There are so many different random number generators (RNG's), and so many claims made for them, that many people have tried to expose the mysteries -- including me!

These are various surveys of **pseudo(!)-**random number
generator schemes from various different points of view.

- 1983
- Ripley gives us an early discussion of RNG designs and testing; no particular RNG is proposed. Included are approaches for producing random deviates in various distribution.

- 1989
- Lewis and Orav present a full chapter on RNG's in their simulation text. They survey various RNG designs and promote graphic testing of the distributions in the resulting designs.
- L'Ecuyer presents what is apparently another version of L'Ecuyer 1990. This is a survey of the various types of RNG, and no particular implementation is promoted.

- 1990
- L'Ecuyer discusses generators for simulation use. Very like L'Ecuyer 1989. Again, this is a survey of the various types of RNG, and no particular implementation is promoted.
- James discusses generators for Monte Carlo use. This is another survey of RNG type, this time with some examples of famous LCG multipliers. Several examples of famous current designs are given in FORTRAN, but not tested here.
- Lagarias discusses generators with respect to number theory and cryptography. Very theoretical, but touches on one-way functions, unpredictability, and computational complexity issues.

- 1991
- Zeng, Yang, Wei and Rao discuss bit generators for stream-cipher cryptography. Again, a survey of different types of RNG, but here including approaches intended to make the RNG difficult to analyze from its sequence.
- Ritter I survey RNG's for use in cryptography, with extensive references.

Ripley, B. 1983. Computer Generation of Random Variables: A Tutorial.International Statistical Review.51: 301-319.

"**Summary.** Users of small and personal computers do not
have access to the libraries of generators of random variables
provided by experts which have been common on large computer
installations. This tutorial provides the background needed by
user-programmers to replace the often inadequate pseudorandom
number generators supplied with small computers, and to program
simple yet efficient methods to generate samples from exponential,
normal, gamma, Poisson, ..., distributions for use in simulation
studies."

- Rationale
- Pseudorandom numbers
- Testing pseudorandom-number generators
- Continuous distributions
- Inversion
- Transformations
- Acceptance-rejection
- Ratio methods
- Composition

- Conclusions

Lewis, P. and E. Orav. 1989.Simulation Methodology for Statisticians, Operations Analysts, and Engineers.Wadsworth and Brooks: Pacific Grove, CA.

In Chapter 4 they introduce the use of "scatter plots" to examine generators.

Chapter 5. Uniform Pseudo-Random Variable Generation.

- Introduction: Properties of Pseudo-Random Variables
- A uniform marginal distribution
- Independence of the uniform variate
- Repeatability and portability
- Computational speed

- Historical Perspectives
- Current Algorithms
- Congruential Generators
- Shift-Register Generators
- Fibonacci Generators
- Combinations of Generators (Shuffling)
- Generators in Packages

- Recommendations for Generators
- Computational Considerations
- The Testing of Pseudo-Random Number Generators
- Conclusions on Generating and Testing Pseudo-Random
Number Generators
- "Testing is
*unnecessary*in the sense that very good pseudo-random number generators are available." - "Testing is
*necessary*in the sense that bad pseudo-random number generators exist on many computer systems and are commonly used." - "It is preferable to substitute a good pseudo-random number generator with documented properties for a pseudo-random number generator you known nothing about. And even if you follow [this rule], it is wise to use some of the graphical testing methods given in this book to make sure that the implementation is correct."

- "Testing is

L'Ecuyer, P. 1989. A Tutorial on Uniform Variate Generation.Proceedings of the 1989 Winter Simulation Conference.40-49.

"**ABSTRACT.** In typical stochastic simulations, randomness
is produced by generating a sequence of independent uniform variates
(usually real-valued between 0 and 1, or integer-valued in some
interval) and transforming them in the appropriate way. In this
tutorial, we examine practical ways of generating such variates
on a computer."

[This paper is very similar to the 1990 version in
*Communications of the ACM,* Please refer to
that review.]

L'Ecuyer, P. 1990. Random Numbers for Simulation.Communications of the ACM.33(1): 85-97.

"On the mind of the average computer user, the problem of generating uniform variates by computer has been solved long ago. After all, every computer system offers one or more function(s) to do so." "These functions supposedly return numbers that could be used, for all practical purposes, as if they were the values taken by independent random variables, with a uniform distribution between 0 and 1."

"We focus mainly on efficient and recently proposed techniques
for generating *uniform pseudorandom numbers.*" "Here,
'uniform pseudorandom' means that the numbers behave from the
outside as if they were the values of i.i.d. [individually
independently distributed] random variables, uniformly distributed
over some finite set of symbols. This set of symbols is often a
set of integers of the form {0, ..., *m* - 1} and the symbols
are usually transformed by some function into values between 0 and
1, to approximate the *U*(0,1) distribution."

- Views of Randomness
- Classical Definitions
- A Framework for PRNGs
- PT-perfect generators

- Matrix Linear Congruential Recurrences
- Prime Modulus
- Composite Modulus
- Jumping Ahead, Splitting, and Vectorization
- Implementations
- Multiple Recursive Generators
- Lattice Structure and Spectral Test
- Tausworthe, GFSR, Lagged-Fibonacci
- Other Variants

- Non-Linear Generators
- A Class of Generators by Inversion

- Combined Generators
- Transforming into
*U*(0,1) Variates - Statistical Testing
- Discrepancy

James, F. 1990. A review of pseudorandom number generators.Computer Physics Communications.60: 329-344. North-Holland.

"This is a brief review of the current situation concerning practical pseudorandom number generation for Monte Carlo calculations. The conclusion is that pseudorandom number generators with the required properties are now available, but the generators actually used are often not good enough. Portable Fortran code is given for three different pseudorandom number generators, all of which have much better properties than any of the traditional generators commonly supplied in most program libraries."

- General considerations
- The motivation and scope of this paper
- The three types of generators
- Truly random numbers . . . must be produced by a random physical process."
- "Pseudorandom numbers . . . are supposed to appear random to someone who doesn't know the algorithm."
- "Quasirandom numbers . . . are not designed to appear to be random, but rather to be distributed as uniformly as possible, in order to reduce the errors in Monte Carlo integration."

- Desirable properties of a random number generator
- Good distribution.
- Long period.
- Repeatability.
- Long disjoint subsequences.
- Portability.
- Efficiency.

- Manufacturer-supplied generators

- Pseudorandom numbers
- Testing good distributions
- Pseudorandom generation methods
- MLCG [multiplicative linear congruential generator]
- Fibonacci
- Shift register or tausworthe

- Improving simple generators

- Acceptable pseudorandom generators
- The McGill generator super-duper [Marsaglia]
- RANECU: the algorithm of l'Ecuyer
- RANMAR: the algorithm of Marsaglia, Zaman and Tsang
- ACARRY: the algorithm of Marsaglia and Zaman

- Conclusions

Lagarias, J. 1990. Pseudorandom Number Generators in Cryptography and Number Theory.Proceedings of Symposia in Advanced Mathematics.42: 115-143.

"**Abstract.** This paper describes the close relations
that exist between pseudorandom number generators, one-way functions,
and private key cryptosystems. It presents a taxonomy of
pseudorandom number generators based on number-theoretic
constructions and summarizes results on the cryptanalysis of
such generators."

- Introduction
- A Taxonomy of Number-theoretic Generators
- Multiplicative Congruential Generator
- 1/P Generator
- Power Generator
- Discrete Exponential Generator
- Kneading Map
- Shift-Register Sequences
- Cellular Automata
- Hashing
- Composition

- What is a Pseudorandom Number Generator?
- Unpredictability and Pseudorandomness
- Pseudorandom Bit Generators and One-way Functions
- Pseudorandom Bit Generators and Private-key Cryptosystems
- Secure Number-theoretic Pseudorandom Bit Generators
- RSA bit generator.
- Modified Rabin bit generator.
- Discrete exponential bit generator.

- Cryptanalysis Problems

Zeng, K., C. Yang, D. Wei and T. Rao. 1991. Pseudorandom Bit Generators in Stream-Cipher Cryptography.IEEE Computer.February. 8-17.

"The central problem in stream-cipher cryptography . . . is the difficulty of generating a long unpredictable sequence of binary signals from a short and random key."

"The problem is this: On which basis can one draw the conclusion that the output signals of a certain given keystream generator are hard to predict? No universally applicable and practically checkable criteria have been developed to certify the security of bit generators. For that matter, no general theory of cryptanalysis is known to exist except for an ever-expanding arsenal of concrete attack methods elaborated for various practical purposes."

"Many of the publicly proposed keystream generators. We remind the reader that cracking keystream generators amounts to the same thing as conducting known-plaintext attacks on stream ciphers. Secure communication should resist such attacks."

- Background
- The one-time pad.
- Secure pseudorandom bit generators.

- Building Blocks
- Linear congruence generators (LCGs).
- Feedback shift registers (FSRs).
- Nonlinear feedback shift registers.
- Linear feedback shift registers.
- The linear complexity issue.

- Attacking Keystream Generators
- The Siegenthaler correlation attack.
- The linear consistency attack.
- The linear syndrome attack.

- Some design techniques
- Nonlinear feed-forward transformation.
- Step control.
- Multiclock systems.

Ritter, T. 1991. The Efficient Generation of Cryptographic Confusion Sequences.Cryptologia.15(2): 81-139.

"ABSTRACT: A survey of pseudo-random sequence or random number generators (RNG's) for cryptographic applications, with extensive reference to the literature, and seemingly unresolved issues discussed throughout."

- Introduction
- Background
- Basics and Terminology
- Randomness
- Randomness and Data Compression
- Reasoning about Randomness
- Godel and Ciphers?
- Characteristics of Computer-Based RNG's
- Number of Sequences
- Cycles
- Some Potential Attacks
- Inference Resistance by Exposure Class
- Information and Penetration
- Inference versus Prediction
- Cryptographic RNG Requirements

- RNG Techniques
- Chaos
- Cebysev Mixing
- Cellular Automata
*x*^{2}mod*N*- Linear Congruential
- Linear Feedback Shift Register
- Non-Linear Shift Register
- Clock-Controlled Shift Registers
- Generalized Feedback Shift Register
- Additive RNG

- Randomizers and Isolators
- One-Way Functions
- Checksum Algorithms
- CRC's
- Randomizers
- Isolation Techniques

- Other Randomness Techniques
- "Really Random" Values
- Cycle Detection
- Polynomial Degree
- Sequence Customization and Number of Terms
- Finding Primitive Mod 2 Polynomials
- Combined RNG's
- Random Permutations

- RNG Exhaustive State Experiments
- Exhaustive State Analysis
- Results
- Discussion

- Summary
- Comments

*Last updated:* 1996-06-26