Random numbers are the nuts and bolts of simulation. Typically, all the randomness required by the model is simulated by a random number generator whose output is assumed to be a sequence of independent and identically distributed (IID) U(0, 1) random variables (i.e., continuous random variables distributed uniformly over the interval

Fast uniform random number generators with extremely long periods have been defined and implemented based on linear recurrences modulo 2. The twisted GFSR and the Mersenne twister are famous recent examples. Besides the period length, the statistical quality of these generators is usually assessed via their equidistribution properties. The huge-period generators proposed so far are not quite optimal in that respect. In this paper, we propose new generators of that form, with better equidistribution and “bit-mixing ” properties for equivalent period length and speed. The state of our new generators evolves in a more chaotic way than for the Mersenne twister. We illustrate how this can reduce the impact of persistent dependencies among successive output values, which can be observed in certain parts of the period of gigantic generators such as the Mersenne twister.

This document describes the software library TestU01, implemented in the ANSI C language, and offering a collection of utilities for the (empirical) statistical testing of uniform random number generators (RNG). The library implements several types of generators in generic form, as well as many specific generators proposed in the literature or found in widely-used software. It provides general implementations of the classical statistical tests for random number generators, as well as several others proposed in the literature, and some original ones. These tests can be applied to the generators predefined in the library and to user-defined generators. Specific tests suites for either sequences of uniform random numbers in [0, 1] or bit sequences are also available. Basic tools for plotting vectors of points produced by generators are provided as well. Additional software permits one to perform systematic studies of the interaction between a specific test and the structure of the point sets produced by a given family of RNGs. That is, for a given kind of test and a given class of RNGs, to determine how large should be the sample size of the test, as a function of the generator’s period length, before the generator starts to fail the test systematically.

We introduce TestU01, a software library implemented in the ANSI C language, and offering a collection of utilities for the empirical statistical testing of uniform random number generators (RNGs). It provides general implementations of the classical statistical tests for RNGs, as well as several others tests proposed in the literature, and some original ones. Predefined tests suites for sequences of uniform random numbers over the interval (0, 1) and for bit sequences are available. Tools are also offered to perform systematic studies of the interaction between a specific test and the structure of the point sets produced by a given family of RNGs. That is, for a given kind of test and a given class of RNGs, to determine how large should be the sample size of the test, as a function of the generator’s period length, before the generator starts to fail the test systematically. Finally, the library provides various types of generators implemented in generic form, as well as many specific generators proposed in the literature or found in widely-used software. The tests can be applied to instances of the generators predefined in the library, or to user-defined generators, or to streams of random numbers produced by any kind of device or stored in files. Besides introducing TestU01, the paper provides a survey and a classification of statistical tests for RNGs. It also applies batteries of tests to a long list of widely used RNGs.

This paper presents a new, powerful statistical testing of symmetric ciphers and hash functions which allowed us to detect biases in both of these systems where previously known tests failed. We first give a complete characterization of the Algebraic Normal Form (ANF) of random Boolean functions by means of the M obius transform. Then we built a new testing based on the comparison between the structure of the different Boolean functions Algebraic Normal Forms characterizing symmetric ciphers and hash functions and those of purely random Boolean functions. Detailed testing results on several cryptosystems are presented. As a main result we show that AES, DES Snow and Lili-128 fail all or part of the tests and thus present strong biases.

We suggest a practical and economical way to generate random bits using a computer disk drive as a source of randomness. It requires no additional hardware (given a system with a disk), and no user involvement. As a concrete example of performance, on a Sun Ultra-1 with a Seagate Cheetah disk, it generates bits at a rate of either 5 bits per minute or 577 bits per minute depending on the physical phenomena that we use as a source of randomness. The generated bits are random by a theoretical argument, and also pass a severe battery of statistical tests. 1 Introduction Randomness is a central aspect of cryptography. It is paramount for key generation, is necessary in several encryption algorithms and in interactive proofs, and is useful for boosting the efficiency of algorithms. It is the pillar on which anonymity rests, and protocol soundness often requires a source of random bits. Consequently, randomness is a research topic that has been given considerable attention. It has been pr...

matt�rsa.com

An enormous number of commercial applications (over 350 million copies) rely on the BSAFE and JSAFE toolkits from RSA Data Security to generate cryptographically strong pseudorandom numbers for keys, initialization vectors, challenges, etc. This paper describes the algorithms used by these toolkits, discusses their design, analyzes their resistance to various attacks, and presents results from statistical tests. The algorithms appear to be well suited for cryptographic applications. Introduction & Background The amazing feature of cryptography is that it reduces the problem of protecting a large amount of data to the problem of protecting a small amount of keying material. However, generating even a small amount of keying material is hard. The trouble is that gathering good randomness (bits that cannot be predicted or influenced by an attacker) can take several thousand milliseconds, which is unacceptable for most applications. The usual solution is to rely on a goo...

An enormous number of commercial applications (over 350 million copies) rely on the BSAFE and JSAFE toolkits from RSA Data Security to generate cryptographically strong pseudorandom numbers for keys, initialization vectors, challenges, etc. This paper describes the algorithms used by these toolkits, discusses their design, analyzes their resistance to various attacks, and presents results from statistical tests. The algorithms appear to be well suited for cryptographic applications. Introduction & Background The amazing feature of cryptography is that it reduces the problem of protecting a large amount of data to the problem of protecting a small amount of keying material. However, generating even a small amount of keying material is hard. The trouble is that gathering good randomness (bits that cannot be predicted or influenced by an attacker) can take several thousand milliseconds, which is unacceptable for most applications. The usual solution is to rely on a goo...