Inversive congruential generator

Last updated December 29, 2024

Inversive congruential generators are a type of nonlinear congruential pseudorandom number generator, which use the modular multiplicative inverse (if it exists) to generate the next number in a sequence. The standard formula for an inversive congruential generator, modulo some prime q is:

Period

The sequence $(x_{n})_{n\geq 0}$ must have $x_{i}=x_{j}$ after finitely many steps, and since the next element depends only on its direct predecessor, also $x_{i+1}=x_{j+1}$ etc. The maximum possible period for the modulus q is q itself, i.e. the sequence includes every value from 0 to q − 1 before repeating.

A sufficient condition for the sequence to have the maximum possible period is to choose a and c such that the polynomial $f(x)=x^{2}-cx-a\in \mathbb {F} _{q}[x]$ (polynomial ring over $\mathbb {F} _{q}$ ) is primitive. This is not a necessary condition; there are choices of q, a and c for which $f(x)$ is not primitive, but the sequence nevertheless has a period of q. Any polynomial, primitive or not, that leads to a maximal-period sequence is called an inversive maximal-period (IMP) polynomial. Chou describes an algorithm for choosing the parameters a and c to get such polynomials.^[1]

Eichenauer-Herrmann, Lehn, Grothe and Niederreiter have shown that inversive congruential generators have good uniformity properties, in particular with regard to lattice structure and serial correlations.

Example

ICG(5, 2, 3, 1) gives the sequence 1, 0, 3, 2, 4, 1, 0, 3, 2, 4, 1, 0, ...

In this example, $f(x)=x^{2}-3x-2$ is irreducible in $\mathbb {F} _{5}[x]$ , as none of 0, 1, 2, 3 or 4 is a root. It can also be verified that x is a primitive element of $\mathbb {F} _{5}[x]/(f)$ and hence f is primitive.

Compound inversive generator

The construction of a compound inversive generator (CIG) relies on combining two or more inversive congruential generators according to the method described below.

Let $p_{1},\dots ,p_{r}$ be distinct prime integers, each $p_{j}\geq 5$ . For each index j, 1 ≤ j ≤ r, let $(x_{n})_{n\geq 0}$ be a sequence of elements of $\mathbb {F} _{p_{j}}$ periodic with period length $p_{j}$ . In other words, $\{x_{n}^{(j)}\mid 0\leq n\leq p_{j}\}\in \mathbb {F} _{p_{j}}$ .

For each index j, 1 ≤ j ≤ r, we consider $T_{j}=T/p_{j}$ , where $T=p_{1}\cdots p_{r}$ is the period length of the following sequence $(x_{n})_{n\geq 0}$ .

The sequence $(x_{n})_{n\geq 0}$ of compound pseudorandom numbers is defined as the sum

x_{n}=\left(T_{1}x_{n}^{(1)}+T_{2}x_{n}^{(2)}+\dots +T_{r}x_{n}^{(r)}\right){\bmod {T}}

.

The compound approach allows combining inversive congruential generators, provided they have full period, in parallel generation systems.

Advantages of CIG

The CIG are accepted for practical purposes for a number of reasons.

Firstly, binary sequences produced in this way are free of undesirable statistical deviations. Inversive sequences extensively tested with variety of statistical tests remain stable under the variation of parameter.^[2]^[3]^[4]

Secondly, there exists a steady and simple way of parameter choice, based on the Chou algorithm^[1] that guarantees maximum period length.

Thirdly, compound approach has the same properties as single inversive generators,^[5]^[6] but it also provides period length significantly greater than obtained by a single inversive congruential generator. They seem to be designed for application with multiprocessor parallel hardware platforms.

There exists an algorithm^[7] that allows designing compound generators with predictable period length, predictable linear complexity level, with excellent statistical properties of produced bit streams.

The procedure of designing this complex structure starts with defining finite field of p elements and ends with choosing the parameters a and c for each inversive congruential generator being the component of the compound generator. It means that each generator is associated to a fixed IMP polynomial. Such a condition is sufficient for maximum period of each inversive congruential generator^[8] and finally for maximum period of the compound generator. The construction of IMP polynomials is the most efficient approach to find parameters for inversive congruential generator with maximum period length.

Discrepancy and its boundaries

Equidistribution and statistical independence properties of the generated sequences, which are very important for their usability in a stochastic simulation, can be analyzed based on the discrepancy of s-tuples of successive pseudorandom numbers with $s=1$ and $s=2$ respectively.

The discrepancy computes the distance of a generator from a uniform one. A low discrepancy means that the sequence generated can be used for cryptographic purposes, and the first aim of the inversive congruential generator is to provide pseudorandom numbers.

Definition

For $N$ arbitrary points ${\mathbf {t} }_{1},\dots ,{\mathbf {t} }_{N-1}\in [0,1)$ the discrepancy is defined by $D_{N}({\mathbf {t} }_{1},\dots ,{\mathbf {t} }_{N-1})={\rm {sup}}_{J}|F_{N}(J)-V(J)|$ , where the supremum is extended over all subintervals $J$ of $[0,1)^{s}$ , $F_{N}(J)$ is $N^{-1}$ times the number of points among ${\mathbf {t} }_{1},\dots ,{\mathbf {t} }_{N-1}$ falling into $J$ and ⁠ $V(J)$ ⁠ denotes the $s$ -dimensional volume of $J$ .

Until now, we had sequences of integers from 0 to ⁠ $T-1$ ⁠, in order to have sequences of $[0,1)^{s}$ , one can divide a sequences of integers by its period $T$ .

From this definition, we can say that if the sequence ${\mathbf {t} }_{1},\dots ,{\mathbf {t} }_{N-1}$ is perfectly random then its well distributed on the interval $J=[0,1)^{s}$ then $V(J)=1$ and all points are in $J$ so $F_{N}(J)=N/N=1$ hence $D_{N}({\mathbf {t} }_{1},\dots ,{\mathbf {t} }_{N-1})=0$ but instead if the sequence is concentrated close to one point then the subinterval $J$ is very small $V(j)\approx 0$ and $F_{N}(j)\approx N/N\approx 1$ so $D_{N}({\mathbf {t} }_{1},\dots ,{\mathbf {t} }_{N-1})=1$ Then we have from the better and worst case:

0\leq D_{N}({\mathbf {t} }_{1},\dots ,{\mathbf {t} }_{N-1})\leq 1

.

Notations

Some further notation is necessary. For integers $k\geq 1$ and $q\geq 2$ let $C_{k}(q)$ be the set of nonzero lattice points $(h_{1},\dots ,h_{k})\in Z^{k}$ with $-q/2<h_{j}<q/2$ for $1\leq j\leq k$ .

Define

r(h,q)={\begin{cases}q\sin(\pi |h|/q)&{\text{for }}h\in C_{1}(q)\\1&{\text{for }}h=0\end{cases}}

and

r(\mathbf {h} ,q)=\prod _{j=1}^{k}r(h_{j},q)

for ${\mathbf {h} }=(h_{1},\dots ,h_{k})\in C_{k}(q)$ . For real $t$ the abbreviation $e(t)={\rm {exp}}(2\pi \cdot it)$ is used, and $u\cdot v$ stands for the standard inner product of $u,v$ in $R^{k}$ .

Higher bound

Let $N\geq 1$ and $q\geq 2$ be integers. Let ${\mathbf {t} }_{n}=y_{n}/q\in [0,1)^{k}$ with $y_{n}\in \{0,1,\dots ,q-1\}^{k}$ for $0\leq n<N$ .

Then the discrepancy of the points ${\mathbf {t} }_{0},\dots ,{\mathbf {t} }_{N-1}$ satisfies

D_{N}(\mathbf {t} _{0},\mathbf {t} _{1},\dots ,\mathbf {t} _{N-1})

≤

{\frac {k}{q}}

+

{\frac {1}{N}}

\sum _{h\in \mathbb {C} _{k}(q)}

{\frac {1}{r(\mathbf {h} ,q)}}{\Bigg |}\sum _{n=0}^{N-1}e(\mathbf {h} \cdot \mathbf {t} _{n}){\Bigg |}

Lower bound

The discrepancy of $N$ arbitrary points $\mathbf {t} _{1},\dots ,\mathbf {t} _{N-1}\in [0,1)^{k}$ satisfies

D_{N}(\mathbf {t} _{0},\mathbf {t} _{1},\dots ,\mathbf {t} _{N-1})\geq {\frac {\pi }{2N((\pi +1)^{l}-1)\prod _{j=1}^{k}{\rm {max}}(1,h_{j})}}{\Bigg |}\sum _{n=0}^{N-1}e(\mathbf {h} \cdot \mathbf {t} _{n}){\Bigg |}

for any nonzero lattice point ${\mathbf {h} }=(h_{1},\dots ,h_{k})\in Z^{k}$ , where $l$ denotes the number of nonzero coordinates of ${\mathbf {h} }$ .

These two theorems show that the CIG is not perfect because the discrepancy is greater strictly than a positive value but also the CIG is not the worst generator as the discrepancy is lower than a value less than 1.

There exist also theorems which bound the average value of the discrepancy for Compound Inversive Generators and also ones which take values such that the discrepancy is bounded by some value depending on the parameters. For more details see the original paper.^[9]

Related Research Articles

In mathematics, the discrete Fourier transform (DFT) converts a finite sequence of equally-spaced samples of a function into a same-length sequence of equally-spaced samples of the discrete-time Fourier transform (DTFT), which is a complex-valued function of frequency. The interval at which the DTFT is sampled is the reciprocal of the duration of the input sequence. An inverse DFT (IDFT) is a Fourier series, using the DTFT samples as coefficients of complex sinusoids at the corresponding DTFT frequencies. It has the same sample-values as the original input sequence. The DFT is therefore said to be a frequency domain representation of the original input sequence. If the original sequence spans all the non-zero values of a function, its DTFT is continuous, and the DFT provides discrete samples of one cycle. If the original sequence is one cycle of a periodic function, the DFT provides all the non-zero values of one DTFT cycle.

A pseudorandom number generator (PRNG), also known as a deterministic random bit generator (DRBG), is an algorithm for generating a sequence of numbers whose properties approximate the properties of sequences of random numbers. The PRNG-generated sequence is not truly random, because it is completely determined by an initial value, called the PRNG's seed. Although sequences that are closer to truly random can be generated using hardware random number generators, pseudorandom number generators are important in practice for their speed in number generation and their reproducibility.

In information theory and coding theory, Reed–Solomon codes are a group of error-correcting codes that were introduced by Irving S. Reed and Gustave Solomon in 1960. They have many applications, including consumer technologies such as MiniDiscs, CDs, DVDs, Blu-ray discs, QR codes, Data Matrix, data transmission technologies such as DSL and WiMAX, broadcast systems such as satellite communications, DVB and ATSC, and storage systems such as RAID 6.

In algebra and in particular in algebraic combinatorics, the ring of symmetric functions is a specific limit of the rings of symmetric polynomials in n indeterminates, as n goes to infinity. This ring serves as universal structure in which relations between symmetric polynomials can be expressed in a way independent of the number n of indeterminates. Among other things, this ring plays an important role in the representation theory of the symmetric group.

In mathematics, a low-discrepancy sequence is a sequence with the property that for all values of $, its subsequence has a low discrepancy.$

In mathematics, a norm is a function from a real or complex vector space to the non-negative real numbers that behaves in certain ways like the distance from the origin: it commutes with scaling, obeys a form of the triangle inequality, and is zero only at the origin. In particular, the Euclidean distance in a Euclidean space is defined by a norm on the associated Euclidean vector space, called the Euclidean norm, the 2-norm, or, sometimes, the magnitude or length of the vector. This norm can be defined as the square root of the inner product of a vector with itself.

In mathematics, the real coordinate space or real coordinate n-space, of dimension $n$ , denoted $R n$ or , is the set of all ordered $n$ -tuples of real numbers, that is the set of all sequences of $n$ real numbers, also known as coordinate vectors. Special cases are called the real line $R 1$ , the real coordinate plane $R 2$ , and the real coordinate three-dimensional space $R 3$ . With component-wise addition and scalar multiplication, it is a real vector space.

A pseudorandom binary sequence (PRBS), pseudorandom binary code or pseudorandom bitstream is a binary sequence that, while generated with a deterministic algorithm, is difficult to predict and exhibits statistical behavior similar to a truly random sequence. PRBS generators are used in telecommunication, such as in analog-to-information conversion, but also in encryption, simulation, correlation technique and time-of-flight spectroscopy. The most common example is the maximum length sequence generated by a (maximal) linear feedback shift register (LFSR). Other examples are Gold sequences, Kasami sequences and JPL sequences, all based on LFSRs.

In graph theory, a graph is said to be a pseudorandom graph if it obeys certain properties that random graphs obey with high probability. There is no concrete definition of graph pseudorandomness, but there are many reasonable characterizations of pseudorandomness one can consider.

A randomness extractor, often simply called an "extractor", is a function, which being applied to output from a weak entropy source, together with a short, uniformly random seed, generates a highly random output that appears independent from the source and uniformly distributed. Examples of weakly random sources include radioactive decay or thermal noise; the only restriction on possible sources is that there is no way they can be fully controlled, calculated or predicted, and that a lower bound on their entropy rate can be established. For a given source, a randomness extractor can even be considered to be a true random number generator (TRNG); but there is no single extractor that has been proven to produce truly random output from any type of weakly random source.

In mathematics, a Redheffer matrix, often denoted $as studied by Redheffer (1977), is a square (0,1) matrix whose entries a ij are 1 if i divides j or if j = 1; otherwise, a ij = 0. It is useful in some contexts to express Dirichlet convolution, or convolved divisors sums, in terms of matrix products involving the transpose of the Redheffer matrix.$

In computational complexity theory, the decision tree model is the model of computation in which an algorithm can be considered to be a decision tree, i.e. a sequence of queries or tests that are done adaptively, so the outcome of previous tests can influence the tests performed next.

In cryptography, learning with errors (LWE) is a mathematical problem that is widely used to create secure encryption algorithms. It is based on the idea of representing secret information as a set of equations with errors. In other words, LWE is a way to hide the value of a secret by introducing noise to it. In more technical terms, it refers to the computational problem of inferring a linear $-ary function over a finite ring from given samples some of which may be erroneous. The LWE problem is conjectured to be hard to solve, and thus to be useful in cryptography.$

In sequence design, a Feedback with Carry Shift Register is the arithmetic or with carry analog of a linear-feedback shift register (LFSR). If $is an integer, then an N -ary FCSR of length is a finite state device with a state consisting of a vector of elements in and an integer . The state change operation is determined by a set of coefficients and is defined as follows: compute . Express s as with in . Then the new state is . By iterating the state change an FCSR generates an infinite, eventually periodic sequence of numbers in .$

In 1997, Moni Naor and Omer Reingold described efficient constructions for various cryptographic primitives in private key as well as public-key cryptography. Their result is the construction of an efficient pseudorandom function. Let p and l be prime numbers with l |p−1. Select an element g ∈ $of multiplicative order l . Then for each (n+1) -dimensional vector a = (a 0,a 1, ..., a n)\in they define the function$

An approach to nonlinear congruential methods of generating uniform pseudorandom numbers in the interval [0,1) is the Inversive congruential generator with prime modulus. A generalization for arbitrary composite moduli $with arbitrary distinct primes will be present here.$

In mathematics, there are many kinds of inequalities involving matrices and linear operators on Hilbert spaces. This article covers some important operator inequalities connected with traces of matrices.

In statistics, the complex Wishart distribution is a complex version of the Wishart distribution. It is the distribution of $times the sample Hermitian covariance matrix of zero-mean independent Gaussian random variables. It has support for Hermitian positive definite matrices.$

In computer science and mathematics, more precisely in automata theory, model theory and formal language, a regular numerical predicate is a kind of relation over integers. Regular numerical predicates can also be considered as a subset of $for some arity . One of the main interests of this class of predicates is that it can be defined in plenty of different ways, using different logical formalisms. Furthermore, most of the definitions use only basic notions, and thus allows to relate foundations of various fields of fundamental computer science such as automata theory, syntactic semigroup, model theory and semigroup theory.$

The Karmarkar–Karp (KK) bin packing algorithms are several related approximation algorithm for the bin packing problem. The bin packing problem is a problem of packing items of different sizes into bins of identical capacity, such that the total number of bins is as small as possible. Finding the optimal solution is computationally hard. Karmarkar and Karp devised an algorithm that runs in polynomial time and finds a solution with at most $bins, where OPT is the number of bins in the optimal solution. They also devised several other algorithms with slightly different approximation guarantees and run-time bounds.$

References

1 2 W.S. Chou,On inversive Maximal Period Polynomials over Finite Fields, Applicable Algebra in Engineering, Communication and Computing, No. 4/5, 1995, pp. 245-250.
↑ J. Eichenauer-Herrmannn. Inversive congruential pseudorandom numbers avoid the planes, Math.Comp., Vol. 56,1991, pp. 297-301.
↑ J. Eichenauer-Herrmannn, H. Grothe, A. Topuzoglu, On the lattice structure of a nonlinear generator with modulus $2^{\alpha }$ , J.Comput. Appl. Math., Vol. 31,1990, pp. 81-85.
↑ J. Eichenauer-Herrmannn, H. Niederreiter, Lower bounds for the discrepancy of inversive congruential pseudorandom numbers with power of two modulus, Math. Comp., Vol. 58, 1992, pp. 775-779.
↑ J. Eichenauer-Herrmannn,Statistical independence of a new class of inversive congruential pseudorandom numbers, Math. Comp., Vol 60, 1993, pp. 375-384.
↑ P. Hellekalek, Inversive pseudorandom number generators:concepts, results and links, Proceedings of the Winter Simulation Conference, 1995, pp 255-262.
↑ J. Bubicz, J. Stoklosa, Compound Inversive Congruential Generator Design Algorithm, §3 .
↑ H. Niederreiter, New developments in uniform pseudorandom number and vector generation, Monte Carlo and Quasi-Monte Carlo Methods in Scientific Computing, Berlin, 1995.
↑ J. Eichenauer-Herrmann, F.Emmerich, Compound Inversive Congruential Pseudorandom Numbers: An average-Case Analysis, American Mathematical Society.

External links

Inversive Generators Archived 2008-09-24 at the Wayback Machine at the University of Salzburg.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[one-1] 1 2 W.S. Chou,On inversive Maximal Period Polynomials over Finite Fields, Applicable Algebra in Engineering, Communication and Computing, No. 4/5, 1995, pp. 245-250.

[two-2] J. Eichenauer-Herrmannn. Inversive congruential pseudorandom numbers avoid the planes, Math.Comp., Vol. 56,1991, pp. 297-301.

[three-3] J. Eichenauer-Herrmannn, H. Grothe, A. Topuzoglu, On the lattice structure of a nonlinear generator with modulus $2^{\alpha }$ , J.Comput. Appl. Math., Vol. 31,1990, pp. 81-85.

[four-4] J. Eichenauer-Herrmannn, H. Niederreiter, Lower bounds for the discrepancy of inversive congruential pseudorandom numbers with power of two modulus, Math. Comp., Vol. 58, 1992, pp. 775-779.

[five-5] J. Eichenauer-Herrmannn,Statistical independence of a new class of inversive congruential pseudorandom numbers, Math. Comp., Vol 60, 1993, pp. 375-384.

[six-6] P. Hellekalek, Inversive pseudorandom number generators:concepts, results and links, Proceedings of the Winter Simulation Conference, 1995, pp 255-262.

[seven-7] J. Bubicz, J. Stoklosa, Compound Inversive Congruential Generator Design Algorithm, §3 .

[eight-8] H. Niederreiter, New developments in uniform pseudorandom number and vector generation, Monte Carlo and Quasi-Monte Carlo Methods in Scientific Computing, Berlin, 1995.

[nine-9] J. Eichenauer-Herrmann, F.Emmerich, Compound Inversive Congruential Pseudorandom Numbers: An average-Case Analysis, American Mathematical Society.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]