Inversive congruential generator

Last updated September 30, 2024

Inversive congruential generators are a type of nonlinear congruential pseudorandom number generator, which use the modular multiplicative inverse (if it exists) to generate the next number in a sequence. The standard formula for an inversive congruential generator, modulo some prime q is:

Period

The sequence $(x_{n})_{n\geq 0}$ must have $x_{i}=x_{j}$ after finitely many steps, and since the next element depends only on its direct predecessor, also $x_{i+1}=x_{j+1}$ etc. The maximum possible period for the modulus q is q itself, i.e. the sequence includes every value from 0 to q − 1 before repeating.

A sufficient condition for the sequence to have the maximum possible period is to choose a and c such that the polynomial $f(x)=x^{2}-cx-a\in \mathbb {F} _{q}[x]$ (polynomial ring over $\mathbb {F} _{q}$ ) is primitive. This is not a necessary condition; there are choices of q, a and c for which $f(x)$ is not primitive, but the sequence nevertheless has a period of q. Any polynomial, primitive or not, that leads to a maximal-period sequence is called an inversive maximal-period (IMP) polynomial. Chou describes an algorithm for choosing the parameters a and c to get such polynomials.^[1]

Eichenauer-Herrmann, Lehn, Grothe and Niederreiter have shown that inversive congruential generators have good uniformity properties, in particular with regard to lattice structure and serial correlations.

Example

ICG(5, 2, 3, 1) gives the sequence 1, 0, 3, 2, 4, 1, 0, 3, 2, 4, 1, 0, ...

In this example, $f(x)=x^{2}-3x-2$ is irreducible in $\mathbb {F} _{5}[x]$ , as none of 0, 1, 2, 3 or 4 is a root. It can also be verified that x is a primitive element of $\mathbb {F} _{5}[x]/(f)$ and hence f is primitive.

Compound inversive generator

The construction of a compound inversive generator (CIG) relies on combining two or more inversive congruential generators according to the method described below.

Let $p_{1},\dots ,p_{r}$ be distinct prime integers, each $p_{j}\geq 5$ . For each index j, 1 ≤ j ≤ r, let $(x_{n})_{n\geq 0}$ be a sequence of elements of $\mathbb {F} _{p_{j}}$ periodic with period length $p_{j}$ . In other words, $\{x_{n}^{(j)}\mid 0\leq n\leq p_{j}\}\in \mathbb {F} _{p_{j}}$ .

For each index j, 1 ≤ j ≤ r, we consider $T_{j}=T/p_{j}$ , where $T=p_{1}\cdots p_{r}$ is the period length of the following sequence $(x_{n})_{n\geq 0}$ .

The sequence $(x_{n})_{n\geq 0}$ of compound pseudorandom numbers is defined as the sum

x_{n}=\left(T_{1}x_{n}^{(1)}+T_{2}x_{n}^{(2)}+\dots +T_{r}x_{n}^{(r)}\right){\bmod {T}}

.

The compound approach allows combining inversive congruential generators, provided they have full period, in parallel generation systems.

Advantages of CIG

The CIG are accepted for practical purposes for a number of reasons.

Firstly, binary sequences produced in this way are free of undesirable statistical deviations. Inversive sequences extensively tested with variety of statistical tests remain stable under the variation of parameter.^[2]^[3]^[4]

Secondly, there exists a steady and simple way of parameter choice, based on the Chou algorithm^[1] that guarantees maximum period length.

Thirdly, compound approach has the same properties as single inversive generators,^[5]^[6] but it also provides period length significantly greater than obtained by a single inversive congruential generator. They seem to be designed for application with multiprocessor parallel hardware platforms.

There exists an algorithm^[7] that allows designing compound generators with predictable period length, predictable linear complexity level, with excellent statistical properties of produced bit streams.

The procedure of designing this complex structure starts with defining finite field of p elements and ends with choosing the parameters a and c for each inversive congruential generator being the component of the compound generator. It means that each generator is associated to a fixed IMP polynomial. Such a condition is sufficient for maximum period of each inversive congruential generator^[8] and finally for maximum period of the compound generator. The construction of IMP polynomials is the most efficient approach to find parameters for inversive congruential generator with maximum period length.

Discrepancy and its boundaries

Equidistribution and statistical independence properties of the generated sequences, which are very important for their usability in a stochastic simulation, can be analyzed based on the discrepancy of s-tuples of successive pseudorandom numbers with $s=1$ and $s=2$ respectively.

The discrepancy computes the distance of a generator from a uniform one. A low discrepancy means that the sequence generated can be used for cryptographic purposes, and the first aim of the inversive congruential generator is to provide pseudorandom numbers.

Definition

For $N$ arbitrary points ${\mathbf {t} }_{1},\dots ,{\mathbf {t} }_{N-1}\in [0,1)$ the discrepancy is defined by $D_{N}({\mathbf {t} }_{1},\dots ,{\mathbf {t} }_{N-1})={\rm {sup}}_{J}|F_{N}(J)-V(J)|$ , where the supremum is extended over all subintervals $J$ of $[0,1)^{s}$ , $F_{N}(J)$ is $N^{-1}$ times the number of points among ${\mathbf {t} }_{1},\dots ,{\mathbf {t} }_{N-1}$ falling into $J$ and ⁠ $V(J)$ ⁠ denotes the $s$ -dimensional volume of $J$ .

Until now, we had sequences of integers from 0 to ⁠ $T-1$ ⁠, in order to have sequences of $[0,1)^{s}$ , one can divide a sequences of integers by its period $T$ .

From this definition, we can say that if the sequence ${\mathbf {t} }_{1},\dots ,{\mathbf {t} }_{N-1}$ is perfectly random then its well distributed on the interval $J=[0,1)^{s}$ then $V(J)=1$ and all points are in $J$ so $F_{N}(J)=N/N=1$ hence $D_{N}({\mathbf {t} }_{1},\dots ,{\mathbf {t} }_{N-1})=0$ but instead if the sequence is concentrated close to one point then the subinterval $J$ is very small $V(j)\approx 0$ and $F_{N}(j)\approx N/N\approx 1$ so $D_{N}({\mathbf {t} }_{1},\dots ,{\mathbf {t} }_{N-1})=1$ Then we have from the better and worst case:

0\leq D_{N}({\mathbf {t} }_{1},\dots ,{\mathbf {t} }_{N-1})\leq 1

.

Notations

Some further notation is necessary. For integers $k\geq 1$ and $q\geq 2$ let $C_{k}(q)$ be the set of nonzero lattice points $(h_{1},\dots ,h_{k})\in Z^{k}$ with $-q/2<h_{j}<q/2$ for $1\leq j\leq k$ .

Define

r(h,q)={\begin{cases}q\sin(\pi |h|/q)&{\text{for }}h\in C_{1}(q)\\1&{\text{for }}h=0\end{cases}}

and

r(\mathbf {h} ,q)=\prod _{j=1}^{k}r(h_{j},q)

for ${\mathbf {h} }=(h_{1},\dots ,h_{k})\in C_{k}(q)$ . For real $t$ the abbreviation $e(t)={\rm {exp}}(2\pi \cdot it)$ is used, and $u\cdot v$ stands for the standard inner product of $u,v$ in $R^{k}$ .

Higher bound

Let $N\geq 1$ and $q\geq 2$ be integers. Let ${\mathbf {t} }_{n}=y_{n}/q\in [0,1)^{k}$ with $y_{n}\in \{0,1,\dots ,q-1\}^{k}$ for $0\leq n<N$ .

Then the discrepancy of the points ${\mathbf {t} }_{0},\dots ,{\mathbf {t} }_{N-1}$ satisfies

D_{N}(\mathbf {t} _{0},\mathbf {t} _{1},\dots ,\mathbf {t} _{N-1})

≤

{\frac {k}{q}}

+

{\frac {1}{N}}

\sum _{h\in \mathbb {C} _{k}(q)}

{\frac {1}{r(\mathbf {h} ,q)}}{\Bigg |}\sum _{n=0}^{N-1}e(\mathbf {h} \cdot \mathbf {t} _{n}){\Bigg |}

Lower bound

The discrepancy of $N$ arbitrary points $\mathbf {t} _{1},\dots ,\mathbf {t} _{N-1}\in [0,1)^{k}$ satisfies

D_{N}(\mathbf {t} _{0},\mathbf {t} _{1},\dots ,\mathbf {t} _{N-1})\geq {\frac {\pi }{2N((\pi +1)^{l}-1)\prod _{j=1}^{k}{\rm {max}}(1,h_{j})}}{\Bigg |}\sum _{n=0}^{N-1}e(\mathbf {h} \cdot \mathbf {t} _{n}){\Bigg |}

for any nonzero lattice point ${\mathbf {h} }=(h_{1},\dots ,h_{k})\in Z^{k}$ , where $l$ denotes the number of nonzero coordinates of ${\mathbf {h} }$ .

These two theorems show that the CIG is not perfect because the discrepancy is greater strictly than a positive value but also the CIG is not the worst generator as the discrepancy is lower than a value less than 1.

There exist also theorems which bound the average value of the discrepancy for Compound Inversive Generators and also ones which take values such that the discrepancy is bounded by some value depending on the parameters. For more details see the original paper.^[9]

Related Research Articles

In mathematics, the discrete Fourier transform (DFT) converts a finite sequence of equally-spaced samples of a function into a same-length sequence of equally-spaced samples of the discrete-time Fourier transform (DTFT), which is a complex-valued function of frequency. The interval at which the DTFT is sampled is the reciprocal of the duration of the input sequence. An inverse DFT (IDFT) is a Fourier series, using the DTFT samples as coefficients of complex sinusoids at the corresponding DTFT frequencies. It has the same sample-values as the original input sequence. The DFT is therefore said to be a frequency domain representation of the original input sequence. If the original sequence spans all the non-zero values of a function, its DTFT is continuous, and the DFT provides discrete samples of one cycle. If the original sequence is one cycle of a periodic function, the DFT provides all the non-zero values of one DTFT cycle.

A pseudorandom number generator (PRNG), also known as a deterministic random bit generator (DRBG), is an algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random numbers. The PRNG-generated sequence is not truly random, because it is completely determined by an initial value, called the PRNG's seed. Although sequences that are closer to truly random can be generated using hardware random number generators, pseudorandom number generators are important in practice for their speed in number generation and their reproducibility.

A cryptographically secure pseudorandom number generator (CSPRNG) or cryptographic pseudorandom number generator (CPRNG) is a pseudorandom number generator (PRNG) with properties that make it suitable for use in cryptography. It is also referred to as a cryptographic random number generator (CRNG).

In algebra and in particular in algebraic combinatorics, the ring of symmetric functions is a specific limit of the rings of symmetric polynomials in n indeterminates, as n goes to infinity. This ring serves as universal structure in which relations between symmetric polynomials can be expressed in a way independent of the number n of indeterminates. Among other things, this ring plays an important role in the representation theory of the symmetric group.

In mathematics, a low-discrepancy sequence is a sequence with the property that for all values of $, its subsequence has a low discrepancy.$

In linear algebra, a circulant matrix is a square matrix in which all rows are composed of the same elements and each row is rotated one element to the right relative to the preceding row. It is a particular kind of Toeplitz matrix.

A pseudorandom binary sequence (PRBS), pseudorandom binary code or pseudorandom bitstream is a binary sequence that, while generated with a deterministic algorithm, is difficult to predict and exhibits statistical behavior similar to a truly random sequence. PRBS generators are used in telecommunication, such as in analog-to-information conversion, but also in encryption, simulation, correlation technique and time-of-flight spectroscopy. The most common example is the maximum length sequence generated by a (maximal) linear feedback shift register (LFSR). Other examples are Gold sequences, Kasami sequences and JPL sequences, all based on LFSRs.

In mathematics, the classifying space for the unitary group U(n) is a space BU(n) together with a universal bundle EU(n) such that any hermitian bundle on a paracompact space X is the pull-back of EU(n) by a map X → BU(n) unique up to homotopy.

Anatoly Alexeyevich Karatsuba was a Russian mathematician working in the field of analytic number theory, p-adic numbers and Dirichlet series.

In mathematics, a Redheffer matrix, often denoted $as studied by Redheffer (1977), is a square (0,1) matrix whose entries a ij are 1 if i divides j or if j = 1; otherwise, a ij = 0. It is useful in some contexts to express Dirichlet convolution, or convolved divisors sums, in terms of matrix products involving the transpose of the Redheffer matrix.$

In cryptography, learning with errors (LWE) is a mathematical problem that is widely used to create secure encryption algorithms. It is based on the idea of representing secret information as a set of equations with errors. In other words, LWE is a way to hide the value of a secret by introducing noise to it. In more technical terms, it refers to the computational problem of inferring a linear $-ary function over a finite ring from given samples some of which may be erroneous. The LWE problem is conjectured to be hard to solve, and thus to be useful in cryptography.$

In algebraic geometry, a morphism between algebraic varieties is a function between the varieties that is given locally by polynomials. It is also called a regular map. A morphism from an algebraic variety to the affine line is also called a regular function. A regular map whose inverse is also regular is called biregular, and the biregular maps are the isomorphisms of algebraic varieties. Because regular and biregular are very restrictive conditions – there are no non-constant regular functions on projective varieties – the concepts of rational and birational maps are widely used as well; they are partial functions that are defined locally by rational fractions instead of polynomials.

In sequence design, a Feedback with Carry Shift Register is the arithmetic or with carry analog of a linear-feedback shift register (LFSR). If $is an integer, then an N -ary FCSR of length is a finite state device with a state consisting of a vector of elements in and an integer . The state change operation is determined by a set of coefficients and is defined as follows: compute . Express s as with in . Then the new state is . By iterating the state change an FCSR generates an infinite, eventually periodic sequence of numbers in .$

In 1997, Moni Naor and Omer Reingold described efficient constructions for various cryptographic primitives in private key as well as public-key cryptography. Their result is the construction of an efficient pseudorandom function. Let p and l be prime numbers with l |p−1. Select an element g ∈ $of multiplicative order l . Then for each (n+1) -dimensional vector a = (a 0,a 1, ..., a n)\in they define the function$

An approach to nonlinear congruential methods of generating uniform pseudorandom numbers in the interval [0,1) is the Inversive congruential generator with prime modulus. A generalization for arbitrary composite moduli $with arbitrary distinct primes will be present here.$

In mathematics, a submodular set function is a set function that, informally, describes the relationship between a set of inputs and an output, where adding more of one input has a decreasing additional benefit. The natural diminishing returns property which makes them suitable for many applications, including approximation algorithms, game theory and electrical networks. Recently, submodular functions have also found utility in several real world problems in machine learning and artificial intelligence, including automatic summarization, multi-document summarization, feature selection, active learning, sensor placement, image collection summarization and many other domains.

<span class="mw-page-title-main">Spectral test</span>

The spectral test is a statistical test for the quality of a class of pseudorandom number generators (PRNGs), the linear congruential generators (LCGs). LCGs have a property that when plotted in 2 or more dimensions, lines or hyperplanes will form, on which all possible outputs can be found. The spectral test compares the distance between these planes; the further apart they are, the worse the generator is. As this test is devised to study the lattice structures of LCGs, it can not be applied to other families of PRNGs.

In cryptography, the hybrid argument is a proof technique used to show that two distributions are computationally indistinguishable.

In computer science and mathematics, more precisely in automata theory, model theory and formal language, a regular numerical predicate is a kind of relation over integers. Regular numerical predicates can also be considered as a subset of $for some arity . One of the main interests of this class of predicates is that it can be defined in plenty of different ways, using different logical formalisms. Furthermore, most of the definitions use only basic notions, and thus allows to relate foundations of various fields of fundamental computer science such as automata theory, syntactic semigroup, model theory and semigroup theory.$

In mathematics, the hypergraph regularity method is a powerful tool in extremal graph theory that refers to the combined application of the hypergraph regularity lemma and the associated counting lemma. It is a generalization of the graph regularity method, which refers to the use of Szemerédi's regularity and counting lemmas.

References

1 2 W.S. Chou,On inversive Maximal Period Polynomials over Finite Fields, Applicable Algebra in Engineering, Communication and Computing, No. 4/5, 1995, pp. 245-250.
↑ J. Eichenauer-Herrmannn. Inversive congruential pseudorandom numbers avoid the planes, Math.Comp., Vol. 56,1991, pp. 297-301.
↑ J. Eichenauer-Herrmannn, H. Grothe, A. Topuzoglu, On the lattice structure of a nonlinear generator with modulus $2^{\alpha }$ , J.Comput. Appl. Math., Vol. 31,1990, pp. 81-85.
↑ J. Eichenauer-Herrmannn, H. Niederreiter, Lower bounds for the discrepancy of inversive congruential pseudorandom numbers with power of two modulus, Math. Comp., Vol. 58, 1992, pp. 775-779.
↑ J. Eichenauer-Herrmannn,Statistical independence of a new class of inversive congruential pseudorandom numbers, Math. Comp., Vol 60, 1993, pp. 375-384.
↑ P. Hellekalek, Inversive pseudorandom number generators:concepts, results and links, Proceedings of the Winter Simulation Conference, 1995, pp 255-262.
↑ J. Bubicz, J. Stoklosa, Compound Inversive Congruential Generator Design Algorithm, §3 .
↑ H. Niederreiter, New developments in uniform pseudorandom number and vector generation, Monte Carlo and Quasi-Monte Carlo Methods in Scientific Computing, Berlin, 1995.
↑ J. Eichenauer-Herrmann, F.Emmerich, Compound Inversive Congruential Pseudorandom Numbers: An average-Case Analysis, American Mathematical Society.

External links

Inversive Generators Archived 2008-09-24 at the Wayback Machine at the University of Salzburg.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[one-1] 1 2 W.S. Chou,On inversive Maximal Period Polynomials over Finite Fields, Applicable Algebra in Engineering, Communication and Computing, No. 4/5, 1995, pp. 245-250.

[two-2] J. Eichenauer-Herrmannn. Inversive congruential pseudorandom numbers avoid the planes, Math.Comp., Vol. 56,1991, pp. 297-301.

[three-3] J. Eichenauer-Herrmannn, H. Grothe, A. Topuzoglu, On the lattice structure of a nonlinear generator with modulus $2^{\alpha }$ , J.Comput. Appl. Math., Vol. 31,1990, pp. 81-85.

[four-4] J. Eichenauer-Herrmannn, H. Niederreiter, Lower bounds for the discrepancy of inversive congruential pseudorandom numbers with power of two modulus, Math. Comp., Vol. 58, 1992, pp. 775-779.

[five-5] J. Eichenauer-Herrmannn,Statistical independence of a new class of inversive congruential pseudorandom numbers, Math. Comp., Vol 60, 1993, pp. 375-384.

[six-6] P. Hellekalek, Inversive pseudorandom number generators:concepts, results and links, Proceedings of the Winter Simulation Conference, 1995, pp 255-262.

[seven-7] J. Bubicz, J. Stoklosa, Compound Inversive Congruential Generator Design Algorithm, §3 .

[eight-8] H. Niederreiter, New developments in uniform pseudorandom number and vector generation, Monte Carlo and Quasi-Monte Carlo Methods in Scientific Computing, Berlin, 1995.

[nine-9] J. Eichenauer-Herrmann, F.Emmerich, Compound Inversive Congruential Pseudorandom Numbers: An average-Case Analysis, American Mathematical Society.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]