Random Numbers: Nothing Left to ChancePosted March 2008.The generation of random numbers is too important to be left to chance. --Robert Coveyou
David Austin
It is often said that mathematics is about understanding patterns and that these patterns are what makes mathematics beautiful. This article, however, is about how mathematics may be used to create, or at least simulate, randomness, the lack of patterns. Surprisingly, we will see that it is difficult to create random behavior (in fact, the words "create randomness" may sound a little jarring) and to determine when we have successfully done it. We will focus on constructing random sequences of numbers. There are many reasons why we might want to do this. For centuries, people have used randomness--a coin toss, for instance--to make important decisions. Of course, many states run lotteries that use a sequence of random numbers to determine the recipients of huge amounts of money. Some readers may remember the draft lottery used during the Vietnam war. In 1969, the days of the year were ordered by drawing pieces of paper, each with a day of the year written on it, from a bin. Young men born on those days drawn first were more likely to be drafted. A statistical analysis later found that, because they were placed in the bin later, days toward the end of the year were more likely to be drawn. In other words, the days were not ordered randomly, and a more mathematical solution was proposed for subsequent years' lotteries. Currently, random numbers are used to form encryption keys when information needs to be passed securely, say, across the Internet. Random sequences of numbers are also important for simulating real-world phenomena. For instance, a bank that operates a network of ATM machines may wish to test its software by simulating the actions of customers accessing their accounts at random times through random machines. Random numbers are also used by so-called Monte Carlo methods to obtain numerical approximations to problems that may be too difficult to solve exactly. For instance, imagine that we do not know the area of the unit circle. We could place the unit circle inside a square of known area and randomly add points to the square. The percentage of points that lie inside the circle should approximate the ratio of the area of the circle to the area of the square. The figure below shows 2000 points randomly placed inside a square whose sides have length 2.2, 1308 of which lie inside the circle. The approximate area of the circle is then the area of the square, 4.84, times 1308/2000, which is 3.16536 (the exact area is, of course, ).
Where do random numbers come from?Most of us already have an intuitive notion of what random numbers are, but, as we'll see, this is a difficult question to answer precisely. Simply said, we should not be able to use the numbers that we have seen to predict which number will come next or to restrict the possibilities. For example, you may wish to think of rolling an ideal die. On each roll, each of the numbers--1, 2, 3, 4, 5, 6--is equally likely to appear. If we roll many times, we may expect to see each of the six possibilities roughly one-sixth of the time. In addition, if we count the number of successive pairs, we would expect to see each of the 36 possible pairs appear with roughly equal frequency. It is possible, however, that we roll the die one thousand times and obtain a "1" each time. Regardless, each number is equally likely to show up on the 1001^{st} time. (This seeming paradox lies behind a well known Dilbert cartoon.) At first glance, it may seem like a simple thing to generate random numbers. In fact, you may think that humans could do this easily by, for instance, just writing sequences of 0's and 1's in a stream of consciousness. By following this link, you will be able to write a sequence of one hundred 0's and 1's that will be analyzed using a few of the tests we'll encounter later in this article. If your sequence passes these tests, it shares several properties with truly random sequences. However, you will most likely find it difficult to write a sequence that passes these tests. Humans have a difficult time creating random sequences by trying to "act randomly." Truly random sequences of numbers may be generated by natural phenomena. Indeed, the web site HotBits, makes available random sequences generated by recording the times between the decays of radioactive particles. For instance, the time between two decays is recorded and compared to the time between the next two. If the first time is shorter than the second, a "0" is recorded, but if the first time is longer than the second, a "1" is recorded. In this way, a sequence of random bits, which may be concatenated to form random integers, is produced. Another site, Random.org, works in a similar way by recording the amplitude of atmospheric noise. An interesting question is whether the digits of form a random sequence. Numerical evidence, based on looking at trillions of digits, suggests that they do, but not enough is known at this time to say definitively. Random number generatorsWhile some sequences generated by natural phenomena produce truly random numbers, many applications require that we be able to create random numbers efficiently inside a computer. This may sound impossible: computers simply execute a set of instructions whose output is determined by the input. Since we supply the computer with the instructions and the input, the output is determined by our choices. How can such a number be random? The answer is that it's not. Instead, our goal is to use a procedure that hides our footprints so that the numbers create the illusion of randomness. More precisely, we want the numbers to share many properties that we would expect a truly random sequence to enjoy. Such a procedure is often called a pseudorandom number generator, since the numbers generated are not truly random, though we will follow convention and use the term random number generator. Our discussion is greatly influenced by Donald Knuth's exposition in Volume 2 of The Art of Computer Programming, cited in the references. John von Neumann proposed using the following method as one of the first random number generators. Suppose we want to create eight-digit numbers. Begin with an eight-digit number X_{0}, which we call the seed, and create the next integer in the sequence by removing the middle eight digits from X_{0}^{2}. For instance, if X_{0} = 35385906, we find that
X_{0}^{2} = 1252162343440836 so that our next number is X_{1} = 16234344. If we repeat this a few times we find:
Since it is difficult, at first glance, to find a pattern in these numbers, we may think that this is an appropriate way to find random numbers. In other words, we have created the illusion of randomness through a deterministic process. Further study shows, however, that this is not a good random number generator. Each term in the sequence depends only on its immediate predecessor and there are only a finite number of possible terms. This means that the sequence will inevitably repeat. The problem is that the sequence can get caught in relatively short cycles. For instance, if the number 31360000 appears in the sequence at some point, we end up with this number again after another 99 iterations and this cycle continues indefinitely. The middle square method may give you the idea to ask the computer to perform a sequence of many, unrelated, random operations. In fact, Knuth constructed an algorithm that used 13 "peculiar" steps to produce the next number in a sequence of 10-digit numbers and found that it was a very poor way to generate random numbers. I created a simple algorithm to generate two-digit numbers using apparently "random" operations.
What may seem surprising is that this algorithm produces the short cycle 91, 96, 46, 1, 64, 73, 72, 91, ...., and most seeds lead us to this cycle. As Knuth writes, "The moral of the story is that random numbers should not be generated with a method chosen at random [emphasis original]." Linear congruential generatorsSurprisingly, a good source of pseudorandom number generators comes from the linear congruential method, introduced by Derrick Lehmer in 1949. Here we choose
We then form the next terms in the sequence by
X_{n+1} = f (X_{n}) = (aX_{ n} + c) mod m. At first glance, it is hard to believe this will produce the illusion of randomness. Remember that we want each term of the sequence to appear to be independent of its predecessor. Can we really accomplish this using a linear function? It turns out that the art is in choosing appropriate values of a, c, and m. Of course, there are only a finite number of possible numbers 0, 1, 2, ..., m - 1 and since one term is determined by its immediate predecessor, the sequence will inevitably form a repeating cycle whose period will be no larger than m. If this period is short, the sequence will quickly begin to repeat, undesirable behavior if are trying to mimic a random sequence. However, the following theorem shows us how we may make the period have the maximal length m. To express this theorem, it is convenient to use the shorthand b = a - 1.
For example, the choices , and c = 64 produce a cyclic sequence of numbers whose period is m=8505. We therefore have
X_{n+1} = (106X_{n} + 64) mod 8505. Shown below are the first few points (x, f (x)) created using this generator. As you can see, they appear to be randomly placed.
Typically, integers are represented in a computer using 32 bits so it is natural to choose a value of m close to 2^{32}. With an appropriate choice of a and c, our sequence will then cycle through most of the integers that the computer can represent. Notice that a = c = 1 satisfies the hypothesis of this theorem. However, this choice produces the sequence
X_{0}, X_{0} + 1, X_{0} + 2, X_{0} + 3, X_{0} + 4, ..., which is hardly random. Clearly, we need another condition, in addition to the maximal period condition, if we are going to create random numbers using this method. A second condition, which we will now describe, will be quantified using the potency of the sequence, which we define to be the smallest integer s such that b^{s} = 0 mod m. To understand this quantity, begin with X_{0} = 0 (which will eventually be encountered since the sequence has period m), and notice that
If we expand a^{n} - 1 = (b + 1)^{n} - 1, then we obtain
If the potency is 1, then we have X_{n} = (cn) mod m. This sequence is certainly not random. If the potency is 2, then X_{n+1} - X_{n} = (c + cbn) mod m. In other words, the difference between successive terms behaves in a predictable way so that the sequence cannot be considered random. Continuing this thinking shows that we need the potency to be relatively high to achieve the illusion of randomness. Experimenting shows that a potency of at least 5 is necessary to create useful random numbers. However, a linear congruential sequence with a potency of 5 is not guaranteed to be random. In our example above, we had and , which produces a linear congruential sequence of maximal period with potency 5 (the first few points are shown on the left below). In constrast, if we take and , we obtain a linear congruential sequence with maximal period and potency 2 (the first few points are on the right).
In spite of the fact that linear congruential sequences are simply defined, the numbers produced are good enough for many applications. In fact, random numbers provided by computer programming languages, such as Java, are often created by linear congruential generators. The choice of the seed X_{0} is often taken as the current time expressed in milliseconds. Other methods, besides the linear congruential method, have been proposed for creating random sequences. Two other ideas come to mind. First, we might choose a quadratic function rather than a linear one. Robert Coveyou suggested the function:
X_{n+1} = X_{n} (X_{n} + 1) mod 2^{e} and showed that it produced sufficiently random numbers. Also, we could consider using more than the previous term in the sequence to generate the next. An example is the lagged Fibonacci sequence, suggested by Gerard Mitchell and Donald Moore in 1958:
X_{n+1} = (X_{n-24} + X_{n-55}) mod m once the first 55 terms of the sequence are generated using, say, a linear congruential generator. The appearance of 24 and 55 in this expression, chosen after careful study, guarantees that the sequence has a suitably long period. How do we recognize random numbers?If we propose a method for creating random numbers, we need some way to measure how good its results are. We will now describe a few tests that are important but still somewhat inadequate. To get started, we will describe one test and how it is implemented. Then we will describe a collection of subsequent tests that may be implemented in a similiar way. Let's consider a simple case in which the numbers we generate are either 0 or 1. There are 32 = 2^{5} possible sequences of five numbers, and each group of five numbers belongs to one of six categories depending on whether there are 0, 1, 2, 3, 4, or 5 zeroes. The following table shows n_{i}, the number of these 32 possibilities that have i zeroes and p_{i}, the probability that a sequence of five numbers, chosen at random, has i zeroes.
What we will now describe is known as the chi square test. Given our sequence {X_{n}} of zeroes and ones, break it into r disjoint groups of five consecutive elements, and denote by r_{i} the number of groups having i zeroes. If our sequence were random, we should have so we can measure how our sequence differs from a random one by computing (r_{i} - rp_{i})^{2}. Since p_{2} is much larger than p_{0}, we should expect that r_{2} is much larger than r_{0} and that the corresponding error term should be larger. To avoid giving undue weight to any of the six possibilities we divide (r_{i} - rp_{i})^{2} by rp_{i} and form the chi square statistic
as a measure of how our sequence compares to a random sequence. Smaller values of V should more closely resemble a random sequence. For example, suppose we have
r_{0} = 10, r_{1} = 46, r_{2} = 95, r_{3} = 107, r_{4} = 60, r_{5} = 15, for which we compute V=4.835. To interpret this number, we may compute V for all possible sequences {X_{n}} of zeroes and ones of length 5r and ask what percentage p of the sequences have a lower value of V. Of course, implementing this would be rather tedious, but there is a general theory, which will not be described here, that comes to our rescue and enables us to compute an approximate percentage p in a relatively simple way. In our example, we find that we obtain a lower value of V in approximately p = 56% of the other sequences. Knuth suggests that our sequence fails the test when p < 1% or p > 99% and that we view it with suspicion when either p < 10% or p > 90%. The thought is that if p is too high, then it differs too much from a random sequence to be considered random. If p is too low, it too closely matches the statistics of a random sequence and should therefore be rejected since its characteristics are too similar to those of a random sequence. Knuth also suggests running the test three different times on different sequences produced by the generator we are testing. If any test gives a suspicious result, we should not view the generator as producing sufficiently random results. In the same way, we may wish to repeat the test many times and determine how closely the percentages p match the uniform distribution; that is, we expect p to be between 0% and 10% about 10% of the time, between 10% and 20% about 10% of the time and so forth. There is a widely accepted collection of such tests, known as the Diehard tests, that may be performed in a similar way. We list here a few of them. To qualify as a useful random number generator, a method needs to pass all of these tests, and passing one test is no guarantee that it will pass another.
The spectral testThe tests we've examined so far may be applied to any random number generator and work by examining sequences output by the generator. The spectral test is specifically designed for linear congruential generators and works by studying the output of the generator over the entire period. We first construct the set of all points (x, f (x)) where f is the function defining the generator. For example, if m = 8505, , and c = 64, we have
Notice that all the points lie on a finite family of equidistant parallel lines.
In fact, if you look carefully, you will notice that there are many such families of parallel lines containing all the points. This is to be expected since the function f (x) is a linear function. For each family of lines, we may consider the distance between the lines and define d to be the maximum of these distances over all the families of lines. The accuracy of the linear congruential generator is defined to be 1/d. The accuracy is greater for the generator on the left (which also has a higher potency) since the maximum distance between families of parallel lines is smaller than for the example on the right.
To get a feel for why the accuracy should reflect the quality of the random number generator, let's look at the plot of one-twentieth of the points in a period.
Remember that all the points will lie on families of lines. When the accuracy is large, the families of lines are all tightly packed together. When one family of lines is relatively far apart, there is less flexibility for where the points will appear, which makes the sequence appear less random. The spectral test may be applied in other dimensions as well. For instance, in dimension three, we form the collection of points {(x, f (x), f (f (x))} and notice that these points lie on families of planes. The accuracy is then the reciprocal of the maximum distance between the planes. There is an efficient algorithm for computing the accuracy in low dimensions. Indeed, the spectral test is the best available for linear congruential generators: all generators that are known to be good pass the spectral test while all generators known to be bad fail it. ConclusionsAs we've seen, it can be hard to generate a sequence of random numbers and hard to determine exactly how random the sequence is. It is also surprising that one of the most popular means for generating random numbers is given by such a simple linear function. In 1997, Makoto Matsumoto and Takuji Nishimura found a new random number generator, which they named the Mersenne Twister, with the phenomenally large period 2^{19937} - 1. Though it is not safe to use in cryptographical applications, it generates random numbers very efficiently and is now in wide use. References
David Austin
Those who can access JSTOR can find some of the papers mentioned above there. For those with access, the American Mathematical Society's MathSciNet can be used to get additional bibliographic information and reviews of some these materials. Some of the items above can be accessed via the ACM Portal , which also provides bibliographic services. |
Welcome to the These web essays are designed for those who have already discovered the joys of mathematics as well as for those who may be uncomfortable with mathematics. Search Feature Column Feature Column at a glance |