George Landon Chao Shen Chengdong Li An Introduction George - - PowerPoint PPT Presentation

George Landon Chao Shen Chengdong Li

An Introduction George Landon

Anyone who considers arithmetical methods of producing random digits is, of course, in a state of sin.

– John Von Neumann (1951)

Introduction Introduction

Definition History Types Tests for Randomness Uses

Webster Defines Random Webster Defines Random

Lacking a definite plan, purpose, or pattern A set where each of the elements has equal

probability of occurrence

Random Numbers Random Numbers

A sequence in which each term is

unpredictable

– D. H. Lehmer (1951)

Examples between 1 and 100

– 29, 95, 11, 60, 22

History according to Knuth History according to Knuth

In times of yore:

• Balls were drawn out of well stirred urns
• Dice were rolled
• Cards were dealt

Organizing Random Numbers Organizing Random Numbers

In 1927, L.H.C Tippet published a table of

40,000 random digits

Mechanically Driven

– Special Machines were used to generate

random numbers

Kendall and Babington-Smith (1939)

– Generated a table of 100,000 random digits

RAND Corporation (1955)

– Generated a table of 1,000,000 random digits

Types Types

Truly Random Pseudorandom Quasi-Random

Truly Random Truly Random

Follows directly from definition of random. Each element has equal probability of being

chosen from the set.

Truly Random Examples Truly Random Examples

Randomly emmited particles of radiation – Geiger Counter Thermal noise from a resistor – Intel’s Random Number Generator

Pseudorandom Pseudorandom

A finite set of numbers that display qualities

• f random numbers

Tests can show that there are patterns Subsequent numbers can be “guessed”

Quasi Quasi-

• Random

Random

A series of numbers satisfying some

mathematical random properties even though no random appearance is provided

Good for Monte-Carlo methods

– Lower discrepancies offer better convergence

Some Tests for Randomness Some Tests for Randomness

Entropy

– Information density of the content of a sequence

• High density usually means random

Arithmetic Mean Chi-square Test

– Provides a probability for the randomness for a

sequence

An example Pseudorandom number test

– http://www.fourmilab.ch/random/

Practical Uses Practical Uses

Simulation Computer Programming Decision Making Recreation

Simulation Simulation

Simulate natural phenomena on a computer Used for experiments in sterile conditions to

make them more realistic

Useful in all of the Applied Disciplines

Computer Programming Computer Programming

Test program effectiveness Test algorithm correctness

– Instead of all possible inputs use a few random

numbers

Microsoft has used this logic in testing their

software

Decision Making Decision Making

When an “unbiased” decision is needed

– Fixed decision can cause some algorithms to

run more slowly

Good way of choosing who goes first

– Sporting events

Recreation Recreation

Lottery – Equal odds – The KY Lottery uses Microsoft Excel’s RNG for

“various second chance drawings“

Casinos – Provides a chance for “luck”

Recreation (cont) Recreation (cont)

Video Games – Random events keep games entertaining – Q-bert

References References

3D Project Team.

http://icfa3d.web.cern.ch/ICFA3D/3D/html2/nod e1.html

ENT - A Pseudorandom Number Sequence Test

• Program. http://www.fourmilab.ch/random/

Knuth, D. The Art of Computer Programming –

Volume 2. 1971

Random.org.

http://www.random.org/essay.html

Classification Chao Shen

Classification of random numbers Classification of random numbers

Truely random numbers Pseudo-random numbers Quasi-random numbers

The advantages of true random The advantages of true random numbers numbers

No periodicities. Not based on an algorithm. No predictability of random numbers based on

knowledge of preceding sequences.

Certainty that no hidden correlations are

present.

Example : ZRANDOM Example : ZRANDOM

Pseudo Pseudo-

• random number

random number generator generator

The pseudo-random number generator

requires a number to start with that gets plugged in to the set of equations. After that it uses part of the result from the last time it was used as input to the next iteration. This starting number is called the seed.

Methods for Random Number Methods for Random Number Generation Generation

Linear Congruential Generators Lagged Fibonnaci Generators Shift Register Generators Combined Generators

Linear Linear Congruential Congruential Generators Generators (LCG) (LCG)

Xi=(aX i-1+c) Mod m where m is the modulus, a the multiplier, and c

the additive constant or addend. The size of the modulus constrains the period, and it is usually chosen to be either prime or a power of 2.

LCGs are not recommended to be used in

computer simulations, nor any other purposes which require higher degrees of randomness.

Example ( LCG) Example ( LCG)

Let a=1,c=5,m=16 and x0=1. The sequence of pseudo-random integers

generated by this algorithm is: 1,6,15,12,13,2,11,8,9,14,7,4,5,10,3,0,1,6,15, 12,13,2,11,8,9,14,….

Improvement of LCG Improvement of LCG

Multiple recursive generators (MRG)

Xi=( a1Xi-1+a2Xi-2+….. +akXi-k+b) mod M

By choosing k > 1 will increase the time

taken to generate each number, but will greatly improve the period and randomness properties of the generator

Lagged Lagged Fibonnaci Fibonnaci Generators Generators

LFGs have become popular recently. The

name comes from the Fibonacci sequence : 1, 1, 2, 3, 5, 8, ...…(X n = X n-1 + X n-2).

LFGs generate random numbers from the

following iterative scheme: X n = X n-i X n-k (mod m), i and k are lags, i >k, and is a binary operation.

Shift Register Generators Shift Register Generators

Shift register (SRG) generators are

generally used in a form where they can be considered as a special case of a lagged Fibonacci generator using XOR.

XOR gives by far the worst randomness

properties of any operation for an LFG, so these generators are not recommended.

Combined Generators Combined Generators

Better quality sequences can often be obtained

by combining the output of the basic generators to create a new random sequence as : Zn= Xn Yn

where is typically either the exclusive-or

• perator or addition modulo some integer m,

and x and y are sequences from two independent generators.

Requirements for Sequential Random Requirements for Sequential Random Number Generators Number Generators

uniformly distributed uncorrelated never repeats itself satisfy any statistical test for randomness reproduceable portable

Requirements for Sequential Random Requirements for Sequential Random Number Generators Number Generators

(continue) (continue)

can be changed by adjusting an initial “seed”

value

can easily be split into many independent

subsequences

can be generated rapidly using limited

computer memory

Parallel Random Number Parallel Random Number Generators Generators

Many different parallel random number

generators have been proposed, but most of them use the same basic concept, which is to parallelize a sequential generator by taking the elements of the sequence of pseudo-random numbers it generates and distributing them among the processors in some way.

The Leapfrog Method The Leapfrog Method

Ideally we would like a parallel random

number generator to produce the same sequence of random numbers for different numbers of processors. A simple way to achieve this goal is for processor P of an N processor machine to generate the sub- sequence

X P , X P+N , X P+2N , …. ,

Sequence Splitting Sequence Splitting

This can be done by splitting the sequence

into non-overlapping contiguous sections, each generated by a different processor. X PL , X PL+1 , X PL+2 , …,

Generators that apply leapfrog and sequence

splitting method

Independent Sequences Independent Sequences

This method is similar to sequence splitting,

in that each processor generates a different, contiguous section of the sequence. However in this case the starting point in the sequence is chosen at random for each processor, rather than computed in advance using a regular increment.

Requirements for Parallel Random Requirements for Parallel Random Number Generators Number Generators

there should be no inter-processor correlation sequences generated on each processor should

satisfy the qualities of serial random number generators

it should generate same sequence for different

number of processors

it should work for any number of processors there should be no data movement between

processors

Suggestions on choosing Suggestions on choosing RNGs RNGs

Never trust a parallel random number generator.

In particular, never trust the default random number generator provided with the system you are using.

If a generator is shown to fail a certain empirical

test, that does not necessarily mean that it will also perform poorly for your application, or the results you spent many months gathering using that generator are now invalid.

Recommendations Recommendations for sequential RNGS for sequential RNGS

A multiplicative lagged Fibonacci generator with a lag

• f at least 127, and preferably 1279 or more.

A 48-bit or preferably 64-bit linear congruential

generator that performs well in the Spectral Test and has a prime modulus.

A 32-bit (or more) combined linear congruential

generator, with well-chosen parameters.

If speed is an issue, use an additive lagged Fibonacci

generator with a lag of at least 1279.

Recommendations Recommendations for parallel for parallel RNGs RNGs

A combined linear congruential generator

using sequence splitting;

A lagged Fibonacci generator, although

great care must be exercised in the initialization procedure, to ensure that the seed tables on each processor are random and uncorrelated.

Test for Randomness Test for Randomness

import java.util.Random; class RandomTest { public static void main (String args[]) { int[] ndigits = new int[10]; double x; int n; Random myRandom = new Random(); // Initialize the array for (int i = 0; i < 10; i++) { ndigits[i] = 0; }

continue continue

for (long i=0; i < 100000; i++) { // generate a new random number between 0 and 9 x = myRandom.nextDouble() * 10.0; n = (int) x; //count the digits in the random number ndigits[n]++; } for (int i = 0; i < 10; i++) { System.out.println(i+": " + ndigits[i]);} } }

Sample output Sample output

0: 10171 1: 9724 2: 9966 3: 10065 4: 9989 5: 10132 6: 10001 7: 10158 8: 9887 9: 9907

Random number generator in Random number generator in Matlab Matlab

Y = randn(m,n) or Y = randn([m n]) returns

an m-by-n matrix of random entries.

Y = randn(m,n,p,...) or Y = randn([m n p...])

generates random arrays.

Y = randn(size(A)) returns an array of

random entries that is the same size as A.

randn, by itself, returns a scalar whose value

changes each time it's referenced.

Example: x= Example: x=randn randn(100,50) (100,50)

Recommended Random Number Recommended Random Number Generator Software Generator Software

Combined linear congruential generators with parameters

recommended by L'Ecuyer, parallelized using sequence splitting. * RANECU from CERNLIB

Lagged Fibonacci generator using ultiplication, parallelized using

independent sequences. * FIBMULT from Syracuse University

Lagged Fibonacci generator using addition, parallelized using

independent sequences. Be sure to use the largest possible lag. *Scalable Parallel Random Number Generator (SPRNG) Library from NCSA *FIBADD from Syracuse University

Online Reference Online Reference

http://www.uni-karlsruhe.de/~RNG/ http://archive.ncsa.uiuc.edu/Apps/CMP/RNG/www-

rng.html

http://webnz.com/robert/true_rng.html http://www.compapp.dcu.ie/~hruskin/RanNumb.ppt http://wwws.irb.hr/~stipy/random/essay.html http://www.cs.adelaide.edu.au/users/paulc/papers/NHSEre

view1.1/PRNGreview.pdf

http://www.elec.rdg.ac.uk/staff_postgrads/academic/jbg/te

aching/ random.html

continue continue

http://archive.ncsa.uiuc.edu/Apps/SPRNG/www/generators.

html

http://home.t-online.de/home/p.westphal/zran_eng.htm http://mandala.co.uk/links/random/

Application Chengdong Li

Application of random number Application of random number in different areas in different areas

Control/test of gambling machines Creation of lottery numbers Encryption of data (e.g. for communication in

the Internet)

Generation of code numbers or transaction

numbers

Digital signatures Direct use for Monte-Carlo simulations or

generation of seed numbers

Numeric solution of mathematical problems

Topics covered: Topics covered:

Random number Computer game cryptography Scientific research

Random number and game Random number and game

Why introduce random into Why introduce random into Game? Game?

Interest. Simulating some phenomenon in real world

Examples: Computer game Examples: Computer game

Computer game (cont.) Computer game (cont.)

Super mario Advance

Example: lottery Example: lottery

Random number and Random number and Cryptography Cryptography

"It is impossible to predict the unpredictable."

• Don Cherry

What is What is Cryptography?

Cryptography?

To most people, cryptography means keeping

communications private, however, today’s cryptography is more than this:

– Encryption

Transform data into a form that is virtually impossible to read

without the appropriate knowledge (a key).

– Decryption

Transform encrypted data back into an intelligible form (by an

algorithm and a key).

– Digital Authentication

Provide assurance that communication is from a particular

person.

– Certification

Prove we know certain information without revealing the

information

The application of The application of cryptography cryptography

Build secure protocol and scheme. Provide basic tools for higher application.

Example: Example:

Example (cont.) Example (cont.)

Random source in Random source in Cryptography Cryptography

Almost all cryptographic protocols require the

generation and use of secret values that must be unknown to attackers. Random number generator (RNG) is required. For example

– RNGs are required to generate public/private key pairs

for asymmetric (public key) algorithms including RSA, DSA, and Diffie-Hellman.

– Keys for symmetric and hybrid cryptosystems are also

generated randomly.

– RNGs are also used to create challenges, nonces (salts),

padding bytes, and blinding values. The one time pad – the only provably-secure encryption system – uses as much key material as cipher-text and requires that the key-stream be generated from a truly random process.

A product example: A product example:

Why use random? Why use random?

Secure systems today are built on strong

cryptographic algorithms that foil pattern analysis attempts.

The security of these systems is dependent

• n generating secret quantities for passwords,

cryptographic keys, and similar quantities.

The use of random techniques to generate

secret quantities can foil the attacker efficiently.

Desired requirement for Desired requirement for random random

Because security protocols rely on the

unpredictability of the keys they use, random number generators for cryptographic applications must meet stringent requirements.

The most important is that attackers,

including those who know the RNG design, must not be able to make any useful predictions about the RNG outputs.

Mathematical view Mathematical view

The entropy of the RNG output should be as close

as possible to the bit length.

Entropy: – According to Shannon, the entropy H of any message or

state is:

– Where Pi is the probability of state i out of n possible

states and K is an optional constant to provide units (e.g. 1/log(2) bit).

– In the case of a RNG that produces a k-bit binary result,

Pi is the probability that an output will equal i, where 0≤i<2k.

∑

=

− =

n i i i

p p K H

1

log

Mathematical view (cont.) Mathematical view (cont.)

– For a perfect RNG, Pi =2-n and the entropy of

the output is equal to K bits. This means that all possible outcomes are equally likely, and on average the information can not be represented in a sequence shorter than K bits.

– In contrast, the entropy of typical English

alphabetic text is 1.5 bits per character. This is because there is much more correlation between the different bits in commonly used words, and the the words in the text.

Type of Random source Type of Random source

Two type:

– true-random

unconditionally unguessable, even by an adversary

with infinite computing resources

– pseudo-random

good only against computationally limited

adversaries

The requirement from different The requirement from different algorithm algorithm

The frequency and volume of require for random

is different:

– RSA

Required when key pair is generated, Thereafter, any number of messages can be signed

without any further need for randomness.

– DSA

Requires good random numbers for each signature .

– One time pad

Requires a volume of randomness equal to all the

messages to be processed.

RSA RSA

DSA: DSA:

One time pad: One time pad:

⊕

m

i

c

i

zi k

Encryption

K ey stream generator

⊕

c

i

m

i

z

i

k

D ecryption

K ey stream generator

Authentication Authentication

Alice Bob I’m Alice KAlice-Bob{R} R Bob authenticate Alice based on a shared secret key KAlice-Bob

How to generate randomness? How to generate randomness?

Hardware used to generate truly

randomness:

– Sound/video input – Disk drive – Mouse event. – Quantum effects in a semiconductor – Unplugged microphone – air turbulence within a sealed disk drive – timing between keystrokes

How to generate randomness? How to generate randomness?

Non-hardware strategy:

– Mixing functions

One which combines two or more inputs and

produces an output where each output bit is a different complex non-linear function of all the input bits.

DES use strong mixing functions.

Example of mixer Example of mixer

Difference of two strategy: Difference of two strategy:

Hardware generation is based on a physical

• process. The advantages are obvious:

– No periodicities. – Not based on an algorithm. – No predictability of random numbers based on

knowledge of preceding sequences.

– No hidden correlations are present. – The equipartition fluctuations are purely stochastic.

(Pseudo-random numbers contain systematic, unnatural fluctuations in the equipartition.)

Conclusion: Conclusion:

Generation of unguessable "random" secret

quantities for security use is an essential but difficult task.

hardware techniques to produce such

randomness would be relatively simple

In the absence of hardware sources of

randomness, a variety of user and software sources can frequently be used instead with care.

Random number in scientific Random number in scientific research research

Example of randomness Example of randomness required required

For scientific experiments, it is convenient that a

series of random numbers can be replayed for use in several experiments, and pseudo-random numbers are well suited for this purpose .

Most random number generators produce what is

known as “white” noise. Here white means the successive values of the random numbers are not correlated with each other. It has a very “rich” frequency.

Application Application

White noise and its usage White noise and its usage

Feature:

– All frequency.

Usage:

– DSP and filter – System identification – Simulation. – Spectra analysis.

Useful links: Useful links:

http://world.std.com/~cme/P1363/ranno.html http://www.faqs.org/faqs/cryptography-faq/part04/ http://www.mathworks.com/access/helpdesk/help/toolbox/ident/ch3tut

63.shtml

http://www.rsasecurity.com/products/bsafe/wtlsc.html http://www.random.org/ http://crypto.mat.sbg.ac.at/generators/ http://www.faqs.org/faqs/cryptography-faq/part08/ http://www.cryptography.com/resources/whitepapers/IntelRNG.pdf http://www.geocities.com/SiliconValley/Code/4704/#Randomness