.com

26-22

Tausworthe Generators

Need long random numbers for cryptographic applications

Generate random sequence of binary digits (0 or 1)
Divide the sequence into strings of desired length
Proposed by Tausworthe (1965)

Where ci and bi are binary variables with values of 0 or 1, and

is the exclusive-or (mod 2 addition) operation.
Uses the last q bits of the sequence
autoregressive sequence of order q or AR(q).
An AR(q) generator can have a maximum period of 2q-1.

2010 Raj Jain www.rajjain.com

26-23

Tausworthe Generators (Cont)

D = delay operator such that

Characteristic polynomial:

The period is the smallest positive integer n for which xn-1 is

divisible by the characteristic polynomial.
The maximum possible period with a polynomial of order q is
2q-1. The polynomials that give this period are called primitive
polynomials.

2010 Raj Jain www.rajjain.com

26-24

Example 26.4

x7+x3+1
Using D operator in place of x:

Or:

Using the exclusive-or operator

Or:

Substituting n-7 for n:

2010 Raj Jain www.rajjain.com

26-25

Example 26.4 (Cont)

Starting with b0 = b1 = L = b6 = 1:

The complete sequence is:

1111111 0000111 0111100 1011001 0010000 0010001
0011000 1011101 0110110 0000110 0110101 0011100
1111011 0100001 0101011 1110100 1010001 1011100
0111111 1000011 1000000.
Period = 127 or 27-1 bits
The polynomial x7+x3+1 is a primitive polynomial.

2010 Raj Jain www.rajjain.com

26-26

Combined Generators
1. Adding random numbers obtained by two or more generators.
wn=(xn+yn) mod m
For example, L'Ecuyer (1986):

This would produce:

Period = 2.3 1018

2010 Raj Jain www.rajjain.com

26-41

Combined Generators (Cont)

Another Example: For 16-bit computers:

Use:

This generator has a period of 8.1 1012.

2010 Raj Jain www.rajjain.com

26-42

Combined Generators (Cont)

2. Exclusive-or random numbers obtained by two or more
generators.
3. Shuffle. Use one sequence as an index to decide which of
several numbers generated by the second sequence should be
returned.

2010 Raj Jain www.rajjain.com

26-43

Combined Generators (Cont)

a)
b)
c)
d)
e)

Algorithm M:
Fill an array of size, say, 100.
Generate a new yn (between 0 and m-1)
Index i=1+100 yn/m
ith element of the array is returned as the next random number
A new value of xn is generated and stored in the ith location

2010 Raj Jain www.rajjain.com

26-44

Survey of Random-Number Generators

A currently popular multiplicative LCG is:

Used in:
SIMPL/I system (IBM 1972),
APL system from IBM (Katzan 1971),
PRIMOS operating system from Prime Computer
(1984), and
Scientific library from IMSL (1980)
231-1 is a prime number and 75 is a primitive root of it
Full period of 231-2.
This generator has been extensively analyzed and shown to be
good.
Its low-order bits are uniformly distributed.

2010 Raj Jain www.rajjain.com

26-45

Survey of RNGs (Cont)

Fishman and Moore (1986)'s exhaustive search of

m=231-1:

SIMSCRIPT II.5 and in DEC-20 FORTRAN:

2010 Raj Jain www.rajjain.com

26-46

Survey of RNGs (Cont)

``RANDU'' (IBM 1968): Very popular in the 1960s:

Modulus and the multiplier were selected primarily to

facilitate easy computation.
Multiplication by 216+3=65539 can be easily accomplished
by a few shift and add instructions.
Does not have a full period and has been shown to be
flawed in many respects.
Does not have good randomness properties (Knuth, p 173).
Triplets lie on a total of 15 planes
Unsatisfactory three-distributivity
Like all LCGs with m=2k, the lower order bits of this
generator have a small period. RANDU is no longer used
2010 Raj Jain www.rajjain.com

26-47

Survey of RNGs (Cont)

Analog of RANDU for 16-bit microprocessors:

This generator shares all known problems of RANDU

Period = only a few thousand numbers
not suitable for any serious simulation study
University of Sheffield Pascal system for Prime Computers:

16807 8i 3 Does not have the maximum possible

period of 231-2.
Used with a shuffle technique in the subroutine UNIFORM
of the SAS statistical package
2010 Raj Jain www.rajjain.com

26-48

Survey of RNGs (cont)

SIMULA on UNIVAC uses the following generator:

Has maximum possible period of 233, Park and Miller

(1988) claim that it does not have good randomness
properties.
The UNIX operating system:

Like all LCGs with m=2k, the binary representation of xn's

has a cyclic bit pattern

2010 Raj Jain www.rajjain.com

26-49

Seed Selection
Multi-stream simulations: Need more than one random
stream
Single queue Two streams
= Random arrival and random service times
1. Do not use zero. Fine for mixed LCGs.
But multiplicative LCG or a Tausworthe LCG will stick at
zero.
2. Avoid even values. For multiplicative LCG with modulus
m=2k, the seed should be odd. Better to avoid generators that
have too many conditions on seed values or whose
performance (period and randomness) depends upon the seed
value.
3. Do not subdivide one stream.

2010 Raj Jain www.rajjain.com

26-50

Seed Selection (Cont)

4.

Do not generate successive seeds: u1 to generate inter-arrival

times, u2 to generate service time Strong correlation
5. Use non-overlapping streams.
Overlap Correlation, e.g., Same seed same stream
6. Reuse seeds in successive replications.
7. Do not use random seeds: Such as the time of day.
Can't reproduce. Can't guaranteed non-overlap.
8. Select

2010 Raj Jain www.rajjain.com

26-51

Table of Seeds

2010 Raj Jain www.rajjain.com

26-52

Myths About Random-Number

Generation
1. A complex set of operations leads to random results. It is
better to use simple operations that can be analytically
evaluated for randomness.
2. A single test, such as the chi-square test, is sufficient to test
the goodness of a random-number generator. The sequence
0,1,2,...,m-1 will pass the chi-square test with a perfect score,
but will fail the run test Use as many tests as possible.
3. Random numbers are unpredictable. Easy to compute the
parameters, a, c, and m from a few numbers LCGs are
unsuitable for cryptographic applications

2010 Raj Jain www.rajjain.com

26-53

Myths (Cont)
4. Some seeds are better than others. May be true for some.

Works correctly for all seeds except x0 = 37911

Stuck at xn= 37911 forever
Such generators should be avoided.
Any nonzero seed in the valid range should produce an
equally good sequence.
For some, the seed should be odd.
Generators whose period or randomness depends upon the
seed should not be used, since an unsuspecting user may
not remember to follow all the guidelines.
2010 Raj Jain www.rajjain.com

26-54

Myths (Cont)
5. Accurate implementation is not important.
RNGs must be implemented without any overflow or
truncation For example,

In FORTRAN:

The AND operation is used to clear the sign bit

Straightforward multiplication above will produce overflow.
6. Bits of successive words generated by a random-number
generator are equally randomly distributed.
If an algorithm produces l-bit wide random numbers, the
randomness is guaranteed only when all l bits are used to
form successive random numbers.

2010 Raj Jain www.rajjain.com

26-55

Example 26.7
Notice that:
a) Bit 1 (the least
significant bit) is always
1.
b) Bit 2 is always 0.
c) Bit 3 alternates between
1 and 0, thus, it has a
cycle of length 2.
d) Bit 4 follows a cycle
(0110) of length 4.
e) Bit 5 follows a cycle
(11010010) of length 8.
2010 Raj Jain www.rajjain.com

26-56

Example 26.7 (Cont)

The least significant bit is either always 0 or always 1.

The lth bit has a period at most 2l. (l=1 is the least significant
bit)
For all mixed LCGs with m=2k:
The lth bit has a period at most 2l.
In general, the high-order bits are more randomly
distributed than the low-order bits.
Better to take the high-order l bits than the low-order l
bits.

2010 Raj Jain www.rajjain.com

26-57

Summary

Pseudo-random numbers are used in simulation for

repeatability, non-overlapping sequences, long cycle
It is important to implement PRNGs in integer arithmetic
without overflow => Schrages method
For multi-stream simulations, it is important to select seeds that
result in non-overlapping sequences
Two or more generators can be combined for longer cycles
Bits of random numbers may not be random
2010 Raj Jain www.rajjain.com

26-58

Homework

Submit answer to Exercise 26.5. Submit code and

report x20,000

2010 Raj Jain www.rajjain.com

26-59

Exercise 26.5
Implement the following LCG using Schrage's method
to avoid overflow:

Using a seed of x0=1, determine x10000.

2010 Raj Jain www.rajjain.com

26-64