Talk:Pseudorandom number generator
This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||||||||||||||||||||||
|
Corrected K1 criterion
editCriterion K1 doesn't state that consecutive number repeats should have low probability, i.e. probability any lower than any other number, rather, if one generates random vectors of numbers, these should be different from one another with high probability. Here's the original text: "There should be a high probability that random vectors (r1,…,rc),(rc+1,…,r2c),…,(rMc+1,…,rM) formed from random numbers r1,r2,… are mutually different." I've tried to correct the K1 summarization to be truer to the source text, yet maintaining the simplicity of the writing. Todd (talk) 16:53, 6 January 2017 (UTC)
removed bad Math
editWhoever added:
(Assuming one bit is produced every picosecond, a state of 64 bits would suffice as (1 picosecond)*264= over 142 million years.)
This is mistake. 1 picosecond)*264 = 18,446,744 seconds = 213 days. Well over the lifetime of a fruit fly. This is not a good example either, since generating a random number takes well over 1 picosecond, and supercomputer can generate hundreds of them or even thousands in parallel. I'd vote for removing this paragraph entirely, but I left it to be polite and discuss. I removed error, since it is so extremely misleading to anyone wanting to learn this material, I could not in good conscience leave it.
about Mersenne twister; good article is started
editAbout Matsumoto's and Nishimura's Mersenne Twister I can say that it really works almost as Nature's randomness - believe it or not. This algorithm is already fully implemented on VOG a Russian server for board games. I've played there quite vast period of time on Backgammon arena and on Reversi one. The C function int rand (int) is not as good as PRNG based on Mersenne twister - that is for sure. Try it and feel it. Nice you've started a PRNG at last. We really needed this one. I was already thinking to do your job. Can you put some Knuth's work on this field too. About the simpliest PRNG and such.
XJam [2002.03.23] 6 Saturday (0)
- It's not clear one's feelings about using a PRNG are a reliable quality metric. In any case there is some serious dispute about whether the Mersenne twister is as good a PRNG as is sometimes thought.
ww (talk) 03:35, 5 August 2009 (UTC)
- Mersenne Twister is merely the newest member of a family of generators with very well understood properties, meaning both good and bad. Among the bad is the very long correlation length, or as the authors euphemistically call it "recovery" time. If you initialize the vector with mostly zeros, you will continue to get mostly zeros for the next ten thousand iterations. This is because, there is only one new bit out of 19937 on every iteration. The other 19936 are just shifted and reused.
dimensions?
edit> It has a colossal period of 219937-1 iterations, is proven to be equidistributed in 623 dimensions. Ostrich can you please explain a liitle bit more what herein dimensions means exactly? Otherwise everything else is explained as clear as can be.
XJam [2002.03.23] 6 Saturday (1st ed)
Statistical patterns in a sequence may appear in many ways. The dimensions noted are ways of examining the sequence for patterns. See Knuth Semi-numerical algorithms for more detail. Please note that this article needs serious revision, particularly with regard to CSPRNGs. It is not easy to build these and statements that 'one could' have one if one does this or that are dangerous. Someone might rely on them and get into considerable (insecure) trouble as a result. Indeed, many PRNGs are built with block cypher encryption algorithms operating in CTR mode. However, the description of CTR mode here is inadequate. Note that CSPRNGs not only must satisfy certain statistical properties, but also must not be predictable which is another kettle of bits altogether.
The spectral test article and the RANDU article have an example of what "dimensions" means in this context.
--DavidCary (talk) 02:11, 31 December 2014 (UTC)
poor code formatting
editFor some reason my Delphi/Pascal code is not formated correctly with the <pre> tag. Suggestions? - Jim
Move Cryptography Material
editI see that most of the material in Cryptographically secure pseudorandom number generators is repeated on its own page. Can we remove or summarize it here?
Sander123 13:13, 21 Jul 2004 (UTC)
- Sander, The biggest use of RNGs is in crypto by now and so some (all?) of this coverage belongs here. Some RNGs suitable for other uses are not suitable for crypto use, so some attempt to bring out the different requirements is apposite.
- As for duplication, much the same can be said for coverage of the material from a crypto perspective, so a redirect of one title to the other will probably cause difficulties. I too feel an urge to minimize duplicated content, but in this case have managed to restrain myself. I suspect we all should. ww 14:53, 21 Jul 2004 (UTC)
- ww: "The biggest use of RNGs is in crypto" — are you sure? — Matt 23:16, 21 Jul 2004 (UTC)
- It would help, I suppose, if I were regularly patrolling talk pages for comments directed at me. As I'm not, this one has escaped my notice for an extended time.
- Well, let's say that I read mostly crypto related material, not the modeling or statistical literature, so there may be a bias. Would you be happier with 'most PRNG use'? Actually, the most critical use of such things in crypto (not news to you, of course, but perhaps to some readers) is a subset of RNGs, and of PRNGs, namely CSPRNGs. Randomness is a very central problem in crypto applications, and crypto theory as well (eg, the random oracle model used for analysis). But nevertheless, still PRNGs (and RNGs). ww (talk) 16:45, 23 September 2008 (UTC)
- ww: "The biggest use of RNGs is in crypto" — are you sure? — Matt 23:16, 21 Jul 2004 (UTC)
- I read mostly non-crypto-related material, so I may be biased in the other direction.
- I suspect that the top two applications of PRNGs are in mobile phones and GPS receivers. My understanding is that most mobile phones have both kinds of PRNG -- a non-crypto high-speed "linear" PRNG for CDMA, and a separate lower speed CSPRNG to support encryption such as A5/1. My understanding is that the vast majority of GPS receivers are civilian GPS receivers, which include only non-crypto "linear" PRNGs.
- From that I conclude that there are slightly more non-crypto PRNGs (cell phones + GPS receivers + a few other non-crypto PRNGs) than CSPRNGs (cell phones + a few other CSPRNGs).
- I support the move of text from this pseudorandom number generator article to cryptographically secure pseudorandom number generator, leaving a WP:SUMMARY in this article. --DavidCary (talk) 16:13, 10 April 2012 (UTC)
rule of thumb
edit- A general rule of thumb is to have only a summary paragraph about a subtopic, and include a prominent link to the subtopic article; I think we do this here, although the subtopic article (CSPRNG) is not as complete as it probably should be, and arguably the summary paragraph in PRNG is slightly too long as well. — Matt 23:16, 21 Jul 2004 (UTC)
- I agree with Matt. The problem that I see is that repeating the material makes maintanace difficult. In fact I came across this because I wanted to add some material. And there is a lot of material that I want to add here--Make the requirements more explicit, say some more about the standards availlable, list designs that were broken and the problems they caused, etc, etc.
- Eventually this could be quite a large topic. Should I add all that to the main page? I propose that I make sure that everthing on the main page is included in crypto page, and then summarize the main page. Everybody agree? Sander123 08:50, 23 Jul 2004 (UTC)
- Seems like a sound refactoring to me, thanks. — Matt 17:00, 23 Jul 2004 (UTC)
author, author -- but no title...
editIn the citation to the von Neumann paper, several authors are given, but there is no title. Perhaps an editing glitch ate it? Can anyone suggest what it was before this supposed whale of an editor swallowed up our Jonah of a title? ww 08:52, 26 March 2006 (UTC)
Linked term: "random", the rap artist
editThe "random" link in the first paragraph goes to an article about some rap artist, named "Random." Can someone fix?
poor writing
editThis page hasn't been written by the world's most gifted writer. E.g.:
"Because any PRNG run on a deterministic computer (contrast quantum computer) is necessarily a deterministic algorithm" "The outputs of pseudorandom number generators only approximate some of the properties of random numbers" "Careful mathematical analysis is required to have any confidence the algorithm generates numbers that are sufficiently "random" to suit the intended use"
The whole article reads like a mathematical text book, not an article from an encyclopedia.
- anon poster, It's a tricky topic and more than many, preciosn of language -- at the expense of kludgey phrasing -- is hard to avoid. Please, suggest improvements which do not do damage to the meaning (including this precision, at least where we've amanaged it). It is not easy to do. And if it is for you, have I got some articles for you to look at... ww 06:40, 19 July 2006 (UTC)
- Absolutely correct: encyclopedias are meant to be informative, not a reference book for mathematical computer science geniuses. It should be informative to the uninformed and it should do so without phrases like: "computer (contrast quantum computer) is necessarily a deterministic algorithm"" which is absolutely meaningless for someone like me. The trick is to be informative without being sloppy in your language. THe problem is, is that I am too ignorant on the topic to make the required changes, which is why SOMEONE who knows better should take that initiative.--ToyotaPanasonic 02:40, 21 February 2007 (UTC)
- I made pass at cleaning the article up. It is still not as clear as it could be, but I hope it is less convoluted. I also took out the 1/q generator which does not seem terribly practical and I am not aware of it's being widely used. --agr 04:16, 21 February 2007 (UTC)
Mersenne Twister Linearity
editThe article claims that, "However, it is possible to efficiently analyze the output of the Mersenne Twister algorithm and to detect that it is non-random (as with the Berlekamp-Massey algorithm or an extension of it, such as the Reed-Sloane algorithm)."
I've actually done the experiment with the Berlkamp-Massey algorithm and the Mersenne Twister. The Mersenne Twister is not linear.
At the risk of being pedantic, let me discuss Berlkamp-Massey. This agorithm will determine the shortest linear feedback shift register that can produce a given bit sequence. This length is the sequence's linear complexity. The algorithm is used to verify that a PRNG isn't linear (in the strict sense of being equivalent to a linear feedback shift register) and to examine its linear complexity profile.
The Mersenne Twister is not equivalent to any linear feedback shift register. The Berlkmap-Massey algorithm doesn't reveal any bias or predicatability in the output of the Mersenne Twister. That does not imply that no bias or predictablity exists. Predictability always exists if the PRNG algorithm and the internal state of the PRNG is known or can be inferred.
I'm very curious about the author's source for the claim quoted above.
More about the Mersenne Twister
editI have recently experimented with the Mersenne Twister, in particular by analyzing its output with the Berlkamp-Massey algorithm. My recent changes to this page are motivated by what I discovered. For details, search the sci.crypt.random-numbers newsgroup for Mersenne Twister Linearity. I am still very interested in any actual numerical analysis of the output of this (and other!) generator's output.
Dude, sign your postings, and also read WP policy regarding original research, OR is not allowed in any article on WP. Kotika98 (talk) 13:41, 26 December 2012 (UTC)
Microsoft RAND function
edit- The RAND function included in current Microsoft operating systems has only 15 bits of state and thus repeats after generating 32768 bytes.
That's a little hard to believe... do we have a source for that? --Tgr 15:35, 26 October 2006 (UTC)
In Visual Studio 2005, the default rand() produces values in 0..0x7fff. This C program: :int main() { int i,j,k; j=(rand()<<15)|rand(); for (i=0; i<0xffffffff; ++i) { k=((k<<15)|rand())&0x3fffffff; if (j==k) printf("%.8x\n", i); }} reports repeats at 0x18932e78, 0x37c97143, 0x7fffffff, 0x98932e78, 0xb7c97143. So it has a cycle length of 2^^31 values, not 2^^15 values. That implies an internal state of at least 31 bits. (The 0x1e932e78 alone doesn't indicate a cycle, it just happened those two values appeared sequentially again. PRNGs are allowed ... are SUPPOSED ... to do that occasionally.) Though, the original comment might have been referring to some other rand() shipped by Microsoft.
I've removed that line for the time being. A generator with a cycle length of 2^^31 values is still awfully bad in my book, but unfortunately not exceptionally bad. 2^^15 would be exceptionally bad. (I also rearranged the quotes at the top of the page: Jon Von Neumann's "state of sin" quote is about the distinction between random and pseudorandom numbers, not the difficulty of generating adequate pseudorandom numbers.)
- Actually the Microsoft C/C++ random number generator is not all that good. It's not hard to come up with a test of randomness that this generator will fail. Correlations between a one number and the fourth one after can be detected. If you're doing something where the results of your program depend on having a high quality PRNG, don't use the one in the C standard library. --71.38.172.8 (talk) 23:49, 29 January 2010 (UTC)
R P Brent's algorithm?
edit- R P Brent's algorithm can be used to determine the period length of deterministic PRNGs; (...)
This intriguing statement is a little isolated within the article. Could someone elaborate or provide a source or link? GdB 15:29, 3 January 2007 (UTC)
Non-uniform generators
editA lot of practical uses of random numbers involves non-uniform distributions; which are often produced via a non-linear function upon a uniform random number generator: e.g. tan(x) for Gaussian pseudo-random. I've started a section.
- Good luck with this subject, where can we see your efforts? This page says: A simple approximation is to use the tan(x) as the inverse cumulative gaussian and a uniform distribution from -pi to pi non-inclusive. but I don't see how that works. Ziggurat algorithm is workable and fast. Please sign your posts. Cuddlyable3 08:15, 20 July 2007 (UTC)
The section is presumably correct, except that it only indicates one method, which needs determination of a cumulative distribution function. There is at least one other method, usable practically when the range of possible values is finite and the distribution function is (in the range) everywhere finite and not grossly uneven (or when the required distribution can be mapped to that).
Choose a random X in the range, and a random Y within a range from 0 to at least the peak probability. If Y is less than the desired probability of X, then return X; otherwise, try again.
Advantage : works with any distribution in a range, without additional algebra. Disadvantage : needs two randoms per go, and on average more than one go per result.
The above description may contain errors in detail; but it should be good enough to identify the method.
Knuth and Marsaglia
editHow can you have an article about RNG's without discussing Knuth's work on statistical testing and Marsaglia's extensive work on inventing and testing random number generators. It is naive to focus so much attention on the Twister algorithm, which in fact is far too slow and complicated for many numerical applications. There should be some discussion of the extremely efficient multiply-with-carry generators, which pass statistical testing and only emply a few machine instructions. The article needs work. DonPMitchell 04:53, 31 October 2007 (UTC)
Inner State
editUnder the BSI evaluation criteria the article mentions "inner state". This should probably be defined somewhere. —Preceding unsigned comment added by ColinGillespie (talk • contribs) 17:49, 31 January 2009 (UTC)
- Could we move the entire pseudo-random number generator#BSI evaluation criteria section to the cryptographically secure pseudorandom number generator article? Is there anything in that section relevant to non-crypto PRNG? --DavidCary (talk) 16:13, 10 April 2012 (UTC)
- Did I comment on that somewhere else already? I don't recall. Anyway, evaluation criteria K1 and K2 are not of interest to the latter article, but all of the criteria are relevant to this article. So it should definitely stay here, though the BSI evaluation criteria could possibly be shortly mentioned in the other article. Nageh (talk) 11:49, 4 May 2012 (UTC)
block removed from article
editTis para was removed from the end of the article because 1) it is out of place in the language interwiki list 2) extensive text in other languages is out of place on enWP 2a) not clear it isn't vandalism of an obscure type. Anyone who clarify any of this should lend a hand.
- Vietnamese: “Một máy phát tín hiệu giả - ngẫu nhiên là một thuật toán dùng để tạo ra chuỗi số có tính chất gần giống với số ngẫu nhiên, chuỗi số đó thực sự không phải ngẫu nhiên khi nó hoàn toàn được xác định bởi một tập hợp các giá tị nhỏ tương đối ban đầu, gọi là trạng thái PRNG.”
New Approach to Generating Truly Random Numbers
editShould we mention somehow results of recent research [1] (research paper: [2])? Maxal (talk) 21:00, 25 March 2010 (UTC)
- The underlying problem is difficult. This journalistic report is insufficient in several respects. There are several claims here about twenty times more random and similar. It's not clear such a phrase can mean anything.
- Whatever the virtues of the method these folks have developed, more information and consideration is needed before it should be added here, other than speculatively. ww (talk) 05:27, 26 March 2010 (UTC)
(CS)PRG, (CS)PRNG, (CS)PRBG, etc.
editThis article really confuses the definitions. In general, I'd say it should discuss pseudo-random generators (PRGs). Pseudo-random bit generators (PRBGs) and pseudo-random number generators (PRNGs) should be introduced as sub-classes of PRGs. Don't say a PRNG is a deterministic RBG (or PRBG). Anyway, I would love to see the distinction addressed in a proper reference. Anyone has a good ref?
Next, it may be desirable to point out that in computational complexity theory the definition of PRG equals that of a CSPRG.
Nageh (talk) 21:50, 20 May 2010 (UTC)
- I think of bit generators as a sub-class of number generators, rather than a separate class -- although I agree that a good reference either way would be an improvement. --DavidCary (talk) 16:13, 10 April 2012 (UTC)
Cryptographically secure PRNGS: integer factorization is not a "known hard problem"
editI've removed the example of integer factorization as a "known hard problem". It isn't proven that integer factorization is NP-complete and is currently believed not to be in this class (but rather, in the class of NP-indeterminate problems). See the article on integer factorization.
If anyone can propose a better example, please insert it in the text. Ross Fraser (talk) 08:35, 4 October 2011 (UTC)
- The concept of a hard problem in cryptography is not related to that of a hard problem in complexity theory as in NP-hard. The definition is as follows:
- A problem is called hard or infeasible if no algorithm exists that given some random input (from the input domain of the problem) solves the problem in PPT (of some security parameter k) with non-negligible probability.
- Nageh (talk) 09:39, 4 October 2011 (UTC)
- Actually, it's not quite correct to say that the concept of a hard problem in cryptography is unrelated to that of a hard problem in complexity theory as in NP-hard. PP contains NP (see the WP article on PP). To prove this, we show that the NP-complete satisfiability problem (SAT) belongs to PP. Consider a probabilistic algorithm that, given a formula F(x1, x2, ..., xn) chooses an assignment x1, x2, ..., xn uniformly at random. Then, the algorithm checks if the assignment makes the formula F true. If yes, it outputs YES. Otherwise, it outputs YES with probability 1/2 and NO with probability 1/2. If the formula is unsatisfiable, the algorithm will always output YES with probability 1/2. If there exists a satisfying assignment, it will output YES with probability more than 1/2 (exactly 1/2 if it picked an unsatisfying assignment and 1 if it picked a satisfying assignment, averaging to some number greater than 1/2). Thus, this algorithm puts satisfiability in PP. As SAT is NP-complete, and we can prefix any deterministic polynomial-time many-one reduction onto the PP algorithm, NP is contained in PP. Because it is closed under complement, PP also contains co-NP.
- As I mentioned above, integer factorization is believed by some to be in the class of NP-indeterminate problems. Ross Fraser (talk) 09:17, 16 October 2011 (UTC)
- Sigh, wrong wording on my part. Of course there is a relation, I just tried to explain that the concepts of hard are different. Nageh (talk) 09:19, 16 October 2011 (UTC)
- Btw, just noticing this now, PPT refers to algorithms in BPP not PP, because otherwise it would be hard to get a negligible error bound. Nageh (talk) 11:42, 17 October 2011 (UTC)
- Oh, and I have replaced "known hard problem" with "problem thought to be hard". It's all assumptions nonetheless. Nageh (talk) 10:12, 4 October 2011 (UTC)
- As above, there is no citation to support this assumption and currently no established mathematical intuition for the utility of the integer factorization problem for this purpose. Ross Fraser (talk) 06:12, 15 October 2011 (UTC)
- What? It is not an established assumption that integer factorization is hard??? Are you kidding me? (I am not talking about NP-hard!) Nageh (talk) 09:19, 16 October 2011 (UTC)
- How does an assumption become "established" other than by mathematical proof?--agr (talk) 10:37, 17 October 2011 (UTC)
- Established in practice??? Wrong wording on my part? I dunno, I'm not a native English speaker, but I think it's pretty fair to say that the integer factorization problem is an established hardness assumption in cryptography. Hell, why do I even link computational hardness assumption in the article if you guys pretend it's all not true? Nageh (talk) 11:00, 17 October 2011 (UTC)
- You can say "widely assumed" or "As of 2011, the best factorization methods are only capable of xxx" or "Zorch Corp claims numbers longer than YYYY bits cannot be factored in the foreseeable future" (the latter two with refs, of course), but established and assumption don't go together without a proof. Mathematics isn't based on opinion polls.--agr (talk) 15:34, 17 October 2011 (UTC)
- When I said "established" I meant "widely used/relied on in practice". I'm not sure I understand where the ambiguity comes from; is it because it may be understood as "settled" or "solved"? Nageh (talk) 16:22, 17 October 2011 (UTC)
- You can say "widely assumed" or "As of 2011, the best factorization methods are only capable of xxx" or "Zorch Corp claims numbers longer than YYYY bits cannot be factored in the foreseeable future" (the latter two with refs, of course), but established and assumption don't go together without a proof. Mathematics isn't based on opinion polls.--agr (talk) 15:34, 17 October 2011 (UTC)
- Established in practice??? Wrong wording on my part? I dunno, I'm not a native English speaker, but I think it's pretty fair to say that the integer factorization problem is an established hardness assumption in cryptography. Hell, why do I even link computational hardness assumption in the article if you guys pretend it's all not true? Nageh (talk) 11:00, 17 October 2011 (UTC)
- How does an assumption become "established" other than by mathematical proof?--agr (talk) 10:37, 17 October 2011 (UTC)
- What? It is not an established assumption that integer factorization is hard??? Are you kidding me? (I am not talking about NP-hard!) Nageh (talk) 09:19, 16 October 2011 (UTC)
- As above, there is no citation to support this assumption and currently no established mathematical intuition for the utility of the integer factorization problem for this purpose. Ross Fraser (talk) 06:12, 15 October 2011 (UTC)
- Ross, I just read again what you have written above. There are multiple issues with what you say:
- IF is in NP-indeterminate. Would you care to explain what NP-indeterminate is? I suppose you meant NP-intermediate.
- As I mentioned above, a cryptographically hard problem does not require that it be NP-complete (or even NP-hard). All that matters is that no PPT algorithm exists for breaking it.
- Ad "there is no citation to support this assumption and currently no established mathematical intuition for the utility of the integer factorization problem for this purpose": All I can say is that this statement is incredibly naive!
- Ok, let's go for a few facts. Yes, IF is widely believed to be in NP-intermediate. The argument still holds that no PPT algorithm exists for solving it (otherwise it would be in BPP). Because IF is widely assumed to be not tractable in PPT it is the basis for many cryptographic primitives, notably including the RSA algorithm. The concept of reducing the security of cryptographic primitives to a widely accepted computational hardness assumptions (note the word hard in there) is the basis of what is known as provable security.
- So, now that I have hopefully clarified a few things would you please explain exactly for which claim you would like to see a reference? Thank you. Nageh (talk) 16:44, 17 October 2011 (UTC)
- Well, for starters, your statement that for a problem to be cryptographically hard "All that matters is that no PPT algorithm exists for breaking it." Assuming by nonexistance you mean "not know to exist" as opposed to "proven not to exist," that's ludicrous on its face. I can pose a problem today and it will be considered cryptographically hard if there's no PPT algorithm (yet)? Problems become "widely accepted computational hardness assumptions" after they have attracted the efforts of many highly competent researchers over decades (centuries for IF) and have lower bounds on solutions that have been relatively stable. Even so they are still assumptions, not proven facts. --agr (talk) 15:14, 18 October 2011 (UTC)
- Sigh. I have said days ago that "it's all assumptions", didn't I??? And yes indeed, from a theoretical POV, a problem is suitable for cryptographic purposes if it is easy to solve for legitimate parties and hard to solve by any adversary bound to PPT (at least that is true for the complexity-theoretic POV in cryptography). As formulated, it is true for the trapdoor concept. One-way functions are more basic concepts, and the quintessential primitives in modern cryptography, but here again it must be hard to invert a one-way function given some random input in PPT (dependent on some security parameter k). And yes, for a problem to become an accepted hardness assumption it takes years of efforts by researchers to build confidence in their hardness. Ludicrous what I am saying, right? Well, just tell me the references you would like to see, I'm not willing to get put words into my mouth I didn't say and never intended so. Nageh (talk) 15:55, 18 October 2011 (UTC)
- Exact choice of words are important here. The question raised in this section was whether this article should say that integer factorization is a "known hard problem." If we can all agree on saying "integer factorization is problem widely assumed to be hard" then I am satisfied.--agr (talk) 18:53, 18 October 2011 (UTC)
- Oh shoot, it just occurred to me that you guys were interpreting the phrase "[integer factorization is] thought to be hard" as "it is thought that no efficient (i.e., PPT) algorithm exists for factoring", while the intended meaning was "it is thought that no efficient algorithm for factoring exists within the near future", making it practical for cryptographic purposes. My bad, sorry. I will just replace "thought" by "assumed" in the article, hopefully addressing the problem at hand. Thanks for your input after all. Nageh (talk) 22:36, 18 October 2011 (UTC)
- Thank you. Now that the wording has been changed, I've inserted a goo reference citation to integer factorization being assumed hard. Ross Fraser (talk) 07:36, 26 October 2011 (UTC)
- Exact choice of words are important here. The question raised in this section was whether this article should say that integer factorization is a "known hard problem." If we can all agree on saying "integer factorization is problem widely assumed to be hard" then I am satisfied.--agr (talk) 18:53, 18 October 2011 (UTC)
- Sigh. I have said days ago that "it's all assumptions", didn't I??? And yes indeed, from a theoretical POV, a problem is suitable for cryptographic purposes if it is easy to solve for legitimate parties and hard to solve by any adversary bound to PPT (at least that is true for the complexity-theoretic POV in cryptography). As formulated, it is true for the trapdoor concept. One-way functions are more basic concepts, and the quintessential primitives in modern cryptography, but here again it must be hard to invert a one-way function given some random input in PPT (dependent on some security parameter k). And yes, for a problem to become an accepted hardness assumption it takes years of efforts by researchers to build confidence in their hardness. Ludicrous what I am saying, right? Well, just tell me the references you would like to see, I'm not willing to get put words into my mouth I didn't say and never intended so. Nageh (talk) 15:55, 18 October 2011 (UTC)
- Well, for starters, your statement that for a problem to be cryptographically hard "All that matters is that no PPT algorithm exists for breaking it." Assuming by nonexistance you mean "not know to exist" as opposed to "proven not to exist," that's ludicrous on its face. I can pose a problem today and it will be considered cryptographically hard if there's no PPT algorithm (yet)? Problems become "widely accepted computational hardness assumptions" after they have attracted the efforts of many highly competent researchers over decades (centuries for IF) and have lower bounds on solutions that have been relatively stable. Even so they are still assumptions, not proven facts. --agr (talk) 15:14, 18 October 2011 (UTC)
- May I attempt a summary? Integer factorization is hard in practice, but some people think it may eventually be done in amount of time which is polynomial in the number of digits. This is relevant to cryptography because some crypto algorithms rely on integer factorization being hard. Kotika98 (talk) 13:50, 26 December 2012 (UTC)
State of Sin?
editI enjoy the witty quote about the generation of random numbers being too important to be left to chance and think it is one that a very broad spectrum of readers would appreciate. But the von Neumann quote about being in a state of sin will puzzle many (most?) and adds little to the article. It is excruciatingly specific to Catholicism (von Neumann received the last rites and may or may not have converted to Roman Catholicism on his marriage) and many readers simply won't know what he means by state of sin, at least not in relation to mathematics, which is usually thought of as utterly divorced from Christian theology. In any event, it certainly doesn't tell the reader anything about PRNGs. Donald Knuth's "Random numbers should not be generated with a method chosen at random." is at least as good and at least informative to the reader. (Donald Knuth, The Art of Computer Programming, Vol. II, 1969, section 3.1). But really, it's best to just drop it and leave the one good quote from Coveyou. Ross Fraser (talk) 12:22, 14 November 2011 (UTC)
- You enjoy the quote, you find it witty, but you want to delete it because you fear others might be unable to understand it? Perhaps you underestimate the intercultural competence of others. Whoever is reading this encyclopedia (ever thought about the catholic connotations of that word?) has at least some basic knowledege of English, a language that is impregnated by millenia of Christian history anyway. As an atheist, brought up as a protestant, I have not the least difficulty in understanding what von Neumann meant. -- Nsda (talk) 17:00, 14 November 2011 (UTC)
- There are TWO quotes. I enjoy the witty quote by Robert R. Coveyou and of course I don't want to delete it. I see no value in the smug insider remark by von Neumann, as it says nothing about PRNGs. Ross Fraser (talk) 12:20, 30 November 2011 (UTC)
- I am puzzled as well, in two ways. I do not consider myself religious and I'm not a native English speaker, yet it is perfectly obvious to me what "in a state of sin" would mean. In fact, if someone would directly translate it into my language it would be perfectly clear as well. The second statement that puzzles me is that you want Neumann's quote deleted but Coveyou's, for which there is no context given (though I suspect he was referring to the importance of PRGs in practice), kept. I could be convinced that the quotes are not suitable for the lead section, and should probably go somewhere towards the end of the article, but deleting any of them? No. Nageh (talk) 20:18, 14 November 2011 (UTC)
- The Coveyou quote doesn't need context: it is a direct comment on random number generation. Ross Fraser (talk) 12:20, 30 November 2011 (UTC)
- No, it does need context. Did Coveyou state his quote as a consequence of the problem of designing good PRNGs, or as a general statement that reproducible seemingly random numbers are important in practice? Or is it because the output of real random generators can only be probabilistically described whereas PRNGs may be required to have specific output guarantees, such as no more than x consecutive zeros, as [3] seems to imply? Nageh (talk) 15:04, 30 November 2011 (UTC)
strfry(3) example
editI don't think the flaw described in strfry(3) has anything to do with its PRNG (it does also suffer from the standard "remainder problem", but that's another usage error). Unless I'm mistaken, the sentence/reference should just be removed. --Tardis (talk) 13:14, 9 April 2012 (UTC)
- You are right. I have removed it. Nageh (talk) 13:39, 9 April 2012 (UTC)
A mathematical definition
editMaybe it's just me, but it seems there are so many symbols to explain so little. Angry bee (talk) 21:03, 14 June 2013 (UTC)
Mersenne twister can't be equidistributed
edit78.229.106.132 (talk) 20:01, 11 March 2014 (UTC)"Mersenne twister [...] is proven to be equidistributed ".
Wrong. What is proved in the 1998 Matsumoto's paper, is that it is equidistributed "to v-bits accuracy", not completely equidistributed.
It could not be, anyway. The algorithm generates a finite list of numbers (huge, but finite), say in [a,b]. Therefore there are a lot of (very small) intervals that contain no generated numbers at all. Let [c,d] be such an interval. If you generate n numbers in [a,b], the number k(n) of generated numbers in [c,d] is zero. So the ratio k(n)/n is also zero, and can not tend to (d-c)/(b-a) when n increases.
Of course, in practice, on a computer it does not make any difference, but it may be worth noting that some algorithms (and simpler to code, in fact) generate infinite lists that are equidistributed.
Definition of pseudo-random
editThe article currently has this: The PRNG-generated sequence is not truly random, because it is completely determined by a relatively small set of initial values, called the PRNG's seed (which may include truly random values).
Is that correct? For example, a 63-bit LFSR has 263-1 possible seeds. Since that LFSR produces a sequence of 263-1 numbers, the set of initial values is not relatively small. As I understand it, it is not truly random because the sequence is generated algorithmically and is therefore predictable to anyone knowing the algorithm. See http://en.wiktionary.org/wiki/pseudorandom --158.158.240.230 (talk) 16:26, 23 April 2015 (UTC) Aric.
External links modified
editHello fellow Wikipedians,
I have just modified one external link on Pseudorandom number generator. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
- Added archive http://web.archive.org/web/20130527090643/http://csrc.nist.gov/publications/fips/fips1401.htm to http://csrc.nist.gov/publications/fips/fips1401.htm
When you have finished reviewing my changes, please set the checked parameter below to true or failed to let others know (documentation at {{Sourcecheck}}
).
This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}}
(last update: 5 June 2024).
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers.—cyberbot IITalk to my owner:Online 21:13, 26 May 2016 (UTC)
Potential problems with deterministic generators : untrue statement to be revised
editThe statement "The first PRNG to avoid major problems and still run fairly quickly was the Mersenne Twister (discussed below), which was published in 1998. Other high-quality PRNGs have since been developed." is untrue and should be corrected.
High-quality PRNGs existed prior to 1998, including the ACORN family of generators developed in 1984 and published in 1989 (and sans doute others), and although ignored or possbly misunderstood by the 'mainstream', they are still valid, passing all current test suites as of August 2019, while MT fails on or two in TestU01.
I propose to replace this incorrect statement but other opinions would probably be a very good thing.
Options include
- -1- delete the incriminated statement completely
- -2.1- replace it with a mention of ACORN and/or -2.2- other(s) as appropriate
- -3- a more nuanced discussion of computational performance, statistical quality
- -4- as option-3- above, extended to a discussion of the history and arguments around PRNG quality and performance
Dear fellow-wikipedians, what are your reactions to my suggestions? jw (talk) 16:10, 12 August 2019 (UTC)
I have moderated the statement about MT being 'the first' but I'm not yet happy with this ... any reactions ? jw (talk) 15:40, 27 September 2019 (UTC)
Irrelevant material on this page
editI propose to delete two separate bits of irrelevant material from this page:
1. the 'implementation' paragraph introduced here 6 month ago, giving unreferenced source-code as an example, together with a statement which may or may not be true.
2. an 'external link' to wsphynx which was introduced here two years ago (and on a few other pages from which it was removed without ceremony) - this link brings no added value to the article.
Please react before I make the changes. jw (talk) 07:33, 11 February 2023 (UTC)